Detect active security threats
mid-engagement-ir-detectionskillsetup L3★1,791
elementalsouls/Claude-BugHunter ↗What it does
Detect SOC patches and attacker activity during active red-team testing
Best for
When running active testing against monitored targets and needing to separate your activity from external attacker activity.
Inputs
- · baseline request/response timing
- · error rates
- · header/cookie changes
Outputs
- · state change detection report
- · SOC patch evidence
- · external attacker correlation
Requires
- · Burp Suite
- · network monitoring
- · Splunk/ELK (optional)
Preconditions
Authorized engagement; monitoring enabled; baseline established before testing starts
Failure modes
- · Pre-existing lockouts can't distinguish from your spray (use as attacker-detection signal)
- · false positives on cache/CDN changes
- · timing shifts may be non-security related (infrastructure)
Trust signals
- · Authorized red-team source
- · real-world attacker correlation example
- · AADSTS50053 pre-existing lockout detection gate