diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 2917f3d9..6211c3b7 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -5,7 +5,7 @@ "email": "mukul975@users.noreply.github.com" }, "metadata": { - "description": "607+ cybersecurity skills for AI agents and security practitioners covering web security, pentesting, forensics, threat intelligence, cloud security, and more.", + "description": "753 cybersecurity skills for AI agents and security practitioners covering web security, pentesting, forensics, threat intelligence, cloud security, and more.", "version": "1.0.0" }, "plugins": [ diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json index ce100018..ff4afc13 100644 --- a/.claude-plugin/plugin.json +++ b/.claude-plugin/plugin.json @@ -1,5 +1,5 @@ { "name": "cybersecurity-skills", - "description": "607+ cybersecurity skills covering web security, pentesting, DFIR, threat intelligence, cloud security, malware analysis, and more.", + "description": "753 cybersecurity skills covering web security, pentesting, DFIR, threat intelligence, cloud security, malware analysis, and more.", "version": "1.0.0" } diff --git a/.github/workflows/update-index.yml b/.github/workflows/update-index.yml index 28d96398..31c0bc69 100644 --- a/.github/workflows/update-index.yml +++ b/.github/workflows/update-index.yml @@ -19,68 +19,34 @@ jobs: - name: Regenerate index.json run: | python3 << 'EOF' - import os, json, re + import os, json from datetime import datetime, timezone - from collections import Counter skills_dir = "skills" skills = [] - subdomain_counts = Counter() - tag_counter = Counter() for skill_name in sorted(os.listdir(skills_dir)): skill_md = os.path.join(skills_dir, skill_name, "SKILL.md") if not os.path.isfile(skill_md): continue - with open(skill_md, "r", encoding="utf-8") as f: - content = f.read() - fm_match = re.match(r"^---\n(.*?)\n---", content, re.DOTALL) - if not fm_match: - continue - fm = fm_match.group(1) - def get_field(field, text): - m = re.search(rf"^{field}:\s*(.+)$", text, re.MULTILINE) - return m.group(1).strip().strip('"') if m else "" - def get_tags(text): - m = re.search(r"^tags:\s*\[(.+)\]", text, re.MULTILINE) - return [t.strip() for t in m.group(1).split(",")] if m else [] - - tags = get_tags(fm) - subdomain = get_field("subdomain", fm) - subdomain_counts[subdomain] += 1 - for t in tags: - tag_counter[t] += 1 - skills.append({ - "name": get_field("name", fm), - "description": get_field("description", fm), - "domain": "cybersecurity", - "subdomain": subdomain, - "tags": tags, - "version": get_field("version", fm) or "1.0", - "author": "mukul975", - "license": "Apache-2.0", + "name": skill_name, "path": f"skills/{skill_name}" }) - top_tags = sorted(tag_counter.items(), key=lambda x: -x[1])[:20] index = { "version": "1.0.0", "generated_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"), "repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills", + "domain": "cybersecurity", "total_skills": len(skills), - "total_domains": 1, - "total_subdomains": len(subdomain_counts), - "domain_stats": {"cybersecurity": len(skills)}, - "subdomain_stats": dict(subdomain_counts), - "top_tags": [{"tag": t, "count": c} for t, c in top_tags], "skills": skills } with open("index.json", "w", encoding="utf-8") as f: - json.dump(index, f, indent=2) + json.dump(index, f, separators=(',', ':')) - print(f"Updated index.json: {len(skills)} skills, {len(subdomain_counts)} subdomains") + print(f"Updated index.json: {len(skills)} skills") EOF - name: Commit updated index diff --git a/index.json b/index.json index 2bb3e5b9..846f7c42 100644 --- a/index.json +++ b/index.json @@ -1,14031 +1 @@ -{ - "version": "1.0.0", - "generated_at": "2026-03-19T18:14:36Z", - "repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills", - "total_skills": 753, - "total_domains": 1, - "total_subdomains": 46, - "domain_stats": { - "cybersecurity": 753 - }, - "subdomain_stats": { - "digital-forensics": 37, - "identity-security": 2, - "malware-analysis": 39, - "security-operations": 28, - "threat-intelligence": 50, - "cloud-security": 61, - "soc-operations": 33, - "blockchain-security": 1, - "mobile-security": 13, - "container-security": 29, - "log-analysis": 1, - "phishing-defense": 15, - "network-security": 43, - "incident-response": 25, - "threat-hunting": 56, - "ransomware-defense": 13, - "supply-chain-security": 3, - "firmware-security": 1, - "red-teaming": 24, - "devsecops": 17, - "identity-access-management": 33, - "vulnerability-management": 25, - "web-application-security": 42, - "penetration-testing": 20, - "zero-trust-architecture": 17, - "cryptography": 15, - "endpoint-security": 17, - "deception-technology": 3, - "ai-security": 2, - "ot-ics-security": 28, - "api-security": 28, - "wireless-security": 2, - "threat-detection": 7, - "social-engineering-defense": 1, - "offensive-security": 2, - "data-protection": 1, - "application-security": 4, - "compliance-governance": 4, - "privacy-compliance": 2, - "identity-and-access-management": 2, - "zero-trust": 1, - "ot-security": 1, - "red-team": 2, - "firmware-analysis": 1, - "purple-team": 1, - "governance-risk-compliance": 1 - }, - "top_tags": [ - { - "tag": "threat-hunting", - "count": 64 - }, - { - "tag": "mitre-attack", - "count": 61 - }, - { - "tag": "penetration-testing", - "count": 44 - }, - { - "tag": "threat-intelligence", - "count": 42 - }, - { - "tag": "cloud-security", - "count": 40 - }, - { - "tag": "network-security", - "count": 38 - }, - { - "tag": "incident-response", - "count": 37 - }, - { - "tag": "owasp", - "count": 37 - }, - { - "tag": "forensics", - "count": 35 - }, - { - "tag": "soc", - "count": 33 - }, - { - "tag": "web-security", - "count": 30 - }, - { - "tag": "zero-trust", - "count": 29 - }, - { - "tag": "api-security", - "count": 29 - }, - { - "tag": "ot-security", - "count": 28 - }, - { - "tag": "ics", - "count": 28 - }, - { - "tag": "red-team", - "count": 25 - }, - { - "tag": "phishing", - "count": 24 - }, - { - "tag": "proactive-detection", - "count": 24 - }, - { - "tag": "active-directory", - "count": 23 - }, - { - "tag": "privilege-escalation", - "count": 23 - } - ], - "skills": [ - { - "name": "acquiring-disk-image-with-dd-and-dcfldd", - "description": "Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "disk-imaging", - "evidence-acquisition", - "dd", - "dcfldd", - "hash-verification" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/acquiring-disk-image-with-dd-and-dcfldd" - }, - { - "name": "analyzing-active-directory-acl-abuse", - "description": "Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths", - "domain": "cybersecurity", - "subdomain": "identity-security", - "tags": [ - "active-directory", - "acl-abuse", - "ldap", - "privilege-escalation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-active-directory-acl-abuse" - }, - { - "name": "analyzing-android-malware-with-apktool", - "description": "Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "Android", - "APK", - "apktool", - "jadx", - "androguard", - "mobile-malware", - "static-analysis", - "reverse-engineering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-android-malware-with-apktool" - }, - { - "name": "analyzing-api-gateway-access-logs", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "analyzing", - "api", - "gateway", - "access" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-api-gateway-access-logs" - }, - { - "name": "analyzing-apt-group-with-mitre-navigator", - "description": "Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "mitre-attack", - "navigator", - "apt", - "threat-actor", - "ttp-analysis", - "heatmap", - "detection-gap", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-apt-group-with-mitre-navigator" - }, - { - "name": "analyzing-azure-activity-logs-for-threats", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "analyzing", - "azure", - "activity", - "logs" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-azure-activity-logs-for-threats" - }, - { - "name": "analyzing-bootkit-and-rootkit-samples", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "bootkit", - "rootkit", - "UEFI", - "MBR-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-bootkit-and-rootkit-samples" - }, - { - "name": "analyzing-browser-forensics-with-hindsight", - "description": "Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "browser-forensics", - "hindsight", - "chrome-forensics", - "chromium", - "edge", - "browsing-history", - "cookies", - "downloads", - "cache", - "web-artifacts" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-browser-forensics-with-hindsight" - }, - { - "name": "analyzing-campaign-attribution-evidence", - "description": "Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "attribution", - "campaign-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-campaign-attribution-evidence" - }, - { - "name": "analyzing-certificate-transparency-for-phishing", - "description": "Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "certificate-transparency", - "ct-logs", - "phishing", - "crt-sh", - "certstream", - "ssl", - "domain-monitoring", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-certificate-transparency-for-phishing" - }, - { - "name": "analyzing-cloud-storage-access-patterns", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "analyzing", - "cloud", - "storage", - "access" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-cloud-storage-access-patterns" - }, - { - "name": "analyzing-cobalt-strike-beacon-configuration", - "description": "Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure, malleable profiles, and operator tradecraft.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "cobalt-strike", - "beacon", - "c2", - "malware-analysis", - "config-extraction", - "threat-hunting", - "red-team-tools" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-cobalt-strike-beacon-configuration" - }, - { - "name": "analyzing-cobaltstrike-malleable-c2-profiles", - "description": "Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract C2 indicators, detect evasion techniques, and generate network detection signatures.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "cobalt-strike", - "malleable-c2", - "c2-detection", - "beacon-analysis", - "network-signatures", - "threat-hunting", - "red-team-tools" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-cobaltstrike-malleable-c2-profiles" - }, - { - "name": "analyzing-command-and-control-communication", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "C2", - "command-and-control", - "beacon", - "protocol-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-command-and-control-communication" - }, - { - "name": "analyzing-cyber-kill-chain", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "kill-chain", - "Lockheed-Martin", - "MITRE-ATT&CK", - "intrusion-analysis", - "defense-in-depth", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-cyber-kill-chain" - }, - { - "name": "analyzing-disk-image-with-autopsy", - "description": "Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and build investigation timelines.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "autopsy", - "disk-analysis", - "sleuth-kit", - "file-recovery", - "artifact-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-disk-image-with-autopsy" - }, - { - "name": "analyzing-dns-logs-for-exfiltration", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "dns", - "exfiltration", - "dns-tunneling", - "dga", - "c2-detection", - "splunk", - "threat-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-dns-logs-for-exfiltration" - }, - { - "name": "analyzing-docker-container-forensics", - "description": "Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity and evidence.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "docker", - "container-forensics", - "container-security", - "image-analysis", - "runtime-investigation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-docker-container-forensics" - }, - { - "name": "analyzing-email-headers-for-phishing-investigation", - "description": "Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify spoofing through SPF, DKIM, and DMARC validation.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "email-analysis", - "phishing", - "spf", - "dkim", - "dmarc", - "header-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-email-headers-for-phishing-investigation" - }, - { - "name": "analyzing-ethereum-smart-contract-vulnerabilities", - "description": "Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.", - "domain": "cybersecurity", - "subdomain": "blockchain-security", - "tags": [ - "ethereum", - "solidity", - "smart-contract", - "slither", - "mythril", - "blockchain", - "defi", - "audit" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-ethereum-smart-contract-vulnerabilities" - }, - { - "name": "analyzing-golang-malware-with-ghidra", - "description": "Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "golang", - "ghidra", - "reverse-engineering", - "malware-analysis", - "binary-analysis", - "go-malware", - "disassembly" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-golang-malware-with-ghidra" - }, - { - "name": "analyzing-heap-spray-exploitation", - "description": "Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware-analysis", - "memory-forensics", - "heap-spray", - "volatility3", - "exploit-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-heap-spray-exploitation" - }, - { - "name": "analyzing-indicators-of-compromise", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "IOC", - "VirusTotal", - "AbuseIPDB", - "MalwareBazaar", - "MISP", - "threat-intelligence", - "STIX", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-indicators-of-compromise" - }, - { - "name": "analyzing-ios-app-security-with-objection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "ios", - "objection", - "frida", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-ios-app-security-with-objection" - }, - { - "name": "analyzing-kubernetes-audit-logs", - "description": ">", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "analyzing", - "kubernetes", - "audit", - "logs" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-kubernetes-audit-logs" - }, - { - "name": "analyzing-linux-audit-logs-for-intrusion", - "description": ">", - "domain": "cybersecurity", - "subdomain": "log-analysis", - "tags": [ - "auditd", - "linux-forensics", - "syscall-monitoring", - "intrusion-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-linux-audit-logs-for-intrusion" - }, - { - "name": "analyzing-linux-elf-malware", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "Linux", - "ELF", - "reverse-engineering", - "server-malware" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-linux-elf-malware" - }, - { - "name": "analyzing-linux-kernel-rootkits", - "description": "Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules), rkhunter system scanning, and /proc vs /sys discrepancy analysis to identify hooked syscalls, hidden kernel modules, and tampered system structures.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "rootkit", - "linux", - "kernel", - "volatility3", - "memory-forensics", - "malware-analysis", - "rkhunter", - "forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-linux-kernel-rootkits" - }, - { - "name": "analyzing-linux-system-artifacts", - "description": "Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "linux-forensics", - "system-artifacts", - "log-analysis", - "persistence-detection", - "incident-investigation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-linux-system-artifacts" - }, - { - "name": "analyzing-lnk-file-and-jump-list-artifacts", - "description": "Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "lnk-files", - "jump-lists", - "lecmd", - "jlecmd", - "windows-forensics", - "shell-link", - "user-activity", - "file-access", - "program-execution", - "recent-files" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-lnk-file-and-jump-list-artifacts" - }, - { - "name": "analyzing-macro-malware-in-office-documents", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "macro", - "Office", - "VBA", - "document-malware" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-macro-malware-in-office-documents" - }, - { - "name": "analyzing-malicious-pdf-with-peepdf", - "description": "Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware-analysis", - "pdf", - "peepdf", - "pdfid", - "pdf-parser", - "static-analysis", - "reverse-engineering", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-malicious-pdf-with-peepdf" - }, - { - "name": "analyzing-malicious-url-with-urlscan", - "description": "URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "url-analysis", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-malicious-url-with-urlscan" - }, - { - "name": "analyzing-malware-behavior-with-cuckoo-sandbox", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "dynamic-analysis", - "sandbox", - "Cuckoo", - "behavioral-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-malware-behavior-with-cuckoo-sandbox" - }, - { - "name": "analyzing-malware-family-relationships-with-malpedia", - "description": "Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "malpedia", - "malware-family", - "yara", - "threat-actor", - "malware-tracking", - "threat-intelligence", - "variant-analysis", - "malware-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-malware-family-relationships-with-malpedia" - }, - { - "name": "analyzing-malware-persistence-with-autoruns", - "description": "Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry keys, scheduled tasks, services, drivers, and startup locations on Windows systems.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "autoruns", - "persistence", - "malware-analysis", - "sysinternals", - "windows", - "registry", - "startup", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-malware-persistence-with-autoruns" - }, - { - "name": "analyzing-malware-sandbox-evasion-techniques", - "description": "Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-malware-sandbox-evasion-techniques" - }, - { - "name": "analyzing-memory-dumps-with-volatility", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "memory-forensics", - "Volatility", - "RAM-analysis", - "incident-response" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-memory-dumps-with-volatility" - }, - { - "name": "analyzing-memory-forensics-with-lime-and-volatility", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "analyzing", - "memory", - "forensics", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-memory-forensics-with-lime-and-volatility" - }, - { - "name": "analyzing-mft-for-deleted-file-recovery", - "description": "Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record entries, $LogFile, $UsnJrnl, and MFT slack space using MFTECmd, analyzeMFT, and X-Ways Forensics.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "mft", - "ntfs", - "deleted-files", - "file-recovery", - "mftecmd", - "usn-journal", - "logfile", - "mft-slack-space", - "file-system-forensics", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-mft-for-deleted-file-recovery" - }, - { - "name": "analyzing-network-covert-channels-in-malware", - "description": "Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration, steganographic HTTP, and protocol abuse for C2 and data exfiltration.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "covert-channels", - "dns-tunneling", - "icmp-exfiltration", - "malware-analysis", - "network-forensics", - "c2-detection", - "data-exfiltration" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-network-covert-channels-in-malware" - }, - { - "name": "analyzing-network-flow-data-with-netflow", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "analyzing", - "network", - "flow", - "data" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-network-flow-data-with-netflow" - }, - { - "name": "analyzing-network-packets-with-scapy", - "description": "Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-network-packets-with-scapy" - }, - { - "name": "analyzing-network-traffic-for-incidents", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "network-forensics", - "PCAP-analysis", - "Wireshark", - "Zeek", - "traffic-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-network-traffic-for-incidents" - }, - { - "name": "analyzing-network-traffic-of-malware", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "network-analysis", - "PCAP", - "Wireshark", - "C2-detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-network-traffic-of-malware" - }, - { - "name": "analyzing-network-traffic-with-wireshark", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "wireshark", - "packet-analysis", - "traffic-analysis", - "pcap" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-network-traffic-with-wireshark" - }, - { - "name": "analyzing-office365-audit-logs-for-compromise", - "description": "Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation, suspicious OAuth app grants, and other indicators of account compromise.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "Office365", - "Microsoft-Graph", - "audit-logs", - "email-compromise", - "inbox-rules", - "OAuth", - "BEC" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-office365-audit-logs-for-compromise" - }, - { - "name": "analyzing-outlook-pst-for-email-forensics", - "description": "Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments, deleted items, and metadata using libpff, pst-utils, and forensic email analysis tools for legal investigations and incident response.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "email-forensics", - "pst", - "ost", - "outlook", - "mapi", - "email-headers", - "attachments", - "deleted-emails", - "libpff", - "eml-extraction" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-outlook-pst-for-email-forensics" - }, - { - "name": "analyzing-packed-malware-with-upx-unpacker", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "unpacking", - "UPX", - "packing", - "static-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-packed-malware-with-upx-unpacker" - }, - { - "name": "analyzing-pdf-malware-with-pdfid", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "PDF-analysis", - "document-malware", - "PDFiD", - "static-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-pdf-malware-with-pdfid" - }, - { - "name": "analyzing-persistence-mechanisms-in-linux", - "description": "Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD hijacking, bashrc modifications, and authorized_keys backdoors using auditd and file integrity monitoring", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "linux-persistence", - "crontab", - "systemd", - "ld-preload", - "auditd", - "threat-hunting", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-persistence-mechanisms-in-linux" - }, - { - "name": "analyzing-powershell-empire-artifacts", - "description": "Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns, default user agents, staging URL structures, stager IOCs, and known Empire module signatures in Script Block Logging events.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "PowerShell-Empire", - "threat-hunting", - "Script-Block-Logging", - "base64", - "stager", - "C2", - "MITRE-ATT&CK", - "T1059.001", - "forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-powershell-empire-artifacts" - }, - { - "name": "analyzing-powershell-script-block-logging", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "analyzing", - "powershell", - "script", - "block" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-powershell-script-block-logging" - }, - { - "name": "analyzing-prefetch-files-for-execution-history", - "description": "Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "prefetch", - "windows-artifacts", - "execution-history", - "timeline-analysis", - "evidence-collection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-prefetch-files-for-execution-history" - }, - { - "name": "analyzing-ransomware-encryption-mechanisms", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "ransomware", - "encryption", - "cryptanalysis", - "reverse-engineering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-ransomware-encryption-mechanisms" - }, - { - "name": "analyzing-ransomware-leak-site-intelligence", - "description": "Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "ransomware", - "leak-site", - "data-leak", - "extortion", - "threat-intelligence", - "monitoring", - "dls", - "victim-tracking" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-ransomware-leak-site-intelligence" - }, - { - "name": "analyzing-ransomware-network-indicators", - "description": "Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration flows, and encryption key exchange via Zeek conn.log and NetFlow analysis", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "ransomware", - "c2-beaconing", - "zeek", - "netflow", - "tor", - "exfiltration", - "network-forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-ransomware-network-indicators" - }, - { - "name": "analyzing-ransomware-payment-wallets", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "blockchain", - "cryptocurrency", - "forensics", - "threat-intelligence", - "bitcoin" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-ransomware-payment-wallets" - }, - { - "name": "analyzing-sbom-for-supply-chain-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "supply-chain-security", - "tags": [ - "SBOM", - "CycloneDX", - "SPDX", - "NVD", - "CVE", - "supply-chain", - "dependency-analysis", - "syft", - "grype" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-sbom-for-supply-chain-vulnerabilities" - }, - { - "name": "analyzing-security-logs-with-splunk", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "splunk", - "SPL", - "SIEM", - "log-analysis", - "security-monitoring" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-security-logs-with-splunk" - }, - { - "name": "analyzing-slack-space-and-file-system-artifacts", - "description": "Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "slack-space", - "ntfs", - "mft", - "usn-journal", - "alternate-data-streams", - "file-system-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-slack-space-and-file-system-artifacts" - }, - { - "name": "analyzing-supply-chain-malware-artifacts", - "description": "Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "supply-chain", - "malware-analysis", - "trojanized-software", - "solarwinds", - "3cx", - "dependency-confusion", - "software-integrity" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-supply-chain-malware-artifacts" - }, - { - "name": "analyzing-threat-actor-ttps-with-mitre-attack", - "description": "MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "ttp-analysis", - "threat-actors" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-threat-actor-ttps-with-mitre-attack" - }, - { - "name": "analyzing-threat-actor-ttps-with-mitre-navigator", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "mitre-attack", - "navigator", - "threat-intelligence", - "apt", - "ttp-mapping", - "stix", - "attackcti" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-threat-actor-ttps-with-mitre-navigator" - }, - { - "name": "analyzing-threat-intelligence-feeds", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "STIX", - "TAXII", - "MITRE-ATT&CK", - "IOC", - "ThreatConnect", - "Recorded-Future", - "MISP", - "CTI", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-threat-intelligence-feeds" - }, - { - "name": "analyzing-threat-landscape-with-misp", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "analyzing", - "threat", - "landscape", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-threat-landscape-with-misp" - }, - { - "name": "analyzing-tls-certificate-transparency-logs", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "analyzing", - "tls", - "certificate", - "transparency" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-tls-certificate-transparency-logs" - }, - { - "name": "analyzing-typosquatting-domains-with-dnstwist", - "description": "Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "dnstwist", - "typosquatting", - "phishing", - "domain-monitoring", - "brand-protection", - "homograph", - "dns", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-typosquatting-domains-with-dnstwist" - }, - { - "name": "analyzing-uefi-bootkit-persistence", - "description": ">", - "domain": "cybersecurity", - "subdomain": "firmware-security", - "tags": [ - "UEFI", - "bootkit", - "firmware", - "Secure-Boot", - "chipsec", - "ESP", - "persistence" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-uefi-bootkit-persistence" - }, - { - "name": "analyzing-usb-device-connection-history", - "description": "Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable media usage and potential data exfiltration.