Agentic Detection Lookups

Name: Agentic Detection Lookups
Author: detection-forge

detection-forge/agentic-detection-lookups

Give detection-engineering agents fast LOLBAS, GTFOBins, and parent-child process context while writing or tuning detections.

Overview

agentic-detection-lookups is a Ship-phase MCP server that supplies LOLBAS, GTFOBins, and process parent-child lookups for AI-assisted detection engineering.

What is this MCP server?

LOLBAS lookups for Windows living-off-the-land binaries
GTFOBins lookups for Unix privilege-escalation binaries
Process parent-child relationship lookups for detection logic
Purpose-built for agentic detection engineering workflows
MCP server v0.1.0 from detection-forge repository
Server version 0.1.0
Three lookup domains: LOLBAS, GTFOBins, parent-child processes
Repository source: github.com/detection-forge/agentic-detection-lookups

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Writing accurate detections means constantly cross-checking LOLB and GTFOBins tables and process trees by hand while your agent guesses without authoritative lookups.

Who is it for?

Builders or analysts authoring or reviewing detections who want MCP-grounded LOLB/GTFOBins context inside Claude Code or Cursor.

Skip if: Teams needing full EDR telemetry ingestion, automated red-team exploits, or non-security application development.

What do I get? / Deliverables

Your agent can cite grounded living-off-the-land and privilege-escalation references and parent-child patterns while you draft or refine detection rules.

Agent-queryable LOLBAS reference answers
Agent-queryable GTFOBins reference answers
Parent-child process context for detection prompts

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.2 stars

1passwordCakeRepository/1Password-MCP

MCP server for 1Password service accounts — tools and resources for vaults and credentials16 stars

402sentinel Mcpkaditang/402sentinel-mcp

Assess an x402 counterparty's risk BEFORE paying: allow/review/block, scored on-chain (Base).1 stars

A2a Governance Bridge Mcp

A2A Governance Bridge MCP server. Tools: verify agent compliance, authorize a2a transaction, get tru

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

Remote MCP for A2A dependency inspector MCP, structured receipts, audit logs, and reviewer-ready evi

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

Remote MCP for A2A caller identity, scope policy, verdict receipts, and audit history.

Journey fit

Primary fit

Lookup corpora matter when you harden detections before and after release—squarely in Ship security work. Security subphase fits threat-detection research tools rather than generic backend CRUD integrations.

How it compares

Detection reference MCP lookups, not a SIEM connector or generic OWASP checklist skill.

Common Questions / FAQ

Who is agentic-detection-lookups for?

Detection engineers and solo builders writing security rules who want agents to pull LOLBAS, GTFOBins, and process-tree facts instead of hallucinating binary abuse paths.

When should I use agentic-detection-lookups?

Use it during Ship security reviews, purple-team rule drafting, or alert tuning when you need authoritative LOLB and Unix privesc reference data in the agent loop.

How do I add agentic-detection-lookups to my agent?

Install or run the detection-forge MCP server from its GitHub repository, register it in your agent’s MCP server list per that repo’s setup notes, and invoke lookup tools while authoring detections.

What is this MCP server?

LOLBAS lookups for Windows living-off-the-land binaries

GTFOBins lookups for Unix privilege-escalation binaries

Process parent-child relationship lookups for detection logic

Purpose-built for agentic detection engineering workflows

MCP server v0.1.0 from detection-forge repository

Server version 0.1.0

Three lookup domains: LOLBAS, GTFOBins, parent-child processes

Repository source: github.com/detection-forge/agentic-detection-lookups

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is agentic-detection-lookups for?

When should I use agentic-detection-lookups?

How do I add agentic-detection-lookups to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is agentic-detection-lookups for?

When should I use agentic-detection-lookups?

How do I add agentic-detection-lookups to my agent?