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "usb-forensics", - "removable-media", - "registry-analysis", - "data-exfiltration", - "device-history" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-usb-device-connection-history" - }, - { - "name": "analyzing-web-server-logs-for-intrusion", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "analyzing", - "web", - "server", - "logs" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-web-server-logs-for-intrusion" - }, - { - "name": "analyzing-windows-amcache-artifacts", - "description": ">", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "amcache", - "windows-forensics", - "registry-analysis", - "execution-artifacts" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-windows-amcache-artifacts" - }, - { - "name": "analyzing-windows-event-logs-in-splunk", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "splunk", - "windows-events", - "sysmon", - "event-logs", - "mitre-attack", - "active-directory" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-windows-event-logs-in-splunk" - }, - { - "name": "analyzing-windows-lnk-files-for-artifacts", - "description": "Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "lnk-files", - "windows-artifacts", - "shortcut-analysis", - "timeline-reconstruction", - "evidence-collection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-windows-lnk-files-for-artifacts" - }, - { - "name": "analyzing-windows-prefetch-with-python", - "description": "Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "digital-forensics", - "windows", - "prefetch", - "execution-history", - "incident-response", - "malware-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-windows-prefetch-with-python" - }, - { - "name": "analyzing-windows-registry-for-artifacts", - "description": "Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and evidence of system compromise.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "windows-registry", - "artifact-analysis", - "regripper", - "registry-explorer", - "evidence-collection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-windows-registry-for-artifacts" - }, - { - "name": "analyzing-windows-shellbag-artifacts", - "description": "Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable media and network shares, and establish user interaction with directories even after deletion using SBECmd and ShellBags Explorer.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "shellbags", - "windows-registry", - "sbecmd", - "shellbags-explorer", - "folder-access", - "user-activity", - "removable-media", - "network-shares", - "bagmru", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/analyzing-windows-shellbag-artifacts" - }, - { - "name": "auditing-aws-s3-bucket-permissions", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "s3", - "bucket-permissions", - "data-protection", - "access-control" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-aws-s3-bucket-permissions" - }, - { - "name": "auditing-azure-active-directory-configuration", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "azure", - "entra-id", - "active-directory", - "iam-audit", - "conditional-access" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-azure-active-directory-configuration" - }, - { - "name": "auditing-cloud-with-cis-benchmarks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cis-benchmarks", - "cloud-audit", - "compliance-assessment", - "prowler", - "security-hardening" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-cloud-with-cis-benchmarks" - }, - { - "name": "auditing-gcp-iam-permissions", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "gcp", - "iam", - "permissions-audit", - "service-accounts", - "policy-analyzer" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-gcp-iam-permissions" - }, - { - "name": "auditing-kubernetes-cluster-rbac", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "kubernetes", - "rbac", - "access-control", - "eks", - "gke", - "aks" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-kubernetes-cluster-rbac" - }, - { - "name": "auditing-terraform-infrastructure-for-security", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "terraform", - "infrastructure-as-code", - "checkov", - "tfsec", - "policy-as-code" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-terraform-infrastructure-for-security" - }, - { - "name": "auditing-tls-certificate-transparency-logs", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "certificate-transparency", - "CT-logs", - "crt-sh", - "subdomain-discovery", - "TLS-monitoring", - "RFC-6962" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/auditing-tls-certificate-transparency-logs" - }, - { - "name": "automating-ioc-enrichment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "SOAR", - "enrichment", - "IOC", - "Cortex-XSOAR", - "Splunk-SOAR", - "VirusTotal", - "automation", - "CTI", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/automating-ioc-enrichment" - }, - { - "name": "building-adversary-infrastructure-tracking-system", - "description": "Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS data, and IP enrichment to map and monitor threat actor command-and-control networks.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "infrastructure-tracking", - "passive-dns", - "c2", - "whois", - "threat-actor", - "pivoting", - "threat-intelligence", - "domain-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-adversary-infrastructure-tracking-system" - }, - { - "name": "building-attack-pattern-library-from-cti-reports", - "description": "Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "attack-pattern", - "cti-reports", - "mitre-attack", - "stix", - "detection-engineering", - "threat-intelligence", - "nlp", - "extraction" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-attack-pattern-library-from-cti-reports" - }, - { - "name": "building-automated-malware-submission-pipeline", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "malware-analysis", - "sandbox", - "automation", - "virustotal", - "cuckoo", - "any-run", - "pipeline" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-automated-malware-submission-pipeline" - }, - { - "name": "building-c2-infrastructure-with-sliver-framework", - "description": "Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "c2-framework", - "sliver", - "command-and-control", - "adversary-simulation", - "infrastructure", - "post-exploitation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-c2-infrastructure-with-sliver-framework" - }, - { - "name": "building-cloud-siem-with-sentinel", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "microsoft-sentinel", - "cloud-siem", - "kql-queries", - "soar-automation", - "threat-detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-cloud-siem-with-sentinel" - }, - { - "name": "building-detection-rule-with-splunk-spl", - "description": "Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify security threats in SOC environments.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "splunk", - "spl", - "detection-engineering", - "correlation-search", - "siem", - "soc", - "threat-detection", - "enterprise-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-detection-rule-with-splunk-spl" - }, - { - "name": "building-detection-rules-with-sigma", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "sigma", - "detection-rules", - "siem", - "mitre-attack", - "splunk", - "elastic", - "sentinel" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-detection-rules-with-sigma" - }, - { - "name": "building-devsecops-pipeline-with-gitlab-ci", - "description": "Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "gitlab-ci", - "devsecops", - "sast", - "dast", - "container-scanning", - "dependency-scanning", - "secret-detection", - "cicd-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-devsecops-pipeline-with-gitlab-ci" - }, - { - "name": "building-identity-federation-with-saml-azure-ad", - "description": "Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID) for seamless cross-domain authentication and SSO to cloud applications.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "saml", - "azure-ad", - "entra-id", - "federation", - "identity", - "sso", - "adfs", - "hybrid-identity" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-identity-federation-with-saml-azure-ad" - }, - { - "name": "building-identity-governance-lifecycle-process", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "identity-governance", - "lifecycle-management", - "JML", - "access-provisioning", - "RBAC", - "IGA" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-identity-governance-lifecycle-process" - }, - { - "name": "building-incident-response-dashboard", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "dashboard", - "incident-response", - "splunk", - "visualization", - "situational-awareness", - "metrics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-incident-response-dashboard" - }, - { - "name": "building-incident-response-playbook", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "IR-playbook", - "runbook", - "NIST-800-61", - "SOAR-integration", - "response-procedures" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-incident-response-playbook" - }, - { - "name": "building-incident-timeline-with-timesketch", - "description": "Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source event data for attack chain reconstruction and investigation documentation.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "timesketch", - "timeline-analysis", - "forensic-timeline", - "plaso", - "dfir", - "incident-investigation", - "collaborative-forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-incident-timeline-with-timesketch" - }, - { - "name": "building-ioc-defanging-and-sharing-pipeline", - "description": "Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "ioc", - "defanging", - "threat-sharing", - "stix", - "pipeline", - "indicator", - "automation", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-ioc-defanging-and-sharing-pipeline" - }, - { - "name": "building-ioc-enrichment-pipeline-with-opencti", - "description": "OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "opencti", - "enrichment", - "virustotal" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-ioc-enrichment-pipeline-with-opencti" - }, - { - "name": "building-malware-incident-communication-template", - "description": "Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-communication", - "malware-response", - "stakeholder-notification", - "crisis-communication", - "executive-briefing", - "regulatory-disclosure" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-malware-incident-communication-template" - }, - { - "name": "building-patch-tuesday-response-process", - "description": "Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "patch-management", - "patch-tuesday", - "microsoft", - "wsus", - "sccm", - "vulnerability-remediation", - "windows-update" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-patch-tuesday-response-process" - }, - { - "name": "building-phishing-reporting-button-workflow", - "description": "Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing-reporting", - "email-security", - "incident-response", - "security-awareness", - "outlook", - "microsoft-365", - "soar" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-phishing-reporting-button-workflow" - }, - { - "name": "building-ransomware-playbook-with-cisa-framework", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "incident-response", - "CISA", - "playbook", - "compliance", - "NIST" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-ransomware-playbook-with-cisa-framework" - }, - { - "name": "building-red-team-c2-infrastructure-with-havoc", - "description": "Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for authorized red team operations.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "havoc-c2", - "command-and-control", - "red-team-infrastructure", - "post-exploitation", - "adversary-emulation", - "demon-agent" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-red-team-c2-infrastructure-with-havoc" - }, - { - "name": "building-role-mining-for-rbac-optimization", - "description": "Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "rbac", - "role-mining", - "identity-governance", - "access-control", - "least-privilege", - "clustering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-role-mining-for-rbac-optimization" - }, - { - "name": "building-soc-escalation-matrix", - "description": "Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "escalation", - "incident-management", - "severity", - "sla", - "triage", - "tiered-soc" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-soc-escalation-matrix" - }, - { - "name": "building-soc-metrics-and-kpi-tracking", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "metrics", - "kpi", - "mttd", - "mttr", - "dashboard", - "reporting", - "continuous-improvement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-soc-metrics-and-kpi-tracking" - }, - { - "name": "building-soc-playbook-for-ransomware", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "ransomware", - "incident-response", - "playbook", - "nist", - "mitre-attack", - "containment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-soc-playbook-for-ransomware" - }, - { - "name": "building-threat-actor-profile-from-osint", - "description": "Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary motivations, capabilities, infrastructure, and TTPs for proactive defense.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "osint", - "threat-actor", - "profiling", - "maltego", - "spiderfoot", - "attribution", - "threat-intelligence", - "reconnaissance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-threat-actor-profile-from-osint" - }, - { - "name": "building-threat-feed-aggregation-with-misp", - "description": "Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "misp", - "threat-feed", - "aggregation", - "indicator", - "sharing", - "correlation", - "siem-integration", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-threat-feed-aggregation-with-misp" - }, - { - "name": "building-threat-hunt-hypothesis-framework", - "description": "Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and environmental data into testable hunting hypotheses.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "methodology", - "hypothesis", - "threat-intelligence", - "hunting-framework", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-threat-hunt-hypothesis-framework" - }, - { - "name": "building-threat-intelligence-enrichment-in-splunk", - "description": "Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular inputs, and the Threat Intelligence Framework.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "splunk", - "threat-intelligence", - "enrichment", - "ioc", - "lookup", - "siem", - "soc", - "enterprise-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-threat-intelligence-enrichment-in-splunk" - }, - { - "name": "building-threat-intelligence-feed-integration", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "threat-intelligence", - "stix", - "taxii", - "misp", - "feeds", - "ioc", - "siem-integration" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-threat-intelligence-feed-integration" - }, - { - "name": "building-threat-intelligence-platform", - "description": "Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "platform-building", - "misp", - "opencti" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-threat-intelligence-platform" - }, - { - "name": "building-vulnerability-aging-and-sla-tracking", - "description": "Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "sla-tracking", - "remediation-metrics", - "aging-report", - "kpi", - "compliance", - "risk-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-vulnerability-aging-and-sla-tracking" - }, - { - "name": "building-vulnerability-dashboard-with-defectdojo", - "description": "Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "defectdojo", - "vulnerability-management", - "dashboard", - "deduplication", - "scanner-integration", - "devsecops", - "jira" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-vulnerability-dashboard-with-defectdojo" - }, - { - "name": "building-vulnerability-exception-tracking-system", - "description": "Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-exception", - "risk-acceptance", - "compensating-controls", - "exception-tracking", - "vulnerability-management", - "governance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-vulnerability-exception-tracking-system" - }, - { - "name": "building-vulnerability-scanning-workflow", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "vulnerability-scanning", - "nessus", - "qualys", - "openvas", - "cvss", - "remediation", - "patch-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/building-vulnerability-scanning-workflow" - }, - { - "name": "bypassing-authentication-with-forced-browsing", - "description": "Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "authentication-bypass", - "forced-browsing", - "ffuf", - "directory-enumeration", - "owasp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/bypassing-authentication-with-forced-browsing" - }, - { - "name": "collecting-indicators-of-compromise", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "IOC-collection", - "threat-indicators", - "STIX-TAXII", - "MISP", - "threat-intelligence-sharing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/collecting-indicators-of-compromise" - }, - { - "name": "collecting-open-source-intelligence", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "OSINT", - "Maltego", - "Shodan", - "Recon-ng", - "SpiderFoot", - "threat-intelligence", - "ATT&CK-T1591", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/collecting-open-source-intelligence" - }, - { - "name": "collecting-threat-intelligence-with-misp", - "description": "MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "misp", - "taxii", - "threat-sharing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/collecting-threat-intelligence-with-misp" - }, - { - "name": "collecting-volatile-evidence-from-compromised-host", - "description": "Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory, network connections, processes, and system state before they are lost.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-response", - "dfir", - "forensics", - "volatile-evidence", - "memory-forensics", - "chain-of-custody" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/collecting-volatile-evidence-from-compromised-host" - }, - { - "name": "conducting-api-security-testing", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "API-security", - "OWASP-API-Top10", - "REST", - "GraphQL", - "authorization-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-api-security-testing" - }, - { - "name": "conducting-cloud-incident-response", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "cloud-IR", - "AWS-forensics", - "Azure-incident-response", - "GCP-security", - "identity-containment" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-cloud-incident-response" - }, - { - "name": "conducting-cloud-penetration-testing", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-pentesting", - "offensive-security", - "aws-exploitation", - "shared-responsibility", - "mitre-attack-cloud" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-cloud-penetration-testing" - }, - { - "name": "conducting-domain-persistence-with-dcsync", - "description": "Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "active-directory", - "dcsync", - "persistence", - "credential-dumping", - "golden-ticket", - "mimikatz" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-domain-persistence-with-dcsync" - }, - { - "name": "conducting-external-reconnaissance-with-osint", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "OSINT", - "reconnaissance", - "attack-surface", - "footprinting", - "passive-recon" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-external-reconnaissance-with-osint" - }, - { - "name": "conducting-full-scope-red-team-engagement", - "description": "Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-emulation", - "mitre-attack", - "penetration-testing", - "offensive-security", - "purple-team", - "ttp-mapping" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-full-scope-red-team-engagement" - }, - { - "name": "conducting-internal-network-penetration-test", - "description": "Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify lateral movement paths, privilege escalation vectors, and sensitive data exposure within the corporate network.", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "internal-pentest", - "lateral-movement", - "privilege-escalation", - "Responder", - "Impacket", - "assumed-breach", - "network-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-internal-network-penetration-test" - }, - { - "name": "conducting-internal-reconnaissance-with-bloodhound-ce", - "description": "Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify privilege escalation chains, and discover misconfigurations in domain environments.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "reconnaissance", - "bloodhound", - "active-directory", - "attack-paths", - "privilege-escalation", - "graph-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-internal-reconnaissance-with-bloodhound-ce" - }, - { - "name": "conducting-malware-incident-response", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "malware-response", - "malware-analysis", - "eradication", - "endpoint-remediation", - "MITRE-ATT&CK" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-malware-incident-response" - }, - { - "name": "conducting-man-in-the-middle-attack-simulation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "mitm", - "bettercap", - "ettercap", - "mitmproxy" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-man-in-the-middle-attack-simulation" - }, - { - "name": "conducting-memory-forensics-with-volatility", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "memory-forensics", - "volatility", - "RAM-analysis", - "process-injection", - "DFIR" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-memory-forensics-with-volatility" - }, - { - "name": "conducting-mobile-app-penetration-test", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "mobile-pentest", - "OWASP-MASTG", - "Android-security", - "iOS-security", - "mobile-application-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-mobile-app-penetration-test" - }, - { - "name": "conducting-network-penetration-test", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "network-pentest", - "Nmap", - "Metasploit", - "vulnerability-exploitation", - "infrastructure-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-network-penetration-test" - }, - { - "name": "conducting-pass-the-ticket-attack", - "description": "Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "kerberos", - "pass-the-ticket", - "lateral-movement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-pass-the-ticket-attack" - }, - { - "name": "conducting-phishing-incident-response", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "phishing-response", - "email-security", - "credential-compromise", - "email-header-analysis", - "mailbox-remediation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-phishing-incident-response" - }, - { - "name": "conducting-post-incident-lessons-learned", - "description": "Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce actionable recommendations to improve future incident response.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-response", - "lessons-learned", - "post-incident", - "after-action-review", - "process-improvement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-post-incident-lessons-learned" - }, - { - "name": "conducting-social-engineering-penetration-test", - "description": "Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "social-engineering", - "phishing", - "vishing", - "pretexting", - "GoPhish", - "SET", - "OSINT", - "security-awareness", - "red-team" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-social-engineering-penetration-test" - }, - { - "name": "conducting-social-engineering-pretext-call", - "description": "Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social engineering and evaluate security awareness controls.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "social-engineering", - "vishing", - "pretext-call", - "security-awareness", - "red-team", - "phishing", - "human-risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-social-engineering-pretext-call" - }, - { - "name": "conducting-spearphishing-simulation-campaign", - "description": "Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "spearphishing", - "social-engineering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-spearphishing-simulation-campaign" - }, - { - "name": "conducting-wireless-network-penetration-test", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "wireless-pentest", - "WiFi-security", - "WPA2", - "WPA3", - "evil-twin" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/conducting-wireless-network-penetration-test" - }, - { - "name": "configuring-active-directory-tiered-model", - "description": "Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "active-directory", - "tiered-model", - "paw", - "esae" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-active-directory-tiered-model" - }, - { - "name": "configuring-aws-verified-access-for-ztna", - "description": "Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "aws", - "verified-access", - "ztna", - "cedar-policy", - "vpn-less", - "identity-verification", - "device-posture", - "aws-ram" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-aws-verified-access-for-ztna" - }, - { - "name": "configuring-certificate-authority-with-openssl", - "description": "A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking digital certificates. This skill covers building a two-tier CA hierarchy (Root CA +", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "pki", - "certificate-authority", - "openssl", - "x509" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-certificate-authority-with-openssl" - }, - { - "name": "configuring-host-based-intrusion-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "HIDS", - "Wazuh", - "OSSEC", - "file-integrity-monitoring", - "intrusion-detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-host-based-intrusion-detection" - }, - { - "name": "configuring-hsm-for-key-storage", - "description": "Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and perform cryptographic operations in a hardened environment. Keys stored in an HSM never lea", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "hsm", - "key-management", - "pkcs11", - "hardware-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-hsm-for-key-storage" - }, - { - "name": "configuring-identity-aware-proxy-with-google-iap", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "google-iap", - "identity-aware-proxy", - "gcp", - "zero-trust", - "access-context-manager", - "cloud-run", - "app-engine" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-identity-aware-proxy-with-google-iap" - }, - { - "name": "configuring-ldap-security-hardening", - "description": "Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous binding, and channel binding bypass. Covers LDAPS enforcement, channel binding, LDAP si", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "ldap", - "directory-services", - "hardening" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-ldap-security-hardening" - }, - { - "name": "configuring-microsegmentation-for-zero-trust", - "description": "Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like VMware NSX, Illumio, and Calico, preventing lateral movement in zero trust architectures.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "microsegmentation", - "network-access", - "lateral-movement", - "network-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-microsegmentation-for-zero-trust" - }, - { - "name": "configuring-multi-factor-authentication-with-duo", - "description": "Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "authentication", - "mfa", - "duo", - "multi-factor" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-multi-factor-authentication-with-duo" - }, - { - "name": "configuring-network-segmentation-with-vlans", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "vlan", - "network-segmentation", - "switch-security", - "802.1q" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-network-segmentation-with-vlans" - }, - { - "name": "configuring-oauth2-authorization-flow", - "description": "Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "authentication", - "authorization", - "oauth2", - "oidc", - "pkce" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-oauth2-authorization-flow" - }, - { - "name": "configuring-pfsense-firewall-rules", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "pfsense", - "firewall", - "nat", - "network-segmentation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-pfsense-firewall-rules" - }, - { - "name": "configuring-snort-ids-for-intrusion-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "snort", - "ids", - "intrusion-detection", - "rule-writing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-snort-ids-for-intrusion-detection" - }, - { - "name": "configuring-suricata-for-network-monitoring", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "suricata", - "ids", - "ips", - "network-monitoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-suricata-for-network-monitoring" - }, - { - "name": "configuring-tls-1-3-for-secure-communications", - "description": "TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements over TLS 1.2 in both security and performance. It reduces handshake latency to 1-R", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "tls", - "ssl", - "transport-security", - "network-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-tls-1-3-for-secure-communications" - }, - { - "name": "configuring-windows-defender-advanced-settings", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "windows-security", - "Microsoft-Defender", - "ASR", - "exploit-protection", - "MDE" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-windows-defender-advanced-settings" - }, - { - "name": "configuring-windows-event-logging-for-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "windows-security", - "event-logging", - "audit-policy", - "detection-engineering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-windows-event-logging-for-detection" - }, - { - "name": "configuring-zscaler-private-access-for-ztna", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zscaler", - "zpa", - "ztna", - "zero-trust", - "app-connector", - "access-policy", - "sase" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/configuring-zscaler-private-access-for-ztna" - }, - { - "name": "containing-active-breach", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "breach-containment", - "lateral-movement", - "network-isolation", - "credential-revocation", - "live-response" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/containing-active-breach" - }, - { - "name": "correlating-security-events-in-qradar", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "qradar", - "siem", - "aql", - "correlation", - "offense-management", - "ibm" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/correlating-security-events-in-qradar" - }, - { - "name": "correlating-threat-campaigns", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "campaign-analysis", - "correlation", - "MISP", - "ATT&CK", - "threat-actor", - "intrusion-set", - "clustering", - "CTI" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/correlating-threat-campaigns" - }, - { - "name": "deobfuscating-javascript-malware", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "JavaScript", - "deobfuscation", - "web-malware", - "script-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deobfuscating-javascript-malware" - }, - { - "name": "deobfuscating-powershell-obfuscated-malware", - "description": "Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like PSDecode and PowerDecode to reveal hidden payloads and C2 infrastructure.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "powershell", - "deobfuscation", - "malware-analysis", - "scripting", - "obfuscation", - "ast-analysis", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deobfuscating-powershell-obfuscated-malware" - }, - { - "name": "deploying-active-directory-honeytokens", - "description": ">", - "domain": "cybersecurity", - "subdomain": "deception-technology", - "tags": [ - "active-directory", - "honeytokens", - "kerberoasting", - "deception", - "detection", - "bloodhound", - "gpo" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-active-directory-honeytokens" - }, - { - "name": "deploying-cloudflare-access-for-zero-trust", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "cloudflare", - "cloudflare-access", - "zero-trust", - "cloudflare-tunnel", - "warp", - "ztna", - "cloudflare-one" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-cloudflare-access-for-zero-trust" - }, - { - "name": "deploying-decoy-files-for-ransomware-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "detection", - "canary-files", - "honeytokens", - "deception", - "file-integrity" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-decoy-files-for-ransomware-detection" - }, - { - "name": "deploying-edr-agent-with-crowdstrike", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "edr", - "CrowdStrike", - "Falcon", - "threat-detection", - "sensor-deployment" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-edr-agent-with-crowdstrike" - }, - { - "name": "deploying-osquery-for-endpoint-monitoring", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "osquery", - "endpoint-monitoring", - "threat-hunting", - "fleet-management" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-osquery-for-endpoint-monitoring" - }, - { - "name": "deploying-palo-alto-prisma-access-zero-trust", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "prisma-access", - "palo-alto", - "ztna", - "sase", - "globalprotect", - "strata-cloud-manager", - "zero-trust" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-palo-alto-prisma-access-zero-trust" - }, - { - "name": "deploying-ransomware-canary-files", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "canary-files", - "watchdog", - "detection", - "early-warning", - "deception", - "defense" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-ransomware-canary-files" - }, - { - "name": "deploying-software-defined-perimeter", - "description": "Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual TLS, and SDP controller/gateway configuration to enforce zero trust network access.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "sdp", - "software-defined-perimeter", - "network-access", - "ztna" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-software-defined-perimeter" - }, - { - "name": "deploying-tailscale-for-zero-trust-vpn", - "description": "Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls, ACLs, and exit nodes for secure peer-to-peer connectivity.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "tailscale", - "wireguard", - "mesh-vpn", - "ztna", - "peer-to-peer", - "acl", - "identity-aware", - "headscale" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/deploying-tailscale-for-zero-trust-vpn" - }, - { - "name": "detecting-ai-model-prompt-injection-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ai-security", - "tags": [ - "prompt-injection", - "LLM-security", - "OWASP-LLM-Top10", - "NLP-classification", - "input-validation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-ai-model-prompt-injection-attacks" - }, - { - "name": "detecting-anomalies-in-industrial-control-systems", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "anomaly-detection", - "machine-learning" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-anomalies-in-industrial-control-systems" - }, - { - "name": "detecting-anomalous-authentication-patterns", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "UEBA", - "authentication-anomaly", - "impossible-travel", - "brute-force", - "credential-stuffing", - "behavioral-analytics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-anomalous-authentication-patterns" - }, - { - "name": "detecting-api-enumeration-attacks", - "description": "Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "enumeration", - "bola", - "idor", - "broken-object-level-authorization", - "owasp-api-top-10", - "access-control", - "rate-limiting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-api-enumeration-attacks" - }, - { - "name": "detecting-arp-poisoning-in-network-traffic", - "description": "Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "arp-poisoning", - "arp-spoofing", - "mitm", - "dynamic-arp-inspection", - "arpwatch", - "network-security", - "man-in-the-middle", - "layer-2-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-arp-poisoning-in-network-traffic" - }, - { - "name": "detecting-attacks-on-historian-servers", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "historian", - "osisoft-pi", - "ignition", - "pivot-point", - "data-integrity", - "lateral-movement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-attacks-on-historian-servers" - }, - { - "name": "detecting-attacks-on-scada-systems", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "intrusion-detection", - "threat-detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-attacks-on-scada-systems" - }, - { - "name": "detecting-aws-cloudtrail-anomalies", - "description": "Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "cloudtrail", - "anomaly-detection", - "threat-detection", - "boto3" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-aws-cloudtrail-anomalies" - }, - { - "name": "detecting-aws-credential-exposure-with-trufflehog", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "credential-exposure", - "trufflehog", - "secrets-detection", - "devsecops" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-aws-credential-exposure-with-trufflehog" - }, - { - "name": "detecting-aws-guardduty-findings-automation", - "description": "Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "aws", - "guardduty", - "eventbridge", - "lambda", - "threat-detection", - "automation", - "incident-response", - "siem" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-aws-guardduty-findings-automation" - }, - { - "name": "detecting-aws-iam-privilege-escalation", - "description": "Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "aws", - "iam", - "privilege-escalation", - "cloudsplaining", - "boto3", - "policy-analysis", - "least-privilege" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-aws-iam-privilege-escalation" - }, - { - "name": "detecting-azure-lateral-movement", - "description": "Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "azure", - "entra-id", - "lateral-movement", - "sentinel", - "kql", - "graph-api", - "cloud-security", - "threat-hunting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-azure-lateral-movement" - }, - { - "name": "detecting-azure-service-principal-abuse", - "description": "Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "azure", - "entra-id", - "service-principal", - "privilege-escalation", - "credential-abuse", - "detection", - "splunk", - "sentinel" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-azure-service-principal-abuse" - }, - { - "name": "detecting-azure-storage-account-misconfigurations", - "description": "Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "Azure", - "storage-accounts", - "blob-storage", - "ADLS", - "SAS-tokens", - "encryption", - "public-access", - "cloud-misconfiguration", - "azure-mgmt-storage" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-azure-storage-account-misconfigurations" - }, - { - "name": "detecting-beaconing-patterns-with-zeek", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "detecting", - "beaconing", - "patterns", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-beaconing-patterns-with-zeek" - }, - { - "name": "detecting-bluetooth-low-energy-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "wireless-security", - "tags": [ - "ble", - "bluetooth", - "ubertooth", - "nrf-sniffer", - "gatt", - "wireless-security", - "iot-security", - "replay-attack" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-bluetooth-low-energy-attacks" - }, - { - "name": "detecting-broken-object-property-level-authorization", - "description": "Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive data exposure and mass assignment attacks.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "bopla", - "owasp-api3", - "mass-assignment", - "excessive-data-exposure", - "property-level-authorization", - "api-testing", - "penetration-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-broken-object-property-level-authorization" - }, - { - "name": "detecting-business-email-compromise", - "description": "Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors, or trusted partners to trick employees into transferring funds, sharing sensitive data,", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "bec", - "fraud" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-business-email-compromise" - }, - { - "name": "detecting-business-email-compromise-with-ai", - "description": "Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "bec", - "ai", - "nlp", - "machine-learning", - "email-security", - "behavioral-analytics", - "impersonation", - "fraud-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-business-email-compromise-with-ai" - }, - { - "name": "detecting-cloud-threats-with-guardduty", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "amazon-guardduty", - "threat-detection", - "aws-security", - "runtime-monitoring", - "cloud-soc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-cloud-threats-with-guardduty" - }, - { - "name": "detecting-command-and-control-over-dns", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "dns", - "c2", - "tunneling", - "dga", - "network-forensics", - "threat-detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-command-and-control-over-dns" - }, - { - "name": "detecting-compromised-cloud-credentials", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "credential-compromise", - "threat-detection", - "guardduty", - "incident-response", - "anomaly-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-compromised-cloud-credentials" - }, - { - "name": "detecting-container-drift-at-runtime", - "description": "Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system changes, and configuration deviations from the original container image.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "container-drift", - "runtime-security", - "immutable-containers", - "falco", - "kubernetes", - "container-security", - "drift-detection", - "microsoft-defender" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-container-drift-at-runtime" - }, - { - "name": "detecting-container-escape-attempts", - "description": "Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host system or other containers. Detection involves monitoring for escape indicators", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "kubernetes", - "docker", - "security", - "runtime-security", - "escape-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-container-escape-attempts" - }, - { - "name": "detecting-container-escape-with-falco-rules", - "description": "Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file access, and privilege escalation.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "falco", - "container-escape", - "runtime-security", - "syscall-monitoring", - "kubernetes", - "detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-container-escape-with-falco-rules" - }, - { - "name": "detecting-credential-dumping-techniques", - "description": "Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-credential-dumping-techniques" - }, - { - "name": "detecting-cryptomining-in-cloud", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cryptomining-detection", - "cloud-abuse", - "resource-hijacking", - "guardduty-crypto", - "cost-anomaly" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-cryptomining-in-cloud" - }, - { - "name": "detecting-dcsync-attack-in-active-directory", - "description": "Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "active-directory", - "dcsync", - "credential-theft", - "mitre-t1003-006", - "mimikatz", - "kerberos" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-dcsync-attack-in-active-directory" - }, - { - "name": "detecting-deepfake-audio-in-vishing-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "social-engineering-defense", - "tags": [ - "deepfake-detection", - "vishing", - "audio-forensics", - "MFCC", - "spectral-analysis", - "voice-cloning" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-deepfake-audio-in-vishing-attacks" - }, - { - "name": "detecting-dll-sideloading-attacks", - "description": "Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack execution flow for defense evasion.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "dll-sideloading", - "defense-evasion", - "t1574", - "edr", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-dll-sideloading-attacks" - }, - { - "name": "detecting-dnp3-protocol-anomalies", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "dnp3", - "scada", - "anomaly-detection", - "protocol-analysis", - "energy-sector", - "ids" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-dnp3-protocol-anomalies" - }, - { - "name": "detecting-dns-exfiltration-with-dns-query-analysis", - "description": "Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "dns-exfiltration", - "dns-tunneling", - "data-exfiltration", - "threat-detection", - "entropy-analysis", - "passive-dns", - "network-monitoring", - "iodine", - "dnscat2" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-dns-exfiltration-with-dns-query-analysis" - }, - { - "name": "detecting-email-account-compromise", - "description": "Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "email-compromise", - "office365", - "microsoft-graph", - "bec", - "inbox-rules", - "sign-in-analysis", - "account-takeover" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-email-account-compromise" - }, - { - "name": "detecting-email-forwarding-rules-attack", - "description": "Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "email-forwarding", - "persistence", - "bec", - "t1114", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-email-forwarding-rules-attack" - }, - { - "name": "detecting-evasion-techniques-in-endpoint-logs", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "edr", - "threat-hunting", - "defense-evasion", - "MITRE-ATT&CK", - "detection-engineering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-evasion-techniques-in-endpoint-logs" - }, - { - "name": "detecting-exfiltration-over-dns-with-zeek", - "description": "Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "dns-exfiltration", - "zeek", - "entropy-analysis", - "threat-hunting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-exfiltration-over-dns-with-zeek" - }, - { - "name": "detecting-fileless-attacks-on-endpoints", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "fileless-malware", - "memory-attacks", - "PowerShell", - "detection-engineering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-fileless-attacks-on-endpoints" - }, - { - "name": "detecting-fileless-malware-techniques", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "fileless", - "LOLBins", - "memory-analysis", - "detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-fileless-malware-techniques" - }, - { - "name": "detecting-golden-ticket-attacks-in-kerberos-logs", - "description": "Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption types, impossible ticket lifetimes, non-existent accounts, and forged PAC signatures in domain controller event logs.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "golden-ticket", - "kerberos", - "active-directory", - "mitre-t1558-001", - "credential-abuse" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-golden-ticket-attacks-in-kerberos-logs" - }, - { - "name": "detecting-golden-ticket-forgery", - "description": "Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17), abnormal ticket lifetimes, and krbtgt account anomalies in Splunk and Elastic SIEM", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-golden-ticket-forgery" - }, - { - "name": "detecting-insider-data-exfiltration-via-dlp", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "detecting", - "insider", - "data", - "exfiltration" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-insider-data-exfiltration-via-dlp" - }, - { - "name": "detecting-insider-threat-behaviors", - "description": "Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "insider-threat", - "data-theft", - "ueba", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-insider-threat-behaviors" - }, - { - "name": "detecting-insider-threat-with-ueba", - "description": "Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [ - "ueba", - "insider-threat", - "anomaly-detection", - "elasticsearch", - "behavior-analytics", - "machine-learning", - "siem" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-insider-threat-with-ueba" - }, - { - "name": "detecting-kerberoasting-attacks", - "description": "Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with SPNs for offline password cracking.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "kerberoasting", - "credential-access", - "kerberos", - "t1558", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-kerberoasting-attacks" - }, - { - "name": "detecting-lateral-movement-in-network", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "lateral-movement", - "threat-detection", - "siem", - "pass-the-hash" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-lateral-movement-in-network" - }, - { - "name": "detecting-lateral-movement-with-splunk", - "description": "Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs, SMB traffic, and remote service abuse.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "lateral-movement", - "splunk", - "siem", - "proactive-detection", - "ta0008" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-lateral-movement-with-splunk" - }, - { - "name": "detecting-lateral-movement-with-zeek", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "zeek", - "lateral-movement", - "smb", - "dce-rpc", - "pass-the-hash", - "network-forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-lateral-movement-with-zeek" - }, - { - "name": "detecting-living-off-the-land-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [ - "lolbins", - "lotl", - "fileless-attacks", - "process-monitoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-living-off-the-land-attacks" - }, - { - "name": "detecting-living-off-the-land-with-lolbas", - "description": "Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [ - "lolbas", - "lolbins", - "sigma-rules", - "process-monitoring", - "sysmon", - "endpoint-detection", - "threat-hunting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-living-off-the-land-with-lolbas" - }, - { - "name": "detecting-malicious-scheduled-tasks-with-sysmon", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "sysmon", - "scheduled-tasks", - "persistence", - "detection", - "threat-hunting", - "windows-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-malicious-scheduled-tasks-with-sysmon" - }, - { - "name": "detecting-mimikatz-execution-patterns", - "description": "Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "mimikatz", - "credential-dumping", - "edr", - "t1003", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-mimikatz-execution-patterns" - }, - { - "name": "detecting-misconfigured-azure-storage", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "azure", - "storage-security", - "blob-storage", - "sas-tokens", - "data-protection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-misconfigured-azure-storage" - }, - { - "name": "detecting-mobile-malware-behavior", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "malware-analysis", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-mobile-malware-behavior" - }, - { - "name": "detecting-modbus-command-injection-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "modbus", - "command-injection", - "protocol-analysis", - "ids", - "scada", - "threat-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-modbus-command-injection-attacks" - }, - { - "name": "detecting-modbus-protocol-anomalies", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "modbus", - "protocol-anomaly" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-modbus-protocol-anomalies" - }, - { - "name": "detecting-network-anomalies-with-zeek", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "zeek", - "network-monitoring", - "anomaly-detection", - "threat-hunting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-network-anomalies-with-zeek" - }, - { - "name": "detecting-network-scanning-with-ids-signatures", - "description": "Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "ids", - "nmap-detection", - "port-scanning", - "snort", - "suricata", - "reconnaissance", - "network-security", - "signature-detection", - "threshold-rules" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-network-scanning-with-ids-signatures" - }, - { - "name": "detecting-ntlm-relay-with-event-correlation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "NTLM-relay", - "event-correlation", - "T1557.001", - "Event-4624", - "Responder", - "SMB-signing", - "LDAP-signing", - "NTLM-downgrade", - "PetitPotam", - "Active-Directory" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-ntlm-relay-with-event-correlation" - }, - { - "name": "detecting-oauth-token-theft", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-security", - "tags": [ - "oauth", - "token-theft", - "identity-attacks", - "impossible-travel" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-oauth-token-theft" - }, - { - "name": "detecting-pass-the-hash-attacks", - "description": "Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "pass-the-hash", - "credential-access", - "t1550", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-pass-the-hash-attacks" - }, - { - "name": "detecting-pass-the-ticket-attacks", - "description": "Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-pass-the-ticket-attacks" - }, - { - "name": "detecting-port-scanning-with-fail2ban", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "fail2ban", - "port-scanning", - "intrusion-prevention", - "automated-defense" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-port-scanning-with-fail2ban" - }, - { - "name": "detecting-privilege-escalation-attempts", - "description": "Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse across Windows and Linux.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "privilege-escalation", - "token-manipulation", - "uac-bypass", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-privilege-escalation-attempts" - }, - { - "name": "detecting-privilege-escalation-in-kubernetes-pods", - "description": "Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and syscall patterns with Falco and OPA policies.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "kubernetes", - "privilege-escalation", - "security-context", - "capabilities", - "detection", - "pod-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-privilege-escalation-in-kubernetes-pods" - }, - { - "name": "detecting-process-hollowing-technique", - "description": "Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child process anomalies in EDR telemetry.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "process-hollowing", - "process-injection", - "edr", - "t1055", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-process-hollowing-technique" - }, - { - "name": "detecting-process-injection-techniques", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "process-injection", - "detection", - "memory-forensics", - "defense-evasion" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-process-injection-techniques" - }, - { - "name": "detecting-qr-code-phishing-with-email-security", - "description": "Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "quishing", - "qr-code", - "phishing", - "email-security", - "image-analysis", - "ocr", - "mobile-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-qr-code-phishing-with-email-security" - }, - { - "name": "detecting-ransomware-encryption-behavior", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "detection", - "entropy", - "behavioral-analysis", - "file-monitoring", - "heuristics" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-ransomware-encryption-behavior" - }, - { - "name": "detecting-ransomware-precursors-in-network", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "detection", - "network-security", - "incident-response", - "defense" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-ransomware-precursors-in-network" - }, - { - "name": "detecting-rdp-brute-force-attacks", - "description": "Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.", - "domain": "cybersecurity", - "subdomain": "threat-detection", - "tags": [ - "threat-detection", - "rdp", - "brute-force", - "windows-event-logs", - "blue-team", - "siem" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-rdp-brute-force-attacks" - }, - { - "name": "detecting-rootkit-activity", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "rootkit", - "detection", - "kernel-analysis", - "memory-forensics" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-rootkit-activity" - }, - { - "name": "detecting-s3-data-exfiltration-attempts", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "s3", - "data-exfiltration", - "guardduty", - "macie", - "threat-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-s3-data-exfiltration-attempts" - }, - { - "name": "detecting-serverless-function-injection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "serverless-security", - "Lambda-injection", - "event-source-poisoning", - "OWASP-serverless", - "IAM-escalation", - "CloudTrail" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-serverless-function-injection" - }, - { - "name": "detecting-service-account-abuse", - "description": "Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement, and unauthorized access patterns.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "service-accounts", - "privilege-escalation", - "t1078", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-service-account-abuse" - }, - { - "name": "detecting-shadow-api-endpoints", - "description": "Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "shadow-apis", - "api-discovery", - "undocumented-apis", - "zombie-apis", - "api-inventory", - "attack-surface-management", - "api-governance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-shadow-api-endpoints" - }, - { - "name": "detecting-shadow-it-cloud-usage", - "description": "Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "shadow-IT", - "SaaS-discovery", - "proxy-logs", - "DNS-analysis", - "netflow", - "cloud-security", - "pandas" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-shadow-it-cloud-usage" - }, - { - "name": "detecting-spearphishing-with-email-gateway", - "description": "Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "spearphishing", - "email-gateway" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-spearphishing-with-email-gateway" - }, - { - "name": "detecting-sql-injection-via-waf-logs", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "detecting", - "sql", - "injection", - "via" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-sql-injection-via-waf-logs" - }, - { - "name": "detecting-stuxnet-style-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "stuxnet", - "plc-integrity", - "apt" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-stuxnet-style-attacks" - }, - { - "name": "detecting-supply-chain-attacks-in-ci-cd", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "detecting", - "supply", - "chain", - "attacks" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-supply-chain-attacks-in-ci-cd" - }, - { - "name": "detecting-suspicious-oauth-application-consent", - "description": "Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "OAuth", - "Azure-AD", - "Entra-ID", - "Microsoft-Graph", - "illicit-consent", - "cloud-security", - "application-permissions" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-suspicious-oauth-application-consent" - }, - { - "name": "detecting-suspicious-powershell-execution", - "description": "Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "powershell", - "execution", - "t1059", - "amsi", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-suspicious-powershell-execution" - }, - { - "name": "detecting-t1003-credential-dumping-with-edr", - "description": "Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "credential-dumping", - "lsass", - "mitre-t1003", - "edr", - "mimikatz", - "ntds", - "sam-database" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-t1003-credential-dumping-with-edr" - }, - { - "name": "detecting-t1055-process-injection-with-sysmon", - "description": "Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection by analyzing Sysmon events for cross-process memory operations, remote thread creation, and anomalous DLL loading patterns.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "process-injection", - "sysmon", - "mitre-t1055", - "defense-evasion", - "dll-injection", - "process-hollowing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-t1055-process-injection-with-sysmon" - }, - { - "name": "detecting-t1548-abuse-elevation-control-mechanism", - "description": "Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "uac-bypass", - "privilege-escalation", - "mitre-t1548", - "elevation-control", - "windows-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-t1548-abuse-elevation-control-mechanism" - }, - { - "name": "detecting-typosquatting-packages-in-npm-pypi", - "description": ">", - "domain": "cybersecurity", - "subdomain": "supply-chain-security", - "tags": [ - "typosquatting", - "npm", - "pypi", - "supply-chain", - "package-security", - "Levenshtein", - "dependency-confusion", - "malicious-packages" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-typosquatting-packages-in-npm-pypi" - }, - { - "name": "detecting-wmi-persistence", - "description": "Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "wmi", - "persistence", - "sysmon", - "t1546.003", - "mitre-attack", - "windows", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/detecting-wmi-persistence" - }, - { - "name": "eradicating-malware-from-infected-systems", - "description": "Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-response", - "eradication", - "malware-removal", - "persistence", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/eradicating-malware-from-infected-systems" - }, - { - "name": "evaluating-threat-intelligence-platforms", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "TIP", - "ThreatConnect", - "MISP", - "OpenCTI", - "Anomali", - "EclecticIQ", - "STIX-TAXII", - "CTI-program", - "procurement" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/evaluating-threat-intelligence-platforms" - }, - { - "name": "executing-active-directory-attack-simulation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "Active-Directory", - "BloodHound", - "Mimikatz", - "Kerberoasting", - "domain-compromise" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/executing-active-directory-attack-simulation" - }, - { - "name": "executing-phishing-simulation-campaign", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "phishing-simulation", - "social-engineering", - "GoPhish", - "email-security", - "security-awareness" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/executing-phishing-simulation-campaign" - }, - { - "name": "executing-red-team-engagement-planning", - "description": "Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "engagement-planning", - "rules-of-engagement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/executing-red-team-engagement-planning" - }, - { - "name": "executing-red-team-exercise", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "red-team", - "adversary-emulation", - "MITRE-ATT&CK", - "Cobalt-Strike", - "detection-assessment" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/executing-red-team-exercise" - }, - { - "name": "exploiting-active-directory-certificate-services-esc1", - "description": "Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates as high-privileged users and escalate domain privileges during authorized red team assessments.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "active-directory", - "ad-cs", - "esc1", - "certificate-abuse", - "privilege-escalation", - "domain-escalation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-active-directory-certificate-services-esc1" - }, - { - "name": "exploiting-active-directory-with-bloodhound", - "description": "BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and unintended relationships within AD environments. Red teams use BloodHound to identify attac", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "active-directory", - "bloodhound" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-active-directory-with-bloodhound" - }, - { - "name": "exploiting-api-injection-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "injection", - "sqli", - "nosql", - "ssrf", - "command-injection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-api-injection-vulnerabilities" - }, - { - "name": "exploiting-bgp-hijacking-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "bgp", - "routing-security", - "rpki", - "route-hijacking" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-bgp-hijacking-vulnerabilities" - }, - { - "name": "exploiting-broken-function-level-authorization", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "authorization", - "bfla", - "privilege-escalation", - "access-control" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-broken-function-level-authorization" - }, - { - "name": "exploiting-broken-link-hijacking", - "description": "Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned cloud resources, and dead external services that can be claimed by an attacker.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "broken-link-hijacking", - "blh", - "subdomain-takeover", - "dead-link", - "expired-domain", - "supply-chain", - "external-resource" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-broken-link-hijacking" - }, - { - "name": "exploiting-constrained-delegation-abuse", - "description": "Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users via S4U2self and S4U2proxy extensions for lateral movement and privilege escalation.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "active-directory", - "kerberos", - "constrained-delegation", - "s4u2proxy", - "privilege-escalation", - "lateral-movement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-constrained-delegation-abuse" - }, - { - "name": "exploiting-deeplink-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "deep-links", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-deeplink-vulnerabilities" - }, - { - "name": "exploiting-excessive-data-exposure-in-api", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "data-exposure", - "rest-security", - "pii-leakage" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-excessive-data-exposure-in-api" - }, - { - "name": "exploiting-http-request-smuggling", - "description": "Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "request-smuggling", - "http-desync", - "web-security", - "burpsuite", - "owasp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-http-request-smuggling" - }, - { - "name": "exploiting-idor-vulnerabilities", - "description": "Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "idor", - "access-control", - "owasp", - "burpsuite", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-idor-vulnerabilities" - }, - { - "name": "exploiting-insecure-data-storage-in-mobile", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "data-storage", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-insecure-data-storage-in-mobile" - }, - { - "name": "exploiting-insecure-deserialization", - "description": "Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications to achieve remote code execution during authorized penetration tests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "deserialization", - "rce", - "owasp", - "web-security", - "ysoserial" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-insecure-deserialization" - }, - { - "name": "exploiting-ipv6-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "ipv6", - "slaac", - "router-advertisement", - "dual-stack-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-ipv6-vulnerabilities" - }, - { - "name": "exploiting-jwt-algorithm-confusion-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "jwt", - "algorithm-confusion", - "token-forgery", - "cryptographic-attack" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-jwt-algorithm-confusion-attack" - }, - { - "name": "exploiting-kerberoasting-with-impacket", - "description": "Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active Directory service accounts.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "kerberoasting", - "impacket", - "active-directory", - "credential-access", - "kerberos", - "t1558-003", - "service-accounts" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-kerberoasting-with-impacket" - }, - { - "name": "exploiting-mass-assignment-in-rest-apis", - "description": "Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields, and bypass authorization controls by injecting unexpected parameters in API requests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "mass-assignment", - "api-security", - "privilege-escalation", - "rest-api", - "autobinding", - "parameter-injection", - "owasp-api" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-mass-assignment-in-rest-apis" - }, - { - "name": "exploiting-ms17-010-eternalblue-vulnerability", - "description": "MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the NSA and leaked by the Shadow Brokers in 2017, it", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "eternalblue", - "smb", - "remote-code-execution" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-ms17-010-eternalblue-vulnerability" - }, - { - "name": "exploiting-nopac-cve-2021-42278-42287", - "description": "Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion) to escalate from standard domain user to Domain Admin in Active Directory environments.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "active-directory", - "nopac", - "cve-2021-42278", - "cve-2021-42287", - "privilege-escalation", - "domain-escalation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-nopac-cve-2021-42278-42287" - }, - { - "name": "exploiting-nosql-injection-vulnerabilities", - "description": "Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate authentication bypass, data extraction, and unauthorized access risks.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "nosql-injection", - "mongodb", - "authentication-bypass", - "injection-attack", - "web-security", - "database-security", - "api-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-nosql-injection-vulnerabilities" - }, - { - "name": "exploiting-oauth-misconfiguration", - "description": "Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "oauth", - "oidc", - "authentication", - "web-security", - "authorization" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-oauth-misconfiguration" - }, - { - "name": "exploiting-prototype-pollution-in-javascript", - "description": "Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications to achieve XSS, RCE, and authentication bypass through property injection.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "prototype-pollution", - "javascript", - "node-js", - "xss", - "rce", - "property-injection", - "dom-xss", - "server-side-pollution" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-prototype-pollution-in-javascript" - }, - { - "name": "exploiting-race-condition-vulnerabilities", - "description": "Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack technique to bypass rate limits, duplicate transactions, and exploit time-of-check-to-time-of-use flaws.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "race-condition", - "turbo-intruder", - "toctou", - "concurrency", - "single-packet-attack", - "limit-overrun", - "burp-suite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-race-condition-vulnerabilities" - }, - { - "name": "exploiting-server-side-request-forgery", - "description": "Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "ssrf", - "owasp", - "cloud-security", - "web-security", - "burpsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-server-side-request-forgery" - }, - { - "name": "exploiting-smb-vulnerabilities-with-metasploit", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "smb", - "metasploit", - "exploitation", - "eternalblue" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-smb-vulnerabilities-with-metasploit" - }, - { - "name": "exploiting-sql-injection-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "SQL-injection", - "sqlmap", - "database-security", - "OWASP-A03", - "injection-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-sql-injection-vulnerabilities" - }, - { - "name": "exploiting-sql-injection-with-sqlmap", - "description": "Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "sql-injection", - "sqlmap", - "owasp", - "database-security", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-sql-injection-with-sqlmap" - }, - { - "name": "exploiting-template-injection-vulnerabilities", - "description": "Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "ssti", - "template-injection", - "rce", - "web-security", - "owasp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-template-injection-vulnerabilities" - }, - { - "name": "exploiting-type-juggling-vulnerabilities", - "description": "Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "type-juggling", - "php-security", - "loose-comparison", - "authentication-bypass", - "magic-hash", - "type-coercion", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-type-juggling-vulnerabilities" - }, - { - "name": "exploiting-vulnerabilities-with-metasploit-framework", - "description": "The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "cve", - "metasploit", - "exploitation", - "penetration-testing", - "risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-vulnerabilities-with-metasploit-framework" - }, - { - "name": "exploiting-websocket-vulnerabilities", - "description": "Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "websocket", - "web-security", - "owasp", - "real-time", - "burpsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-websocket-vulnerabilities" - }, - { - "name": "exploiting-zerologon-vulnerability-cve-2020-1472", - "description": "Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "zerologon", - "cve-2020-1472", - "netlogon", - "domain-controller", - "privilege-escalation", - "active-directory", - "ms-nrpc" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/exploiting-zerologon-vulnerability-cve-2020-1472" - }, - { - "name": "extracting-browser-history-artifacts", - "description": "Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "browser-forensics", - "chrome", - "firefox", - "edge", - "web-history", - "artifact-extraction" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/extracting-browser-history-artifacts" - }, - { - "name": "extracting-config-from-agent-tesla-rat", - "description": "Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials, keylogger settings, and C2 endpoints using .NET decompilation and memory analysis.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "agent-tesla", - "rat", - "config-extraction", - "dotnet", - "malware-analysis", - "keylogger", - "credential-theft" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/extracting-config-from-agent-tesla-rat" - }, - { - "name": "extracting-credentials-from-memory-dump", - "description": "Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "credential-extraction", - "memory-forensics", - "volatility", - "mimikatz", - "password-hashes", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/extracting-credentials-from-memory-dump" - }, - { - "name": "extracting-iocs-from-malware-samples", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "IOC-extraction", - "threat-intelligence", - "indicators", - "detection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/extracting-iocs-from-malware-samples" - }, - { - "name": "extracting-memory-artifacts-with-rekall", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "extracting", - "memory", - "artifacts", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/extracting-memory-artifacts-with-rekall" - }, - { - "name": "extracting-windows-event-logs-artifacts", - "description": "Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "windows-event-logs", - "evtx", - "chainsaw", - "hayabusa", - "sigma-rules", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/extracting-windows-event-logs-artifacts" - }, - { - "name": "generating-threat-intelligence-reports", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "CTI", - "threat-intelligence", - "intelligence-products", - "TLP", - "PIR", - "report-writing", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/generating-threat-intelligence-reports" - }, - { - "name": "hardening-docker-containers-for-production", - "description": "Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "docker", - "security", - "hardening", - "CIS-benchmark" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hardening-docker-containers-for-production" - }, - { - "name": "hardening-docker-daemon-configuration", - "description": "Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "docker", - "daemon-hardening", - "container-security", - "cis-benchmark", - "rootless", - "userns-remap" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hardening-docker-daemon-configuration" - }, - { - "name": "hardening-linux-endpoint-with-cis-benchmark", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "hardening", - "linux-security", - "CIS-benchmark", - "Ubuntu", - "RHEL" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hardening-linux-endpoint-with-cis-benchmark" - }, - { - "name": "hardening-windows-endpoint-with-cis-benchmark", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "hardening", - "windows-security", - "CIS-benchmark", - "GPO", - "baseline-configuration" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hardening-windows-endpoint-with-cis-benchmark" - }, - { - "name": "hunting-advanced-persistent-threats", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "MITRE-ATT&CK", - "threat-hunting", - "APT", - "Velociraptor", - "osquery", - "Zeek", - "TTP", - "NIST-CSF", - "EDR" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-advanced-persistent-threats" - }, - { - "name": "hunting-credential-stuffing-attacks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "hunting", - "credential", - "stuffing", - "attacks" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-credential-stuffing-attacks" - }, - { - "name": "hunting-for-anomalous-powershell-execution", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "powershell", - "script-block-logging", - "event-4104", - "amsi", - "threat-hunting", - "evtx", - "obfuscation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-anomalous-powershell-execution" - }, - { - "name": "hunting-for-beaconing-with-frequency-analysis", - "description": "Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "beaconing", - "c2-detection", - "frequency-analysis", - "network-traffic", - "RITA", - "jitter-detection", - "mitre-t1071" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-beaconing-with-frequency-analysis" - }, - { - "name": "hunting-for-cobalt-strike-beacons", - "description": "Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "cobalt-strike", - "beacon", - "threat-hunting", - "c2", - "zeek", - "suricata", - "ja3", - "jarm", - "network-forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-cobalt-strike-beacons" - }, - { - "name": "hunting-for-command-and-control-beaconing", - "description": "Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation to identify compromised endpoints communicating with adversary infrastructure.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "c2", - "beaconing", - "network-analysis", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-command-and-control-beaconing" - }, - { - "name": "hunting-for-data-exfiltration-indicators", - "description": "Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "data-exfiltration", - "dlp", - "network-analysis", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-data-exfiltration-indicators" - }, - { - "name": "hunting-for-data-staging-before-exfiltration", - "description": "Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "data-staging", - "exfiltration", - "t1074", - "archive-detection", - "edr", - "threat-hunting", - "dlp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-data-staging-before-exfiltration" - }, - { - "name": "hunting-for-dcom-lateral-movement", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "DCOM", - "lateral-movement", - "T1021.003", - "Sysmon", - "MMC20", - "ShellWindows", - "ShellBrowserWindow", - "COM-objects", - "WMI", - "RPC" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-dcom-lateral-movement" - }, - { - "name": "hunting-for-dcsync-attacks", - "description": "Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "dcsync", - "active-directory", - "credential-access", - "t1003.006", - "mimikatz", - "windows", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-dcsync-attacks" - }, - { - "name": "hunting-for-defense-evasion-via-timestomping", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "timestomping", - "ntfs-forensics", - "mft-analysis", - "defense-evasion" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-defense-evasion-via-timestomping" - }, - { - "name": "hunting-for-dns-based-persistence", - "description": "Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "dns", - "persistence", - "threat-hunting", - "passive-dns", - "dns-hijacking", - "subdomain-takeover", - "securitytrails" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-dns-based-persistence" - }, - { - "name": "hunting-for-dns-tunneling-with-zeek", - "description": "Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive query volume, long query lengths, and unusual DNS record types indicating covert channel communication.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "dns-tunneling", - "zeek", - "data-exfiltration", - "covert-channel", - "mitre-t1071-004", - "network-monitoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-dns-tunneling-with-zeek" - }, - { - "name": "hunting-for-domain-fronting-c2-traffic", - "description": "Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-domain-fronting-c2-traffic" - }, - { - "name": "hunting-for-lateral-movement-via-wmi", - "description": "Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "lateral-movement", - "wmi", - "sysmon", - "mitre-attack", - "process-creation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-lateral-movement-via-wmi" - }, - { - "name": "hunting-for-living-off-the-cloud-techniques", - "description": "Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse of Azure, AWS, GCP services, and SaaS platforms.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "cloud-abuse", - "c2", - "lotc", - "saas", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-living-off-the-cloud-techniques" - }, - { - "name": "hunting-for-living-off-the-land-binaries", - "description": "Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "lolbins", - "edr", - "siem", - "proactive-detection", - "defense-evasion" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-living-off-the-land-binaries" - }, - { - "name": "hunting-for-lolbins-execution-in-endpoint-logs", - "description": "Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs for suspicious execution patterns of legitimate Windows system binaries used for malicious purposes.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "lolbins", - "living-off-the-land", - "endpoint-detection", - "process-monitoring", - "mitre-t1218", - "defense-evasion" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-lolbins-execution-in-endpoint-logs" - }, - { - "name": "hunting-for-ntlm-relay-attacks", - "description": "Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "NTLM-relay", - "Windows-events", - "Event-4624", - "NTLMSSP", - "Responder", - "SMB-signing", - "credential-access", - "T1557.001", - "Active-Directory" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-ntlm-relay-attacks" - }, - { - "name": "hunting-for-persistence-mechanisms-in-windows", - "description": "Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services, startup folders, and WMI subscriptions.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "persistence", - "windows", - "registry", - "siem", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-persistence-mechanisms-in-windows" - }, - { - "name": "hunting-for-persistence-via-wmi-subscriptions", - "description": "Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI consumer, filter, and binding creation events that execute malicious code triggered by system events.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "wmi-persistence", - "mitre-t1546-003", - "event-subscription", - "windows", - "endpoint-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-persistence-via-wmi-subscriptions" - }, - { - "name": "hunting-for-process-injection-techniques", - "description": "Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "process-injection", - "t1055", - "sysmon", - "createremotethread", - "dll-injection", - "edr", - "threat-hunting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-process-injection-techniques" - }, - { - "name": "hunting-for-registry-persistence-mechanisms", - "description": "Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "registry", - "persistence", - "windows", - "t1547", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-registry-persistence-mechanisms" - }, - { - "name": "hunting-for-registry-run-key-persistence", - "description": "Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "persistence", - "registry-run-keys", - "t1547-001", - "sysmon", - "threat-hunting", - "windows-forensics", - "mitre-attack" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-registry-run-key-persistence" - }, - { - "name": "hunting-for-scheduled-task-persistence", - "description": "Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "scheduled-tasks", - "persistence", - "t1053", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-scheduled-task-persistence" - }, - { - "name": "hunting-for-shadow-copy-deletion", - "description": "Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring vssadmin, wmic, and PowerShell shadow copy commands.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "shadow-copy", - "ransomware", - "anti-forensics", - "t1490", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-shadow-copy-deletion" - }, - { - "name": "hunting-for-spearphishing-indicators", - "description": "Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "spearphishing", - "initial-access", - "email-security", - "t1566", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-spearphishing-indicators" - }, - { - "name": "hunting-for-startup-folder-persistence", - "description": "Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation, analyzing autoruns entries, and using Python watchdog for real-time filesystem monitoring.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "T1547.001", - "startup-folder", - "persistence", - "autoruns", - "watchdog", - "filesystem-monitoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-startup-folder-persistence" - }, - { - "name": "hunting-for-supply-chain-compromise", - "description": "Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies, unauthorized code modifications, and tampered build artifacts.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "supply-chain", - "initial-access", - "t1195", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-supply-chain-compromise" - }, - { - "name": "hunting-for-suspicious-scheduled-tasks", - "description": "Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "scheduled-tasks", - "persistence", - "mitre-t1053-005", - "windows", - "endpoint-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-suspicious-scheduled-tasks" - }, - { - "name": "hunting-for-t1098-account-manipulation", - "description": "Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group membership changes, and credential modifications using Windows Security Event Logs.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "t1098", - "account-manipulation", - "active-directory", - "persistence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-t1098-account-manipulation" - }, - { - "name": "hunting-for-unusual-network-connections", - "description": "Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard ports, and anomalous connection frequencies from endpoints.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "network-analysis", - "c2", - "anomaly-detection", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-unusual-network-connections" - }, - { - "name": "hunting-for-unusual-service-installations", - "description": "Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event ID 7045, analyzing service binary paths, and identifying indicators of persistence mechanisms.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "T1543.003", - "service-installation", - "persistence", - "Event-7045", - "Sysmon", - "Windows-services" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-unusual-service-installations" - }, - { - "name": "hunting-for-webshell-activity", - "description": "Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious process spawning from web servers, and anomalous HTTP patterns.", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "threat-hunting", - "mitre-attack", - "webshell", - "persistence", - "web-server", - "t1505", - "proactive-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/hunting-for-webshell-activity" - }, - { - "name": "implementing-aes-encryption-for-data-at-rest", - "description": "AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classified and sensitive data. This skill covers implementing AES-256 encryption in GCM m", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "encryption", - "aes", - "data-at-rest", - "symmetric-encryption" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aes-encryption-for-data-at-rest" - }, - { - "name": "implementing-alert-fatigue-reduction", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "alert-fatigue", - "tuning", - "risk-based-alerting", - "false-positive", - "siem", - "detection-engineering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-alert-fatigue-reduction" - }, - { - "name": "implementing-anti-phishing-training-program", - "description": "Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "training", - "security-culture" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-anti-phishing-training-program" - }, - { - "name": "implementing-anti-ransomware-group-policy", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "group-policy", - "windows", - "AppLocker", - "hardening", - "prevention" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-anti-ransomware-group-policy" - }, - { - "name": "implementing-api-abuse-detection-with-rate-limiting", - "description": "Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent DDoS, brute force, and credential stuffing attacks.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "rate-limiting", - "token-bucket", - "sliding-window", - "ddos-protection", - "brute-force-prevention", - "api-abuse", - "api-gateway" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-abuse-detection-with-rate-limiting" - }, - { - "name": "implementing-api-gateway-security-controls", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "api-gateway", - "kong", - "aws-api-gateway", - "rate-limiting", - "waf" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-gateway-security-controls" - }, - { - "name": "implementing-api-key-security-controls", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "api-keys", - "credential-management", - "key-rotation", - "secret-management" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-key-security-controls" - }, - { - "name": "implementing-api-rate-limiting-and-throttling", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "rate-limiting", - "throttling", - "redis", - "token-bucket", - "abuse-prevention" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-rate-limiting-and-throttling" - }, - { - "name": "implementing-api-schema-validation-security", - "description": "Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "schema-validation", - "openapi", - "json-schema", - "input-validation", - "data-leakage-prevention", - "mass-assignment", - "api-gateway" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-schema-validation-security" - }, - { - "name": "implementing-api-security-posture-management", - "description": "Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while enforcing security policies across the API lifecycle.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "aspm", - "api-posture-management", - "api-discovery", - "risk-scoring", - "api-governance", - "continuous-monitoring", - "api-inventory" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-security-posture-management" - }, - { - "name": "implementing-api-security-testing-with-42crunch", - "description": "Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic conformance scanning of OpenAPI specifications.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "42crunch", - "openapi", - "api-audit", - "api-scan", - "conformance-testing", - "shift-left", - "ci-cd-security", - "owasp-api-top-10" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-security-testing-with-42crunch" - }, - { - "name": "implementing-api-threat-protection-with-apigee", - "description": "Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "apigee", - "api-gateway", - "threat-protection", - "json-threat-protection", - "xml-threat-protection", - "spike-arrest", - "oauth2", - "google-cloud", - "owasp-api-top-10" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-api-threat-protection-with-apigee" - }, - { - "name": "implementing-application-whitelisting-with-applocker", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "AppLocker", - "application-whitelisting", - "windows-security", - "software-restriction" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-application-whitelisting-with-applocker" - }, - { - "name": "implementing-aqua-security-for-container-scanning", - "description": "Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "aqua-security", - "trivy", - "container-scanning", - "vulnerability-scanning", - "sbom", - "image-security", - "supply-chain" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aqua-security-for-container-scanning" - }, - { - "name": "implementing-attack-path-analysis-with-xm-cyber", - "description": "Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize the 2% of exposures that threaten critical assets.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "xm-cyber", - "attack-path-analysis", - "exposure-management", - "ctem", - "choke-points", - "breach-simulation", - "attack-surface" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-attack-path-analysis-with-xm-cyber" - }, - { - "name": "implementing-attack-surface-management", - "description": ">", - "domain": "cybersecurity", - "subdomain": "offensive-security", - "tags": [ - "attack-surface", - "reconnaissance", - "shodan", - "censys", - "subfinder", - "nuclei", - "asset-discovery" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-attack-surface-management" - }, - { - "name": "implementing-aws-config-rules-for-compliance", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "config-rules", - "compliance", - "automation", - "remediation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aws-config-rules-for-compliance" - }, - { - "name": "implementing-aws-iam-permission-boundaries", - "description": "Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "aws", - "iam", - "permission-boundaries", - "least-privilege", - "delegation", - "cloud-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aws-iam-permission-boundaries" - }, - { - "name": "implementing-aws-macie-for-data-classification", - "description": "Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine learning and pattern matching for PII, financial data, and credentials detection.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "aws", - "macie", - "data-classification", - "s3", - "pii", - "sensitive-data", - "dlp", - "compliance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aws-macie-for-data-classification" - }, - { - "name": "implementing-aws-nitro-enclave-security", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "AWS-Nitro-Enclaves", - "confidential-computing", - "attestation", - "KMS", - "enclave-isolation", - "vsock", - "PCR" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aws-nitro-enclave-security" - }, - { - "name": "implementing-aws-security-hub", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "aws-security-hub", - "cspm", - "compliance-automation", - "security-standards", - "finding-aggregation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aws-security-hub" - }, - { - "name": "implementing-aws-security-hub-compliance", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "security-hub", - "compliance", - "cspm", - "cis-benchmark" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-aws-security-hub-compliance" - }, - { - "name": "implementing-azure-ad-privileged-identity-management", - "description": "Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows, and access reviews for Azure AD privileged roles.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "azure-ad", - "pim", - "entra-id", - "just-in-time", - "privileged-roles", - "identity-governance", - "zero-trust" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-azure-ad-privileged-identity-management" - }, - { - "name": "implementing-azure-defender-for-cloud", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "azure", - "defender-for-cloud", - "cspm", - "cwpp", - "security-recommendations" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-azure-defender-for-cloud" - }, - { - "name": "implementing-beyondcorp-zero-trust-access-model", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "beyondcorp", - "zero-trust", - "google-cloud", - "iap", - "identity-aware-proxy", - "ztna", - "access-context-manager" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-beyondcorp-zero-trust-access-model" - }, - { - "name": "implementing-bgp-security-with-rpki", - "description": "Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and ROV policies on Cisco and Juniper routers to prevent route hijacking.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "bgp", - "rpki", - "route-origin-validation", - "rov", - "roa", - "route-hijacking", - "internet-routing", - "bgp-security", - "prefix-hijack" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-bgp-security-with-rpki" - }, - { - "name": "implementing-browser-isolation-for-zero-trust", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "browser-isolation", - "zero-trust", - "RBI", - "CDR", - "URL-categorization", - "content-disarming", - "secure-web-gateway" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-browser-isolation-for-zero-trust" - }, - { - "name": "implementing-canary-tokens-for-network-intrusion", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "canary-tokens", - "intrusion-detection", - "deception", - "network-security", - "honeytokens", - "breach-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-canary-tokens-for-network-intrusion" - }, - { - "name": "implementing-cisa-zero-trust-maturity-model", - "description": "Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications, and data to achieve progressive organizational zero trust maturity.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "cisa", - "maturity-model", - "federal-compliance", - "governance", - "nist-800-207", - "identity", - "devices", - "networks", - "applications", - "data-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cisa-zero-trust-maturity-model" - }, - { - "name": "implementing-cloud-dlp-for-data-protection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "dlp", - "data-protection", - "macie", - "data-classification", - "privacy" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cloud-dlp-for-data-protection" - }, - { - "name": "implementing-cloud-security-posture-management", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "cspm", - "multi-cloud", - "compliance", - "prowler", - "scoutsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cloud-security-posture-management" - }, - { - "name": "implementing-cloud-trail-log-analysis", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "cloudtrail", - "log-analysis", - "threat-detection", - "forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cloud-trail-log-analysis" - }, - { - "name": "implementing-cloud-vulnerability-posture-management", - "description": "Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite for multi-cloud vulnerability detection.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "cspm", - "cloud-security", - "aws-security-hub", - "azure-defender", - "prowler", - "scoutsuite", - "misconfiguration", - "cnapp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cloud-vulnerability-posture-management" - }, - { - "name": "implementing-cloud-waf-rules", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-waf", - "aws-waf", - "azure-waf", - "cloudflare-waf", - "owasp-protection", - "rate-limiting" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cloud-waf-rules" - }, - { - "name": "implementing-cloud-workload-protection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "implementing", - "cloud", - "workload", - "protection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-cloud-workload-protection" - }, - { - "name": "implementing-code-signing-for-artifacts", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "code-signing", - "supply-chain", - "sigstore", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-code-signing-for-artifacts" - }, - { - "name": "implementing-conditional-access-policies-azure-ad", - "description": "Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "azure-ad", - "entra-id", - "conditional-access", - "zero-trust" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-conditional-access-policies-azure-ad" - }, - { - "name": "implementing-conduit-security-for-ot-remote-access", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "remote-access", - "iec62443", - "jump-server", - "zero-trust", - "conduit", - "mfa" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-conduit-security-for-ot-remote-access" - }, - { - "name": "implementing-container-image-minimal-base-with-distroless", - "description": "Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "distroless", - "container-images", - "minimal-base", - "attack-surface", - "docker", - "security-hardening", - "supply-chain", - "kubernetes" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-container-image-minimal-base-with-distroless" - }, - { - "name": "implementing-container-network-policies-with-calico", - "description": "Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control pod-to-pod traffic, restrict egress, and implement zero-trust microsegmentation.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "container-security", - "kubernetes", - "calico", - "network-policy", - "microsegmentation", - "cni" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-container-network-policies-with-calico" - }, - { - "name": "implementing-continuous-security-validation-with-bas", - "description": "Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating real-world attack techniques across the kill chain.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "breach-attack-simulation", - "bas", - "security-validation", - "safebreach", - "attackiq", - "picus", - "cymulate", - "mitre-attack" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-continuous-security-validation-with-bas" - }, - { - "name": "implementing-data-loss-prevention-with-microsoft-purview", - "description": ">", - "domain": "cybersecurity", - "subdomain": "data-protection", - "tags": [ - "DLP", - "Microsoft-Purview", - "sensitivity-labels", - "endpoint-DLP", - "data-classification", - "compliance" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-data-loss-prevention-with-microsoft-purview" - }, - { - "name": "implementing-ddos-mitigation-with-cloudflare", - "description": "Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "ddos", - "cloudflare", - "ddos-mitigation", - "rate-limiting", - "waf", - "bot-management", - "layer-7", - "volumetric-attack", - "network-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ddos-mitigation-with-cloudflare" - }, - { - "name": "implementing-deception-based-detection-with-canarytoken", - "description": "Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens.", - "domain": "cybersecurity", - "subdomain": "deception-technology", - "tags": [ - "canarytoken", - "deception", - "honeytokens", - "breach-detection", - "Thinkst-Canary", - "tripwire", - "early-warning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-deception-based-detection-with-canarytoken" - }, - { - "name": "implementing-delinea-secret-server-for-pam", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "PAM", - "Delinea", - "Secret-Server", - "privileged-access", - "password-vault", - "credential-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-delinea-secret-server-for-pam" - }, - { - "name": "implementing-device-posture-assessment-in-zero-trust", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "device-posture", - "zero-trust", - "endpoint-compliance", - "crowdstrike-zta", - "intune", - "conditional-access", - "jamf" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-device-posture-assessment-in-zero-trust" - }, - { - "name": "implementing-devsecops-security-scanning", - "description": ">", - "domain": "cybersecurity", - "subdomain": "application-security", - "tags": [ - "devsecops", - "sast", - "sca", - "container-security", - "ci-cd" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-devsecops-security-scanning" - }, - { - "name": "implementing-diamond-model-analysis", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "diamond-model", - "intrusion-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-diamond-model-analysis" - }, - { - "name": "implementing-digital-signatures-with-ed25519", - "description": "Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "digital-signatures", - "ed25519", - "authentication", - "integrity" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-digital-signatures-with-ed25519" - }, - { - "name": "implementing-disk-encryption-with-bitlocker", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "encryption", - "BitLocker", - "TPM", - "data-protection", - "windows-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-disk-encryption-with-bitlocker" - }, - { - "name": "implementing-dmarc-dkim-spf-email-security", - "description": "SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper im", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "dkim", - "spf", - "dns" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-dmarc-dkim-spf-email-security" - }, - { - "name": "implementing-dragos-platform-for-ot-monitoring", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "dragos", - "threat-detection", - "ot-monitoring", - "scada", - "threat-intelligence", - "ndr" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-dragos-platform-for-ot-monitoring" - }, - { - "name": "implementing-ebpf-security-monitoring", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "ebpf", - "security", - "monitoring", - "tetragon", - "cilium", - "runtime", - "observability" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ebpf-security-monitoring" - }, - { - "name": "implementing-email-sandboxing-with-proofpoint", - "description": "Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "sandboxing", - "proofpoint" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-email-sandboxing-with-proofpoint" - }, - { - "name": "implementing-end-to-end-encryption-for-messaging", - "description": "End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "encryption", - "e2e", - "messaging", - "signal-protocol" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-end-to-end-encryption-for-messaging" - }, - { - "name": "implementing-endpoint-detection-with-wazuh", - "description": "Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule XML creation, alert querying via the Wazuh REST API, and automated response actions.", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "siem", - "xdr", - "wazuh", - "endpoint-detection", - "custom-rules", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-endpoint-detection-with-wazuh" - }, - { - "name": "implementing-endpoint-dlp-controls", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "DLP", - "data-loss-prevention", - "data-protection", - "content-inspection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-endpoint-dlp-controls" - }, - { - "name": "implementing-envelope-encryption-with-aws-kms", - "description": "Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself is encrypted with a master key (KEK) managed by AWS KMS. This approach allows encrypting", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "encryption", - "aws", - "kms", - "envelope-encryption", - "key-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-envelope-encryption-with-aws-kms" - }, - { - "name": "implementing-epss-score-for-vulnerability-prioritization", - "description": "Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "epss", - "vulnerability-prioritization", - "first", - "exploit-prediction", - "cvss", - "risk-based", - "machine-learning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-epss-score-for-vulnerability-prioritization" - }, - { - "name": "implementing-file-integrity-monitoring-with-aide", - "description": "Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "aide", - "file-integrity", - "hids", - "baseline", - "intrusion-detection", - "compliance", - "linux-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-file-integrity-monitoring-with-aide" - }, - { - "name": "implementing-fuzz-testing-in-cicd-with-aflplusplus", - "description": "Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "aflplusplus", - "fuzz-testing", - "cicd", - "coverage-guided-fuzzing", - "security-testing", - "vulnerability-discovery", - "afl" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-fuzz-testing-in-cicd-with-aflplusplus" - }, - { - "name": "implementing-gcp-binary-authorization", - "description": "Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested container images are deployed to Google Kubernetes Engine and Cloud Run.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "gcp", - "binary-authorization", - "container-security", - "supply-chain", - "gke", - "cloud-run", - "attestation", - "software-integrity" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-gcp-binary-authorization" - }, - { - "name": "implementing-gcp-organization-policy-constraints", - "description": "Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "gcp", - "organization-policy", - "constraints", - "governance", - "compliance", - "cloud-security", - "resource-manager" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-gcp-organization-policy-constraints" - }, - { - "name": "implementing-gcp-vpc-firewall-rules", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "gcp", - "vpc", - "firewall-rules", - "network-security", - "segmentation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-gcp-vpc-firewall-rules" - }, - { - "name": "implementing-gdpr-data-protection-controls", - "description": "The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing the collection, processing, storage, and transfer of personal data. This skill cover", - "domain": "cybersecurity", - "subdomain": "compliance-governance", - "tags": [ - "compliance", - "governance", - "gdpr", - "privacy", - "data-protection", - "eu-regulation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-gdpr-data-protection-controls" - }, - { - "name": "implementing-gdpr-data-subject-access-request", - "description": ">", - "domain": "cybersecurity", - "subdomain": "privacy-compliance", - "tags": [ - "gdpr", - "dsar", - "privacy", - "pii-discovery", - "data-subject-rights", - "compliance", - "article-15" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-gdpr-data-subject-access-request" - }, - { - "name": "implementing-github-advanced-security-for-code-scanning", - "description": "Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "github-advanced-security", - "codeql", - "sast", - "code-scanning", - "supply-chain-security", - "devops-security", - "shift-left" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-github-advanced-security-for-code-scanning" - }, - { - "name": "implementing-google-workspace-admin-security", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "Google-Workspace", - "admin-security", - "MFA", - "DMARC", - "DLP", - "OAuth", - "cloud-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-google-workspace-admin-security" - }, - { - "name": "implementing-google-workspace-phishing-protection", - "description": "Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "google-workspace", - "gmail", - "phishing", - "email-security", - "safe-browsing", - "anti-spoofing", - "admin-console" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-google-workspace-phishing-protection" - }, - { - "name": "implementing-google-workspace-sso-configuration", - "description": "Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "google-workspace", - "sso", - "saml", - "identity-provider", - "authentication", - "federation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-google-workspace-sso-configuration" - }, - { - "name": "implementing-hardware-security-key-authentication", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-and-access-management", - "tags": [ - "FIDO2", - "WebAuthn", - "hardware-security-key", - "YubiKey", - "passkeys", - "passwordless-authentication", - "CTAP2" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-hardware-security-key-authentication" - }, - { - "name": "implementing-hashicorp-vault-dynamic-secrets", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "HashiCorp-Vault", - "dynamic-secrets", - "secrets-management", - "database-credentials", - "AWS-secrets", - "PKI" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-hashicorp-vault-dynamic-secrets" - }, - { - "name": "implementing-honeypot-for-ransomware-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "detection", - "honeypot", - "canary", - "defense", - "deception" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-honeypot-for-ransomware-detection" - }, - { - "name": "implementing-honeytokens-for-breach-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "honeytokens", - "for", - "breach" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-honeytokens-for-breach-detection" - }, - { - "name": "implementing-ics-firewall-with-tofino", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "firewall", - "tofino", - "belden", - "deep-packet-inspection", - "network-security", - "scada" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ics-firewall-with-tofino" - }, - { - "name": "implementing-identity-governance-with-sailpoint", - "description": "Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "governance", - "sailpoint", - "iga", - "lifecycle" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-identity-governance-with-sailpoint" - }, - { - "name": "implementing-identity-verification-for-zero-trust", - "description": "Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based conditional access, and identity governance aligned with the CISA Zero Trust Maturity Model.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "identity", - "authentication", - "mfa", - "identity-verification" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-identity-verification-for-zero-trust" - }, - { - "name": "implementing-iec-62443-security-zones", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "network-segmentation", - "zones-conduits" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-iec-62443-security-zones" - }, - { - "name": "implementing-image-provenance-verification-with-cosign", - "description": "Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations, and Kubernetes admission enforcement.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "cosign", - "sigstore", - "image-signing", - "supply-chain", - "provenance", - "keyless", - "slsa" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-image-provenance-verification-with-cosign" - }, - { - "name": "implementing-immutable-backup-with-restic", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "restic", - "backup", - "immutable", - "ransomware", - "s3", - "object-lock", - "worm", - "recovery" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-immutable-backup-with-restic" - }, - { - "name": "implementing-infrastructure-as-code-security-scanning", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "iac-security", - "checkov", - "tfsec", - "terraform", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-infrastructure-as-code-security-scanning" - }, - { - "name": "implementing-iso-27001-information-security-management", - "description": "ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete", - "domain": "cybersecurity", - "subdomain": "compliance-governance", - "tags": [ - "compliance", - "governance", - "iso27001", - "isms", - "risk-management", - "certification" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-iso-27001-information-security-management" - }, - { - "name": "implementing-just-in-time-access-provisioning", - "description": "Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "jit", - "provisioning", - "zero-trust", - "least-privilege" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-just-in-time-access-provisioning" - }, - { - "name": "implementing-jwt-signing-and-verification", - "description": "JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization in web applications. This skill covers implementing secure JWT signing with HMAC-SHA256", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "jwt", - "authentication", - "token-security", - "digital-signatures" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-jwt-signing-and-verification" - }, - { - "name": "implementing-kubernetes-network-policy-with-calico", - "description": "Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod communication.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "calico", - "kubernetes", - "network-policy", - "network-segmentation", - "zero-trust", - "cni" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-kubernetes-network-policy-with-calico" - }, - { - "name": "implementing-kubernetes-pod-security-standards", - "description": "Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted -- enforced by the Pod Security Admission (PSA) controller built into Kubernetes 1.25+. PS", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "kubernetes", - "security", - "pod-security", - "PSA" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-kubernetes-pod-security-standards" - }, - { - "name": "implementing-llm-guardrails-for-security", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ai-security", - "tags": [ - "LLM-guardrails", - "NeMo-Guardrails", - "input-validation", - "output-filtering", - "AI-safety" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-llm-guardrails-for-security" - }, - { - "name": "implementing-log-forwarding-with-fluentd", - "description": "Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed infrastructure", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "fluentd", - "fluent-bit", - "log-aggregation", - "log-forwarding", - "siem", - "centralized-logging", - "observability" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-log-forwarding-with-fluentd" - }, - { - "name": "implementing-log-integrity-with-blockchain", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "log", - "integrity", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-log-integrity-with-blockchain" - }, - { - "name": "implementing-memory-protection-with-dep-aslr", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "memory-protection", - "DEP", - "ASLR", - "exploit-mitigation", - "CFG" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-memory-protection-with-dep-aslr" - }, - { - "name": "implementing-microsegmentation-with-guardicore", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "microsegmentation", - "guardicore", - "akamai", - "zero-trust", - "east-west-traffic", - "network-segmentation", - "lateral-movement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-microsegmentation-with-guardicore" - }, - { - "name": "implementing-mimecast-targeted-attack-protection", - "description": "Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "mimecast", - "email-security", - "targeted-threat-protection", - "url-protect", - "impersonation", - "attachment-sandboxing", - "phishing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-mimecast-targeted-attack-protection" - }, - { - "name": "implementing-mitre-attack-coverage-mapping", - "description": "Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure SOC detection maturity against adversary techniques.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "mitre-attack", - "detection-coverage", - "gap-analysis", - "attack-navigator", - "soc", - "detection-engineering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-mitre-attack-coverage-mapping" - }, - { - "name": "implementing-mobile-application-management", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "mam", - "enterprise-security", - "owasp-mobile" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-mobile-application-management" - }, - { - "name": "implementing-mtls-for-zero-trust-services", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "mtls", - "for", - "zero" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-mtls-for-zero-trust-services" - }, - { - "name": "implementing-nerc-cip-compliance-controls", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "nerc-cip", - "power-grid", - "compliance" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-nerc-cip-compliance-controls" - }, - { - "name": "implementing-network-access-control", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "nac", - "802.1x", - "radius", - "packetfence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-access-control" - }, - { - "name": "implementing-network-access-control-with-cisco-ise", - "description": "Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass, posture assessment, and dynamic VLAN assignment for network access control.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "cisco-ise", - "802.1x", - "nac", - "radius", - "network-access-control", - "posture-assessment", - "mab", - "dynamic-vlan", - "eap-tls" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-access-control-with-cisco-ise" - }, - { - "name": "implementing-network-deception-with-honeypots", - "description": "Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.", - "domain": "cybersecurity", - "subdomain": "deception-technology", - "tags": [ - "deception", - "honeypot", - "opencanary", - "cowrie", - "t-pot", - "detection", - "lateral-movement", - "network-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-deception-with-honeypots" - }, - { - "name": "implementing-network-intrusion-prevention-with-suricata", - "description": "Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets, and inline traffic inspection for real-time threat blocking.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "suricata", - "ips", - "ids", - "intrusion-prevention", - "network-security", - "emerging-threats", - "rule-management", - "nfqueue", - "inline-mode" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-intrusion-prevention-with-suricata" - }, - { - "name": "implementing-network-policies-for-kubernetes", - "description": "Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plu", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "kubernetes", - "security", - "network-policies", - "microsegmentation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-policies-for-kubernetes" - }, - { - "name": "implementing-network-segmentation-for-ot", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "network-segmentation", - "vlan" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-segmentation-for-ot" - }, - { - "name": "implementing-network-segmentation-with-firewall-zones", - "description": "Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-segmentation", - "firewall-zones", - "vlan", - "microsegmentation", - "lateral-movement", - "zero-trust", - "acl", - "east-west-traffic", - "pci-dss" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-segmentation-with-firewall-zones" - }, - { - "name": "implementing-network-traffic-analysis-with-arkime", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "implementing", - "network", - "traffic", - "analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-traffic-analysis-with-arkime" - }, - { - "name": "implementing-network-traffic-baselining", - "description": "Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score anomaly detection, and hourly/daily traffic pattern profiling", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-network-traffic-baselining" - }, - { - "name": "implementing-next-generation-firewall-with-palo-alto", - "description": "Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies, SSL decryption, and threat prevention profiles for enterprise network security.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "palo-alto", - "ngfw", - "firewall", - "app-id", - "user-id", - "threat-prevention", - "network-security", - "ssl-decryption", - "zone-protection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-next-generation-firewall-with-palo-alto" - }, - { - "name": "implementing-opa-gatekeeper-for-policy-enforcement", - "description": "Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper policy library.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "opa", - "gatekeeper", - "kubernetes", - "admission-control", - "policy-as-code", - "rego" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-opa-gatekeeper-for-policy-enforcement" - }, - { - "name": "implementing-ot-incident-response-playbook", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "incident-response", - "playbook", - "sans", - "iec62443", - "nist", - "safety-critical" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ot-incident-response-playbook" - }, - { - "name": "implementing-ot-network-traffic-analysis-with-nozomi", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "nozomi", - "guardian", - "network-monitoring", - "asset-visibility", - "anomaly-detection", - "ndr" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ot-network-traffic-analysis-with-nozomi" - }, - { - "name": "implementing-pam-for-database-access", - "description": "Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "privileged-access", - "pam", - "database", - "dba" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-pam-for-database-access" - }, - { - "name": "implementing-passwordless-auth-with-microsoft-entra", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "passwordless", - "FIDO2", - "passkeys", - "Microsoft-Entra", - "Windows-Hello", - "phishing-resistant-MFA" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-passwordless-auth-with-microsoft-entra" - }, - { - "name": "implementing-passwordless-authentication-with-fido2", - "description": "Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn API integration, FIDO2 server configuration, passkey enrollment, biometric authentica", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "authentication", - "fido2", - "webauthn", - "passwordless" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-passwordless-authentication-with-fido2" - }, - { - "name": "implementing-patch-management-for-ot-systems", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "patch-management", - "vulnerability-management" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-patch-management-for-ot-systems" - }, - { - "name": "implementing-patch-management-workflow", - "description": "Patch management is the systematic process of identifying, testing, deploying, and verifying software updates to remediate vulnerabilities across an organization's IT infrastructure. An effective patc", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "patch-management", - "wsus", - "sccm", - "ansible", - "risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-patch-management-workflow" - }, - { - "name": "implementing-pci-dss-compliance-controls", - "description": "PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements", - "domain": "cybersecurity", - "subdomain": "compliance-governance", - "tags": [ - "compliance", - "governance", - "pci-dss", - "payment-security", - "cardholder-data" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-pci-dss-compliance-controls" - }, - { - "name": "implementing-pod-security-admission-controller", - "description": "Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace level using built-in admission controller.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "kubernetes", - "pod-security-admission", - "psa", - "pod-security-standards", - "admission-controller" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-pod-security-admission-controller" - }, - { - "name": "implementing-policy-as-code-with-open-policy-agent", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "opa", - "gatekeeper", - "policy-as-code", - "kubernetes", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-policy-as-code-with-open-policy-agent" - }, - { - "name": "implementing-privileged-access-management-with-cyberark", - "description": "Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enterprise infrastructure. This skill covers vault architecture, session isolation, c", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "privileged-access", - "pam", - "cyberark" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-privileged-access-management-with-cyberark" - }, - { - "name": "implementing-privileged-access-workstation", - "description": "Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration with CyberArk or BeyondTrust for secure administrative operations.", - "domain": "cybersecurity", - "subdomain": "identity-and-access-management", - "tags": [ - "privileged-access", - "PAW", - "zero-trust", - "device-hardening", - "CyberArk", - "BeyondTrust", - "just-in-time-access" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-privileged-access-workstation" - }, - { - "name": "implementing-privileged-session-monitoring", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "pam", - "session-monitoring", - "privileged-access", - "audit-logging" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-privileged-session-monitoring" - }, - { - "name": "implementing-proofpoint-email-security-gateway", - "description": "Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware, BEC, and spam before messages reach user inboxes.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "email-security", - "proofpoint", - "secure-email-gateway", - "phishing", - "anti-spam", - "anti-malware", - "bec", - "email-filtering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-proofpoint-email-security-gateway" - }, - { - "name": "implementing-purdue-model-network-segmentation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "purdue-model", - "network-segmentation", - "iec62443", - "defense-in-depth", - "dmz", - "scada" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-purdue-model-network-segmentation" - }, - { - "name": "implementing-ransomware-backup-strategy", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "backup", - "incident-response", - "defense", - "recovery", - "immutable-storage" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ransomware-backup-strategy" - }, - { - "name": "implementing-ransomware-kill-switch-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "kill-switch", - "mutex", - "detection", - "WannaCry", - "malware-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ransomware-kill-switch-detection" - }, - { - "name": "implementing-rapid7-insightvm-for-scanning", - "description": "Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "rapid7", - "insightvm", - "vulnerability-scanning", - "nexpose", - "scan-engine", - "asset-discovery", - "authenticated-scanning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-rapid7-insightvm-for-scanning" - }, - { - "name": "implementing-rbac-hardening-for-kubernetes", - "description": "Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings, eliminating cluster-admin sprawl, and integrating external identity providers.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "kubernetes", - "rbac", - "access-control", - "least-privilege", - "security-hardening", - "iam", - "oidc", - "service-accounts" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-rbac-hardening-for-kubernetes" - }, - { - "name": "implementing-rsa-key-pair-management", - "description": "RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating,", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "rsa", - "key-management", - "pki", - "asymmetric-encryption" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-rsa-key-pair-management" - }, - { - "name": "implementing-runtime-application-self-protection", - "description": "Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application runtime, covering OpenRASP integration, attack pattern detection, and security policy configuration for Java and Python web applications.", - "domain": "cybersecurity", - "subdomain": "application-security", - "tags": [ - "rasp", - "application-security", - "openrasp", - "runtime-protection", - "sqli", - "xss", - "rce", - "devsecops" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-runtime-application-self-protection" - }, - { - "name": "implementing-runtime-security-with-tetragon", - "description": "Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon for kernel-level threat detection and policy enforcement.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "tetragon", - "ebpf", - "runtime-security", - "kubernetes", - "cilium", - "container-security", - "observability", - "kernel-security", - "cncf" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-runtime-security-with-tetragon" - }, - { - "name": "implementing-saml-sso-with-okta", - "description": "Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end configuration of SAML authentication flows, attribute mapping, certificate management, a", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "authentication", - "saml", - "sso", - "okta" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-saml-sso-with-okta" - }, - { - "name": "implementing-scim-provisioning-with-okta", - "description": "Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "scim", - "okta", - "provisioning", - "identity-management", - "automation", - "sso", - "lifecycle-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-scim-provisioning-with-okta" - }, - { - "name": "implementing-secret-scanning-with-gitleaks", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "secret-scanning", - "gitleaks", - "pre-commit", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-secret-scanning-with-gitleaks" - }, - { - "name": "implementing-secrets-management-with-vault", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "hashicorp-vault", - "secrets-management", - "dynamic-secrets", - "credential-rotation", - "zero-trust" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-secrets-management-with-vault" - }, - { - "name": "implementing-secrets-scanning-in-ci-cd", - "description": "Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "secrets-scanning", - "gitleaks", - "trufflehog", - "ci-cd" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-secrets-scanning-in-ci-cd" - }, - { - "name": "implementing-security-chaos-engineering", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "security", - "chaos", - "engineering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-security-chaos-engineering" - }, - { - "name": "implementing-security-information-sharing-with-stix2", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "stix", - "taxii", - "threat-sharing", - "intelligence-exchange" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-security-information-sharing-with-stix2" - }, - { - "name": "implementing-security-monitoring-with-datadog", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "siem", - "monitoring", - "datadog", - "cloud-security", - "log-analysis", - "detection-rules", - "CSM", - "workload-protection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-security-monitoring-with-datadog" - }, - { - "name": "implementing-semgrep-for-custom-sast-rules", - "description": "Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "semgrep", - "sast", - "static-analysis", - "custom-rules", - "devsecops", - "code-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-semgrep-for-custom-sast-rules" - }, - { - "name": "implementing-siem-correlation-rules-for-apt", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "siem", - "correlation", - "rules" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-siem-correlation-rules-for-apt" - }, - { - "name": "implementing-siem-use-case-tuning", - "description": "Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-siem-use-case-tuning" - }, - { - "name": "implementing-siem-use-cases-for-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "siem", - "use-cases", - "detection-engineering", - "mitre-attack", - "splunk", - "elastic", - "sentinel" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-siem-use-cases-for-detection" - }, - { - "name": "implementing-sigstore-for-software-signing", - "description": ">", - "domain": "cybersecurity", - "subdomain": "supply-chain-security", - "tags": [ - "sigstore", - "cosign", - "rekor", - "fulcio", - "software-signing", - "supply-chain", - "keyless-signing", - "OIDC", - "transparency-log" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-sigstore-for-software-signing" - }, - { - "name": "implementing-soar-automation-with-phantom", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "soar", - "phantom", - "splunk-soar", - "automation", - "playbook", - "orchestration", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-soar-automation-with-phantom" - }, - { - "name": "implementing-soar-playbook-for-phishing", - "description": "Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger playbooks", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "soar", - "splunk-phantom", - "phishing", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-soar-playbook-for-phishing" - }, - { - "name": "implementing-soar-playbook-with-palo-alto-xsoar", - "description": "Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC tools and reduce manual response time.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "xsoar", - "soar", - "palo-alto", - "playbook", - "automation", - "incident-response", - "orchestration", - "cortex" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-soar-playbook-with-palo-alto-xsoar" - }, - { - "name": "implementing-stix-taxii-feed-integration", - "description": "STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "taxii", - "feed-integration", - "oasis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-stix-taxii-feed-integration" - }, - { - "name": "implementing-supply-chain-security-with-in-toto", - "description": "Implement software supply chain integrity verification for container builds using the in-toto framework to create cryptographically signed attestations across CI/CD pipeline steps.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "in-toto", - "supply-chain-security", - "attestation", - "slsa", - "sigstore", - "container-security", - "cncf", - "provenance", - "sbom" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-supply-chain-security-with-in-toto" - }, - { - "name": "implementing-syslog-centralization-with-rsyslog", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "implementing", - "syslog", - "centralization", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-syslog-centralization-with-rsyslog" - }, - { - "name": "implementing-taxii-server-with-opentaxii", - "description": "Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using the TAXII 2.1 protocol for automated indicator exchange between organizations.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "taxii", - "stix", - "opentaxii", - "threat-sharing", - "cti", - "indicator-exchange", - "taxii-server", - "automation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-taxii-server-with-opentaxii" - }, - { - "name": "implementing-threat-intelligence-lifecycle-management", - "description": "Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis, dissemination, and feedback stages to produce actionable intelligence for organizational decision-making.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "lifecycle", - "intelligence-cycle", - "collection", - "analysis", - "dissemination", - "strategic-intelligence", - "cti-program" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-threat-intelligence-lifecycle-management" - }, - { - "name": "implementing-threat-modeling-with-mitre-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "mitre-attack", - "threat-modeling", - "ttp", - "detection-coverage", - "attack-navigator", - "risk-assessment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-threat-modeling-with-mitre-attack" - }, - { - "name": "implementing-ticketing-system-for-incidents", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "ticketing", - "servicenow", - "jira", - "thehive", - "incident-management", - "sla", - "workflow" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-ticketing-system-for-incidents" - }, - { - "name": "implementing-usb-device-control-policy", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "USB-control", - "device-control", - "data-loss-prevention", - "removable-media" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-usb-device-control-policy" - }, - { - "name": "implementing-velociraptor-for-ir-collection", - "description": "Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response using VQL queries, hunts, and pre-built artifact packs across Windows, Linux, and macOS environments.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "velociraptor", - "dfir", - "endpoint-collection", - "vql", - "forensic-artifacts", - "rapid7", - "threat-hunting", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-velociraptor-for-ir-collection" - }, - { - "name": "implementing-vulnerability-management-with-greenbone", - "description": "Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "openvas", - "greenbone", - "vulnerability-scanning", - "gmp", - "python-gvm", - "vulnerability-management", - "compliance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-vulnerability-management-with-greenbone" - }, - { - "name": "implementing-vulnerability-remediation-sla", - "description": "Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "cve", - "sla", - "remediation", - "patch-management", - "risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-vulnerability-remediation-sla" - }, - { - "name": "implementing-vulnerability-sla-breach-alerting", - "description": "Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-sla", - "remediation-tracking", - "alerting", - "compliance", - "sla-breach", - "vulnerability-management", - "escalation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-vulnerability-sla-breach-alerting" - }, - { - "name": "implementing-web-application-logging-with-modsecurity", - "description": ">", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "modsecurity", - "waf", - "crs", - "owasp", - "web-security", - "audit-logging", - "rule-tuning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-web-application-logging-with-modsecurity" - }, - { - "name": "implementing-zero-knowledge-proof-for-authentication", - "description": "Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "zero-knowledge-proof", - "authentication", - "privacy", - "zkp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-knowledge-proof-for-authentication" - }, - { - "name": "implementing-zero-standing-privilege-with-cyberark", - "description": "Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "cyberark", - "zero-standing-privilege", - "jit-access", - "pam", - "cloud-security", - "least-privilege" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-standing-privilege-with-cyberark" - }, - { - "name": "implementing-zero-trust-dns-with-nextdns", - "description": "Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "dns", - "nextdns", - "dns-over-https", - "dns-over-tls", - "threat-blocking", - "dns-filtering", - "privacy", - "encrypted-dns" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-dns-with-nextdns" - }, - { - "name": "implementing-zero-trust-for-saas-applications", - "description": ">", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "saas-security", - "casb", - "sspm", - "conditional-access", - "oauth-governance", - "session-controls" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-for-saas-applications" - }, - { - "name": "implementing-zero-trust-in-cloud", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "zero-trust", - "beyondcorp", - "identity-aware-proxy", - "micro-segmentation", - "continuous-verification" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-in-cloud" - }, - { - "name": "implementing-zero-trust-network-access", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "zero-trust", - "ztna", - "beyondcorp", - "identity-aware-proxy", - "micro-segmentation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-network-access" - }, - { - "name": "implementing-zero-trust-network-access-with-zscaler", - "description": "Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based, context-aware access to private applications through the Zscaler Zero Trust Exchange.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "ztna", - "zscaler", - "network-access", - "vpn-replacement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-network-access-with-zscaler" - }, - { - "name": "implementing-zero-trust-with-beyondcorp", - "description": "Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware access policies, device trust validation, and Access Context Manager to enforce identity and posture-based access to GCP resources and internal applications.", - "domain": "cybersecurity", - "subdomain": "zero-trust", - "tags": [ - "zero-trust", - "beyondcorp", - "google-cloud", - "iap", - "context-aware-access", - "device-trust", - "identity" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-with-beyondcorp" - }, - { - "name": "implementing-zero-trust-with-hashicorp-boundary", - "description": "Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential brokering, session recording, and Vault integration.", - "domain": "cybersecurity", - "subdomain": "zero-trust-architecture", - "tags": [ - "zero-trust", - "hashicorp", - "boundary", - "privileged-access", - "vault", - "identity-aware-proxy", - "session-recording", - "just-in-time-access" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/implementing-zero-trust-with-hashicorp-boundary" - }, - { - "name": "integrating-dast-with-owasp-zap-in-pipeline", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "dast", - "owasp-zap", - "dynamic-testing", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/integrating-dast-with-owasp-zap-in-pipeline" - }, - { - "name": "integrating-sast-into-github-actions-pipeline", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "sast", - "codeql", - "semgrep", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/integrating-sast-into-github-actions-pipeline" - }, - { - "name": "intercepting-mobile-traffic-with-burpsuite", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "burp-suite", - "traffic-interception", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/intercepting-mobile-traffic-with-burpsuite" - }, - { - "name": "investigating-insider-threat-indicators", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "insider-threat", - "data-exfiltration", - "dlp", - "ueba", - "investigation", - "hr-correlation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/investigating-insider-threat-indicators" - }, - { - "name": "investigating-phishing-email-incident", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "phishing", - "incident-response", - "email-security", - "splunk", - "defender", - "sandbox" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/investigating-phishing-email-incident" - }, - { - "name": "investigating-ransomware-attack-artifacts", - "description": "Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption scope, and recovery options.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "ransomware", - "malware-analysis", - "incident-response", - "encryption-recovery", - "evidence-collection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/investigating-ransomware-attack-artifacts" - }, - { - "name": "managing-cloud-identity-with-okta", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "okta", - "cloud-identity", - "single-sign-on", - "phishing-resistant-mfa", - "identity-lifecycle" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/managing-cloud-identity-with-okta" - }, - { - "name": "managing-intelligence-lifecycle", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "CTI", - "intelligence-lifecycle", - "PIR", - "NIST-SP-800-150", - "threat-intelligence-program", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/managing-intelligence-lifecycle" - }, - { - "name": "mapping-mitre-attack-techniques", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "MITRE-ATT&CK", - "ATT&CK-Navigator", - "Sigma", - "D3FEND", - "TTP", - "detection-engineering", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/mapping-mitre-attack-techniques" - }, - { - "name": "monitoring-darkweb-sources", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "dark-web", - "OSINT", - "credential-monitoring", - "ransomware-leaks", - "Recorded-Future", - "SpiderFoot", - "CTI" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/monitoring-darkweb-sources" - }, - { - "name": "monitoring-scada-modbus-traffic-anomalies", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-security", - "tags": [ - "Modbus-TCP", - "SCADA", - "ICS-security", - "deep-packet-inspection", - "anomaly-detection", - "OT-monitoring" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/monitoring-scada-modbus-traffic-anomalies" - }, - { - "name": "performing-access-recertification-with-saviynt", - "description": "Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user entitlements, revoke excessive access, and maintain compliance with SOX, SOC2, and HIPAA.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "saviynt", - "access-recertification", - "identity-governance", - "compliance", - "certification-campaign", - "iga" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-access-recertification-with-saviynt" - }, - { - "name": "performing-access-review-and-certification", - "description": "Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "access-review", - "certification", - "compliance", - "governance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-access-review-and-certification" - }, - { - "name": "performing-active-directory-bloodhound-analysis", - "description": "Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised users to Domain Admin.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "bloodhound", - "active-directory", - "sharphound", - "attack-path", - "ad-enumeration", - "graph-theory", - "privilege-escalation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-active-directory-bloodhound-analysis" - }, - { - "name": "performing-active-directory-compromise-investigation", - "description": "Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy changes, and Kerberos ticket anomalies to identify attacker persistence and lateral movement paths.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "active-directory", - "compromise-investigation", - "identity-forensics", - "kerberos", - "lateral-movement", - "dfir", - "ntds-dit", - "golden-ticket" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-active-directory-compromise-investigation" - }, - { - "name": "performing-active-directory-forest-trust-attack", - "description": "Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.", - "domain": "cybersecurity", - "subdomain": "red-team", - "tags": [ - "active-directory", - "forest-trust", - "impacket", - "SID-filtering", - "kerberos", - "red-team", - "trust-enumeration" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-active-directory-forest-trust-attack" - }, - { - "name": "performing-active-directory-penetration-test", - "description": "Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "active-directory", - "BloodHound", - "Kerberoasting", - "Impacket", - "DCSync", - "ADCS", - "domain-compromise", - "privilege-escalation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-active-directory-penetration-test" - }, - { - "name": "performing-active-directory-vulnerability-assessment", - "description": "Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations, privilege escalation paths, and attack vectors.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "active-directory", - "pingcastle", - "bloodhound", - "purple-knight", - "ad-security", - "privilege-escalation", - "ldap", - "kerberos" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-active-directory-vulnerability-assessment" - }, - { - "name": "performing-adversary-in-the-middle-phishing-detection", - "description": "Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "aitm", - "evilproxy", - "evilginx", - "phishing", - "mfa-bypass", - "session-hijacking", - "reverse-proxy", - "credential-theft" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-adversary-in-the-middle-phishing-detection" - }, - { - "name": "performing-agentless-vulnerability-scanning", - "description": "Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and API-based discovery to assess systems without installing endpoint agents.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "agentless-scanning", - "vulnerability-assessment", - "cloud-security", - "ssh", - "wmi", - "snapshot-analysis", - "vuls", - "tenable" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-agentless-vulnerability-scanning" - }, - { - "name": "performing-ai-driven-osint-correlation", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ai-driven-osint-correlation" - }, - { - "name": "performing-alert-triage-with-elastic-siem", - "description": "Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security alerts for SOC operations.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "elastic", - "siem", - "alert-triage", - "soc", - "elastic-security", - "detection", - "esql", - "kibana" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-alert-triage-with-elastic-siem" - }, - { - "name": "performing-android-app-static-analysis-with-mobsf", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "mobsf", - "static-analysis", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-android-app-static-analysis-with-mobsf" - }, - { - "name": "performing-api-fuzzing-with-restler", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "fuzzing", - "restler", - "automated-testing", - "openapi", - "stateful-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-api-fuzzing-with-restler" - }, - { - "name": "performing-api-inventory-and-discovery", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "api-discovery", - "shadow-api", - "inventory", - "attack-surface" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-api-inventory-and-discovery" - }, - { - "name": "performing-api-rate-limiting-bypass", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "rate-limiting", - "throttling", - "brute-force", - "dos-prevention" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-api-rate-limiting-bypass" - }, - { - "name": "performing-api-security-testing-with-postman", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "postman", - "owasp", - "automated-testing", - "security-validation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-api-security-testing-with-postman" - }, - { - "name": "performing-arp-spoofing-attack-simulation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "arp-spoofing", - "mitm", - "ettercap", - "layer2-attack" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-arp-spoofing-attack-simulation" - }, - { - "name": "performing-asset-criticality-scoring-for-vulns", - "description": "Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based on business impact, data sensitivity, and operational importance.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "asset-criticality", - "vulnerability-prioritization", - "risk-management", - "cmdb", - "business-impact", - "crown-jewels", - "asset-classification" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-asset-criticality-scoring-for-vulns" - }, - { - "name": "performing-authenticated-scan-with-openvas", - "description": "Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "openvas", - "gvm", - "authenticated-scan", - "vulnerability-scanning", - "greenbone", - "network-security", - "credentialed-scan" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-authenticated-scan-with-openvas" - }, - { - "name": "performing-authenticated-vulnerability-scan", - "description": "Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "cve", - "authenticated-scanning", - "credentials", - "nessus", - "qualys", - "risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-authenticated-vulnerability-scan" - }, - { - "name": "performing-automated-malware-analysis-with-cape", - "description": "Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction, configuration parsing, and anti-evasion capabilities.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "cape", - "sandbox", - "automated-analysis", - "malware-analysis", - "behavioral-analysis", - "payload-extraction", - "cuckoo" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-automated-malware-analysis-with-cape" - }, - { - "name": "performing-aws-account-enumeration-with-scout-suite", - "description": "Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify misconfigurations, and generate actionable security reports.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "aws", - "scoutsuite", - "cloud-security", - "enumeration", - "misconfiguration", - "security-audit", - "cspm", - "nccgroup" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-aws-account-enumeration-with-scout-suite" - }, - { - "name": "performing-aws-privilege-escalation-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "privilege-escalation", - "iam", - "pacu", - "offensive-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-aws-privilege-escalation-assessment" - }, - { - "name": "performing-bandwidth-throttling-attack-simulation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "bandwidth-throttling", - "qos", - "traffic-shaping", - "network-resilience" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-bandwidth-throttling-attack-simulation" - }, - { - "name": "performing-binary-exploitation-analysis", - "description": ">", - "domain": "cybersecurity", - "subdomain": "offensive-security", - "tags": [ - "binary-exploitation", - "pwntools", - "rop-chains", - "buffer-overflow" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-binary-exploitation-analysis" - }, - { - "name": "performing-blind-ssrf-exploitation", - "description": "Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "blind-ssrf", - "ssrf", - "out-of-band", - "burp-collaborator", - "cloud-metadata", - "internal-network", - "oob-detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-blind-ssrf-exploitation" - }, - { - "name": "performing-bluetooth-security-assessment", - "description": "Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities", - "domain": "cybersecurity", - "subdomain": "wireless-security", - "tags": [ - "bluetooth", - "ble", - "gatt", - "wireless-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-bluetooth-security-assessment" - }, - { - "name": "performing-brand-monitoring-for-impersonation", - "description": "Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect phishing campaigns, fake sites, and unauthorized brand usage targeting your organization.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "brand-monitoring", - "impersonation", - "phishing", - "domain-monitoring", - "social-media", - "brand-protection", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-brand-monitoring-for-impersonation" - }, - { - "name": "performing-clickjacking-attack-test", - "description": "Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting proof-of-concept overlay attacks during authorized security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "clickjacking", - "ui-redressing", - "web-security", - "owasp", - "x-frame-options" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-clickjacking-attack-test" - }, - { - "name": "performing-cloud-asset-inventory-with-cartography", - "description": "Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security graph of infrastructure assets, IAM permissions, and attack paths across AWS, GCP, and Azure.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cartography", - "neo4j", - "cloud-security", - "asset-inventory", - "attack-path", - "graph-database", - "cncf", - "lyft" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-asset-inventory-with-cartography" - }, - { - "name": "performing-cloud-forensics-investigation", - "description": "Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "cloud-forensics", - "aws", - "azure", - "gcp", - "incident-response", - "log-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-forensics-investigation" - }, - { - "name": "performing-cloud-forensics-with-aws-cloudtrail", - "description": "Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "cloudtrail", - "forensics", - "incident-response", - "dfir", - "boto3", - "s3" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-forensics-with-aws-cloudtrail" - }, - { - "name": "performing-cloud-incident-containment-procedures", - "description": "Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking credentials, preserving forensic evidence, and applying security group restrictions to prevent lateral movement.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "cloud-security", - "incident-containment", - "aws", - "azure", - "gcp", - "cloud-forensics", - "credential-revocation", - "network-isolation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-incident-containment-procedures" - }, - { - "name": "performing-cloud-log-forensics-with-athena", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud", - "forensics", - "athena", - "aws", - "cloudtrail", - "vpc-flow-logs", - "s3", - "alb" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-log-forensics-with-athena" - }, - { - "name": "performing-cloud-native-forensics-with-falco", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "performing", - "cloud", - "native", - "forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-native-forensics-with-falco" - }, - { - "name": "performing-cloud-penetration-testing-with-pacu", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "pacu", - "penetration-testing", - "offensive-security", - "iam-exploitation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-penetration-testing-with-pacu" - }, - { - "name": "performing-cloud-storage-forensic-acquisition", - "description": "Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox, and Box by collecting both API-based remote data and local sync client artifacts from endpoint devices.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "cloud-forensics", - "google-drive", - "onedrive", - "dropbox", - "box", - "cloud-acquisition", - "api-forensics", - "sync-client", - "endpoint-artifacts", - "magnet-axiom" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cloud-storage-forensic-acquisition" - }, - { - "name": "performing-container-escape-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "performing", - "container", - "escape", - "detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-container-escape-detection" - }, - { - "name": "performing-container-image-hardening", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "container-hardening", - "docker", - "cis-benchmark", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-container-image-hardening" - }, - { - "name": "performing-container-security-scanning-with-trivy", - "description": "Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "trivy", - "container-security", - "vulnerability-scanning", - "sbom", - "docker", - "kubernetes", - "devsecops", - "supply-chain" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-container-security-scanning-with-trivy" - }, - { - "name": "performing-content-security-policy-bypass", - "description": "Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations, JSONP endpoints, unsafe directives, and policy injection techniques.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "csp-bypass", - "content-security-policy", - "xss", - "script-injection", - "nonce-bypass", - "jsonp", - "policy-misconfiguration" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-content-security-policy-bypass" - }, - { - "name": "performing-credential-access-with-lazagne", - "description": "Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords from browsers, databases, system vaults, and applications during authorized red team operations.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "credential-access", - "lazagne", - "post-exploitation", - "password-recovery", - "credential-dumping", - "lateral-movement" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-credential-access-with-lazagne" - }, - { - "name": "performing-cryptographic-audit-of-application", - "description": "A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "audit", - "security-review", - "compliance", - "vulnerability-assessment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cryptographic-audit-of-application" - }, - { - "name": "performing-csrf-attack-simulation", - "description": "Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "csrf", - "owasp", - "web-security", - "session-management", - "burpsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-csrf-attack-simulation" - }, - { - "name": "performing-cve-prioritization-with-kev-catalog", - "description": "Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation based on real-world exploitation evidence.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "cisa-kev", - "cve", - "vulnerability-prioritization", - "epss", - "bod-22-01", - "threat-intelligence", - "remediation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-cve-prioritization-with-kev-catalog" - }, - { - "name": "performing-dark-web-monitoring-for-threats", - "description": "Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "dark-web", - "tor", - "threat-monitoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-dark-web-monitoring-for-threats" - }, - { - "name": "performing-deception-technology-deployment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "deception", - "honeypot", - "honeytoken", - "canary", - "lateral-movement", - "detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-deception-technology-deployment" - }, - { - "name": "performing-directory-traversal-testing", - "description": "Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on the server by manipulating file path parameters.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "directory-traversal", - "path-traversal", - "lfi", - "owasp", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-directory-traversal-testing" - }, - { - "name": "performing-disk-forensics-investigation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "disk-forensics", - "forensic-imaging", - "evidence-acquisition", - "file-recovery", - "chain-of-custody" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-disk-forensics-investigation" - }, - { - "name": "performing-dmarc-policy-enforcement-rollout", - "description": "Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "dmarc", - "spf", - "dkim", - "email-authentication", - "anti-spoofing", - "phishing", - "dns", - "email-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-dmarc-policy-enforcement-rollout" - }, - { - "name": "performing-dns-enumeration-and-zone-transfer", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "dns", - "enumeration", - "zone-transfer", - "reconnaissance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-dns-enumeration-and-zone-transfer" - }, - { - "name": "performing-dns-tunneling-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "performing", - "dns", - "tunneling", - "detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-dns-tunneling-detection" - }, - { - "name": "performing-docker-bench-security-assessment", - "description": "Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "docker", - "security", - "CIS-benchmark", - "assessment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-docker-bench-security-assessment" - }, - { - "name": "performing-dynamic-analysis-of-android-app", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "frida", - "dynamic-analysis", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-dynamic-analysis-of-android-app" - }, - { - "name": "performing-dynamic-analysis-with-any-run", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "dynamic-analysis", - "sandbox", - "ANY.RUN", - "interactive-analysis" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-dynamic-analysis-with-any-run" - }, - { - "name": "performing-endpoint-forensics-investigation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "forensics", - "memory-analysis", - "disk-imaging", - "incident-investigation", - "Volatility" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-endpoint-forensics-investigation" - }, - { - "name": "performing-endpoint-vulnerability-remediation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "endpoint-security", - "tags": [ - "endpoint", - "vulnerability-management", - "patching", - "CVE", - "remediation", - "CVSS" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-endpoint-vulnerability-remediation" - }, - { - "name": "performing-entitlement-review-with-sailpoint-iiq", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "SailPoint", - "IdentityIQ", - "access-review", - "entitlement-certification", - "IGA", - "access-governance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-entitlement-review-with-sailpoint-iiq" - }, - { - "name": "performing-external-network-penetration-test", - "description": "Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure using PTES methodology, reconnaissance, scanning, exploitation, and reporting.", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "external-pentest", - "network-security", - "PTES", - "OSSTMM", - "Nmap", - "Metasploit", - "vulnerability-assessment", - "reconnaissance", - "exploitation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-external-network-penetration-test" - }, - { - "name": "performing-false-positive-reduction-in-siem", - "description": "Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement, and threat intelligence enrichment to combat alert fatigue.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "siem", - "false-positive", - "alert-tuning", - "detection-engineering", - "alert-fatigue", - "soc", - "correlation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-false-positive-reduction-in-siem" - }, - { - "name": "performing-file-carving-with-foremost", - "description": "Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "file-carving", - "foremost", - "data-recovery", - "evidence-recovery", - "unallocated-space" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-file-carving-with-foremost" - }, - { - "name": "performing-firmware-extraction-with-binwalk", - "description": ">", - "domain": "cybersecurity", - "subdomain": "firmware-analysis", - "tags": [ - "firmware", - "binwalk", - "extraction", - "entropy", - "IoT-security", - "reverse-engineering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-firmware-extraction-with-binwalk" - }, - { - "name": "performing-firmware-malware-analysis", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "firmware", - "IoT", - "UEFI", - "embedded-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-firmware-malware-analysis" - }, - { - "name": "performing-fuzzing-with-aflplusplus", - "description": ">", - "domain": "cybersecurity", - "subdomain": "application-security", - "tags": [ - "fuzzing", - "aflplusplus", - "coverage-guided", - "crash-triage", - "binary-analysis", - "security-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-fuzzing-with-aflplusplus" - }, - { - "name": "performing-gcp-penetration-testing-with-gcpbucketbrute", - "description": "Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation path analysis, and service account permission auditing", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "gcp", - "cloud-pentesting", - "bucket-enumeration", - "iam-audit", - "privilege-escalation", - "gcpbucketbrute" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-gcp-penetration-testing-with-gcpbucketbrute" - }, - { - "name": "performing-gcp-security-assessment-with-forseti", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "gcp", - "forseti", - "security-command-center", - "iam-audit", - "cis-benchmark" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-gcp-security-assessment-with-forseti" - }, - { - "name": "performing-graphql-depth-limit-attack", - "description": "Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service vulnerabilities in GraphQL APIs.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "graphql", - "depth-limit", - "denial-of-service", - "nested-queries", - "api-security", - "query-complexity", - "resource-exhaustion", - "penetration-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-graphql-depth-limit-attack" - }, - { - "name": "performing-graphql-introspection-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "graphql", - "introspection", - "schema-extraction", - "query-abuse" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-graphql-introspection-attack" - }, - { - "name": "performing-graphql-security-assessment", - "description": "Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "graphql", - "api-security", - "owasp", - "web-security", - "introspection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-graphql-security-assessment" - }, - { - "name": "performing-hardware-security-module-integration", - "description": "Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing operations, and secure key storage with python-pkcs11, AWS CloudHSM, and YubiHSM2.", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "HSM", - "PKCS11", - "CloudHSM", - "YubiHSM2", - "key-management", - "cryptographic-operations", - "hardware-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-hardware-security-module-integration" - }, - { - "name": "performing-hash-cracking-with-hashcat", - "description": "Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "hash-cracking", - "password-security", - "hashcat", - "penetration-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-hash-cracking-with-hashcat" - }, - { - "name": "performing-http-parameter-pollution-attack", - "description": "Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting duplicate parameters that are processed differently by front-end and back-end systems.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "http-parameter-pollution", - "hpp", - "waf-bypass", - "input-validation", - "web-security", - "parameter-injection", - "server-parsing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-http-parameter-pollution-attack" - }, - { - "name": "performing-ics-asset-discovery-with-claroty", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "asset-discovery", - "claroty", - "xdome", - "scada", - "network-visibility", - "iec62443" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ics-asset-discovery-with-claroty" - }, - { - "name": "performing-indicator-lifecycle-management", - "description": "Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "indicator-lifecycle", - "ioc-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-indicator-lifecycle-management" - }, - { - "name": "performing-initial-access-with-evilginx3", - "description": "Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session tokens and bypass multi-factor authentication during red team engagements.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "initial-access", - "phishing", - "evilginx", - "mfa-bypass", - "adversary-in-the-middle", - "credential-theft" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-initial-access-with-evilginx3" - }, - { - "name": "performing-insider-threat-investigation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "insider-threat", - "user-behavior-analytics", - "data-exfiltration", - "privilege-misuse", - "DFIR" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-insider-threat-investigation" - }, - { - "name": "performing-ioc-enrichment-automation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "ioc", - "enrichment", - "automation", - "virustotal", - "abuseipdb", - "shodan", - "threat-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ioc-enrichment-automation" - }, - { - "name": "performing-ios-app-security-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "ios", - "frida", - "objection", - "ssl-pinning", - "keychain", - "ipa-analysis", - "owasp-mastg" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ios-app-security-assessment" - }, - { - "name": "performing-iot-security-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "IoT-security", - "firmware-analysis", - "embedded-systems", - "hardware-hacking", - "UART-JTAG" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-iot-security-assessment" - }, - { - "name": "performing-ip-reputation-analysis-with-shodan", - "description": "Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "shodan", - "ip-reputation", - "enrichment", - "threat-intelligence", - "reconnaissance", - "vulnerability", - "api", - "internet-scanning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ip-reputation-analysis-with-shodan" - }, - { - "name": "performing-jwt-none-algorithm-attack", - "description": "Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "jwt", - "none-algorithm", - "authentication-bypass", - "token-manipulation", - "signature-bypass", - "penetration-testing", - "owasp", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-jwt-none-algorithm-attack" - }, - { - "name": "performing-kerberoasting-attack", - "description": "Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "kerberoasting", - "active-directory", - "credential-access" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-kerberoasting-attack" - }, - { - "name": "performing-kubernetes-cis-benchmark-with-kube-bench", - "description": "Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "kube-bench", - "cis-benchmark", - "kubernetes", - "compliance", - "hardening", - "aquasecurity" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-kubernetes-cis-benchmark-with-kube-bench" - }, - { - "name": "performing-kubernetes-etcd-security-assessment", - "description": "Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "kubernetes", - "etcd", - "encryption", - "tls", - "security-assessment", - "backup", - "secrets", - "control-plane" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-kubernetes-etcd-security-assessment" - }, - { - "name": "performing-kubernetes-penetration-testing", - "description": "Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "kubernetes", - "security", - "penetration-testing", - "offensive-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-kubernetes-penetration-testing" - }, - { - "name": "performing-lateral-movement-detection", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "lateral-movement", - "mitre-attack", - "pass-the-hash", - "psexec", - "wmi", - "rdp", - "smb", - "detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-lateral-movement-detection" - }, - { - "name": "performing-lateral-movement-with-wmiexec", - "description": "Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket wmiexec.py, CrackMapExec, and native WMI commands for stealthy post-exploitation during red team engagements.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "lateral-movement", - "wmiexec", - "wmi", - "post-exploitation", - "impacket", - "windows" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-lateral-movement-with-wmiexec" - }, - { - "name": "performing-linux-log-forensics-investigation", - "description": "Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "linux-forensics", - "syslog", - "auth-log", - "systemd-journal", - "journalctl", - "linux-logs", - "ssh-forensics", - "cron", - "audit-log", - "log-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-linux-log-forensics-investigation" - }, - { - "name": "performing-log-analysis-for-forensic-investigation", - "description": "Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "log-analysis", - "siem", - "event-correlation", - "timeline-analysis", - "evidence-collection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-log-analysis-for-forensic-investigation" - }, - { - "name": "performing-log-source-onboarding-in-siem", - "description": "Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "siem", - "log-onboarding", - "log-management", - "data-ingestion", - "parsing", - "normalization", - "soc" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-log-source-onboarding-in-siem" - }, - { - "name": "performing-malware-hash-enrichment-with-virustotal", - "description": "Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "virustotal", - "malware-analysis", - "hash-enrichment", - "ioc", - "threat-intelligence", - "triage", - "api", - "detection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-malware-hash-enrichment-with-virustotal" - }, - { - "name": "performing-malware-ioc-extraction", - "description": "Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "malware-analysis", - "yara", - "reverse-engineering" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-malware-ioc-extraction" - }, - { - "name": "performing-malware-persistence-investigation", - "description": "Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "malware-persistence", - "autoruns", - "registry", - "scheduled-tasks", - "rootkit-detection", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-malware-persistence-investigation" - }, - { - "name": "performing-malware-triage-with-yara", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "YARA", - "triage", - "classification", - "pattern-matching" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-malware-triage-with-yara" - }, - { - "name": "performing-memory-forensics-with-volatility3", - "description": "Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "memory-forensics", - "volatility", - "ram-analysis", - "malware-detection", - "incident-response" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-memory-forensics-with-volatility3" - }, - { - "name": "performing-memory-forensics-with-volatility3-plugins", - "description": "Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "memory-forensics", - "volatility3", - "malware-analysis", - "incident-response", - "process-injection", - "rootkit-detection", - "dfir" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-memory-forensics-with-volatility3-plugins" - }, - { - "name": "performing-mobile-app-certificate-pinning-bypass", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "certificate-pinning", - "frida", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-mobile-app-certificate-pinning-bypass" - }, - { - "name": "performing-mobile-device-forensics-with-cellebrite", - "description": "Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "mobile-forensics", - "cellebrite", - "smartphone-analysis", - "ios-forensics", - "android-forensics" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-mobile-device-forensics-with-cellebrite" - }, - { - "name": "performing-network-forensics-with-wireshark", - "description": "Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "network-forensics", - "wireshark", - "pcap", - "packet-analysis", - "traffic-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-network-forensics-with-wireshark" - }, - { - "name": "performing-network-packet-capture-analysis", - "description": "Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "pcap", - "wireshark", - "tshark", - "tcpdump", - "network-forensics", - "packet-capture", - "protocol-analysis", - "traffic-analysis", - "pcapng", - "network-evidence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-network-packet-capture-analysis" - }, - { - "name": "performing-network-traffic-analysis-with-tshark", - "description": "Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "tshark", - "pyshark", - "pcap", - "packet-analysis", - "network-forensics", - "wireshark", - "traffic-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-network-traffic-analysis-with-tshark" - }, - { - "name": "performing-network-traffic-analysis-with-zeek", - "description": "Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "zeek", - "network-monitoring", - "traffic-analysis", - "ids", - "nids", - "pcap", - "threat-detection", - "forensics", - "siem-integration" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-network-traffic-analysis-with-zeek" - }, - { - "name": "performing-nist-csf-maturity-assessment", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "compliance-governance", - "tags": [ - "compliance", - "governance", - "nist", - "csf", - "maturity-assessment", - "risk-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-nist-csf-maturity-assessment" - }, - { - "name": "performing-oauth-scope-minimization-review", - "description": ">", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "OAuth", - "scope-minimization", - "API-security", - "consent-review", - "third-party-risk", - "token-audit" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-oauth-scope-minimization-review" - }, - { - "name": "performing-oil-gas-cybersecurity-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "oil-gas", - "pipeline-security", - "api1164" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-oil-gas-cybersecurity-assessment" - }, - { - "name": "performing-open-source-intelligence-gathering", - "description": "Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "osint", - "reconnaissance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-open-source-intelligence-gathering" - }, - { - "name": "performing-osint-with-spiderfoot", - "description": "Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance, and structured result analysis across 200+ data sources", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-osint-with-spiderfoot" - }, - { - "name": "performing-ot-network-security-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "network-assessment" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ot-network-security-assessment" - }, - { - "name": "performing-ot-vulnerability-assessment-with-claroty", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "vulnerability-assessment", - "claroty" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ot-vulnerability-assessment-with-claroty" - }, - { - "name": "performing-ot-vulnerability-scanning-safely", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "vulnerability-scanning", - "tenable", - "nessus", - "passive-scanning", - "risk-management", - "nist" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ot-vulnerability-scanning-safely" - }, - { - "name": "performing-packet-injection-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "packet-injection", - "scapy", - "hping3", - "protocol-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-packet-injection-attack" - }, - { - "name": "performing-paste-site-monitoring-for-credentials", - "description": "Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps using automated scraping and keyword matching to detect breaches early.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "paste-monitoring", - "credential-leak", - "pastebin", - "data-breach", - "threat-intelligence", - "osint", - "early-warning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-paste-site-monitoring-for-credentials" - }, - { - "name": "performing-phishing-simulation-with-gophish", - "description": "GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing pag", - "domain": "cybersecurity", - "subdomain": "phishing-defense", - "tags": [ - "phishing", - "email-security", - "social-engineering", - "dmarc", - "awareness", - "gophish", - "simulation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-phishing-simulation-with-gophish" - }, - { - "name": "performing-physical-intrusion-assessment", - "description": "Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device deployment to evaluate facility security controls.", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "physical-security", - "red-team", - "tailgating", - "badge-cloning", - "lock-picking", - "rfid", - "physical-pentest" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-physical-intrusion-assessment" - }, - { - "name": "performing-plc-firmware-security-analysis", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "firmware-analysis", - "plc-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-plc-firmware-security-analysis" - }, - { - "name": "performing-post-quantum-cryptography-migration", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "post-quantum", - "PQC", - "CRYSTALS-Kyber", - "ML-KEM", - "ML-DSA", - "FIPS-203", - "FIPS-204", - "hybrid-TLS", - "crypto-agility" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-post-quantum-cryptography-migration" - }, - { - "name": "performing-power-grid-cybersecurity-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "nerc-cip", - "power-grid", - "substation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-power-grid-cybersecurity-assessment" - }, - { - "name": "performing-privacy-impact-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "privacy-compliance", - "tags": [ - "privacy", - "impact-assessment", - "GDPR", - "CCPA", - "NIST", - "DPIA", - "data-flow-mapping", - "risk-scoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-privacy-impact-assessment" - }, - { - "name": "performing-privilege-escalation-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "privilege-escalation", - "post-exploitation", - "Linux-privesc", - "Windows-privesc", - "local-exploitation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-privilege-escalation-assessment" - }, - { - "name": "performing-privilege-escalation-on-linux", - "description": "Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised system. Red teams exploit misconfigurations, vulnerable services, kernel exploits, and w", - "domain": "cybersecurity", - "subdomain": "red-teaming", - "tags": [ - "red-team", - "adversary-simulation", - "mitre-attack", - "exploitation", - "post-exploitation", - "privilege-escalation", - "linux" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-privilege-escalation-on-linux" - }, - { - "name": "performing-privileged-account-access-review", - "description": "Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "pam", - "access-review", - "privileged-accounts", - "least-privilege", - "compliance", - "audit", - "identity-governance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-privileged-account-access-review" - }, - { - "name": "performing-privileged-account-discovery", - "description": "Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local admins, service accounts, database admins, cloud IAM roles, and application admin account", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "privileged-access", - "discovery", - "inventory" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-privileged-account-discovery" - }, - { - "name": "performing-purple-team-atomic-testing", - "description": ">", - "domain": "cybersecurity", - "subdomain": "purple-team", - "tags": [ - "purple-team", - "atomic-red-team", - "mitre-attack", - "detection-engineering", - "adversary-emulation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-purple-team-atomic-testing" - }, - { - "name": "performing-purple-team-exercise", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "purple-team", - "red-team", - "blue-team", - "mitre-attack", - "adversary-emulation", - "detection-validation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-purple-team-exercise" - }, - { - "name": "performing-ransomware-response", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "ransomware", - "encryption-recovery", - "backup-restoration", - "ransom-negotiation", - "CISA-guidance" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ransomware-response" - }, - { - "name": "performing-ransomware-tabletop-exercise", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "incident-response", - "tabletop-exercise", - "defense", - "preparedness" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ransomware-tabletop-exercise" - }, - { - "name": "performing-red-team-phishing-with-gophish", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "performing", - "red", - "team", - "phishing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-red-team-phishing-with-gophish" - }, - { - "name": "performing-red-team-with-covenant", - "description": "Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener setup, grunt deployment, task execution, and lateral movement tracking.", - "domain": "cybersecurity", - "subdomain": "red-team", - "tags": [ - "red-team", - "c2", - "covenant", - "adversary-simulation", - "penetration-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-red-team-with-covenant" - }, - { - "name": "performing-s7comm-protocol-security-analysis", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "s7comm", - "siemens", - "plc-security", - "protocol-analysis", - "scada", - "vulnerability-assessment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-s7comm-protocol-security-analysis" - }, - { - "name": "performing-sca-dependency-scanning-with-snyk", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "sca", - "snyk", - "dependency-scanning", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-sca-dependency-scanning-with-snyk" - }, - { - "name": "performing-scada-hmi-security-assessment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "hmi", - "security-assessment", - "vulnerability", - "iec62443", - "nist-800-82" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-scada-hmi-security-assessment" - }, - { - "name": "performing-second-order-sql-injection", - "description": "Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "second-order-sqli", - "stored-sql-injection", - "sql-injection", - "database-security", - "web-security", - "blind-injection", - "persistent-sqli" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-second-order-sql-injection" - }, - { - "name": "performing-security-headers-audit", - "description": "Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "security-headers", - "csp", - "hsts", - "owasp", - "web-security", - "hardening" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-security-headers-audit" - }, - { - "name": "performing-serverless-function-security-review", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "serverless", - "lambda", - "azure-functions", - "cloud-functions", - "security-review" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-serverless-function-security-review" - }, - { - "name": "performing-service-account-audit", - "description": "Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "iam", - "identity", - "access-control", - "service-accounts", - "audit", - "governance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-service-account-audit" - }, - { - "name": "performing-service-account-credential-rotation", - "description": "Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases to eliminate stale secrets and reduce compromise risk.", - "domain": "cybersecurity", - "subdomain": "identity-access-management", - "tags": [ - "service-accounts", - "credential-rotation", - "secrets-management", - "pam", - "automation", - "vault" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-service-account-credential-rotation" - }, - { - "name": "performing-soap-web-service-security-testing", - "description": "Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE, WS-Security bypass, and SOAPAction spoofing.", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "soap", - "web-services", - "wsdl", - "xml-injection", - "xxe", - "ws-security", - "penetration-testing", - "soapaction-spoofing", - "xpath-injection" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-soap-web-service-security-testing" - }, - { - "name": "performing-soc-tabletop-exercise", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "tabletop", - "exercise", - "incident-response", - "training", - "nist", - "playbook-validation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-soc-tabletop-exercise" - }, - { - "name": "performing-soc2-type2-audit-preparation", - "description": ">", - "domain": "cybersecurity", - "subdomain": "governance-risk-compliance", - "tags": [ - "performing", - "soc2", - "type2", - "audit", - "preparation", - "compliance", - "grc" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-soc2-type2-audit-preparation" - }, - { - "name": "performing-sqlite-database-forensics", - "description": "Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "sqlite", - "database-forensics", - "freelist", - "wal", - "write-ahead-log", - "browser-history", - "mobile-forensics", - "deleted-records", - "b-tree", - "unallocated-space" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-sqlite-database-forensics" - }, - { - "name": "performing-ssl-certificate-lifecycle-management", - "description": "SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring, renewing, and revoking X.509 certificates. Poor certificate management is a leading", - "domain": "cybersecurity", - "subdomain": "cryptography", - "tags": [ - "cryptography", - "ssl", - "certificates", - "pki", - "tls", - "key-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ssl-certificate-lifecycle-management" - }, - { - "name": "performing-ssl-stripping-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "ssl-stripping", - "https", - "hsts", - "tls-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ssl-stripping-attack" - }, - { - "name": "performing-ssl-tls-inspection-configuration", - "description": "Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "ssl-inspection", - "tls-decryption", - "https-inspection", - "certificate-management", - "proxy", - "man-in-the-middle", - "network-security", - "forward-proxy" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ssl-tls-inspection-configuration" - }, - { - "name": "performing-ssl-tls-security-assessment", - "description": "Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains, protocol versions, HSTS headers, and known vulnerabilities like Heartbleed and ROBOT.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "ssl", - "tls", - "sslyze", - "certificate", - "cipher-suites", - "vulnerability-assessment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ssl-tls-security-assessment" - }, - { - "name": "performing-ssrf-vulnerability-exploitation", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "security-operations", - "tags": [ - "performing", - "ssrf", - "vulnerability", - "exploitation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-ssrf-vulnerability-exploitation" - }, - { - "name": "performing-static-malware-analysis-with-pe-studio", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "static-analysis", - "PE-analysis", - "PEStudio", - "reverse-engineering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-static-malware-analysis-with-pe-studio" - }, - { - "name": "performing-steganography-detection", - "description": "Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover covert communication channels.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "steganography", - "steganalysis", - "hidden-data", - "covert-channels", - "image-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-steganography-detection" - }, - { - "name": "performing-subdomain-enumeration-with-subfinder", - "description": "Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "subdomain-enumeration", - "reconnaissance", - "bug-bounty", - "attack-surface", - "subfinder", - "passive-recon", - "osint" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-subdomain-enumeration-with-subfinder" - }, - { - "name": "performing-supply-chain-attack-simulation", - "description": "Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.", - "domain": "cybersecurity", - "subdomain": "application-security", - "tags": [ - "supply-chain", - "typosquatting", - "dependency-confusion", - "package-verification", - "pip-audit", - "PyPI", - "software-composition-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-supply-chain-attack-simulation" - }, - { - "name": "performing-thick-client-application-penetration-test", - "description": "Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials, DLL hijacking, memory manipulation, and insecure API communication in desktop applications using dnSpy, Procmon, and Burp Suite.", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "thick-client", - "desktop-application", - "dnSpy", - "Procmon", - "DLL-hijacking", - "binary-analysis", - "API-interception" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-thick-client-application-penetration-test" - }, - { - "name": "performing-threat-emulation-with-atomic-red-team", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "performing", - "threat", - "emulation", - "with" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-threat-emulation-with-atomic-red-team" - }, - { - "name": "performing-threat-hunting-with-elastic-siem", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "elastic", - "siem", - "threat-hunting", - "kql", - "eql", - "mitre-attack", - "kibana" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-threat-hunting-with-elastic-siem" - }, - { - "name": "performing-threat-hunting-with-yara-rules", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-hunting", - "tags": [ - "yara", - "malware-detection", - "threat-hunting", - "pattern-matching" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-threat-hunting-with-yara-rules" - }, - { - "name": "performing-threat-intelligence-sharing-with-misp", - "description": "Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "misp", - "pymisp", - "threat-intelligence", - "ioc-sharing", - "stix", - "taxii", - "threat-feeds", - "information-sharing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-threat-intelligence-sharing-with-misp" - }, - { - "name": "performing-threat-landscape-assessment-for-sector", - "description": "Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-landscape", - "sector-analysis", - "risk-assessment", - "threat-intelligence", - "industry-targeting", - "cti", - "strategic-intelligence" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-threat-landscape-assessment-for-sector" - }, - { - "name": "performing-threat-modeling-with-owasp-threat-dragon", - "description": "Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review.", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "threat-modeling", - "owasp", - "threat-dragon", - "stride", - "linddun", - "secure-design", - "dfd", - "data-flow" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-threat-modeling-with-owasp-threat-dragon" - }, - { - "name": "performing-timeline-reconstruction-with-plaso", - "description": "Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems, logs, and artifacts into a unified chronological view.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "timeline-analysis", - "plaso", - "log2timeline", - "super-timeline", - "event-correlation" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-timeline-reconstruction-with-plaso" - }, - { - "name": "performing-user-behavior-analytics", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "ueba", - "user-behavior", - "insider-threat", - "anomaly-detection", - "splunk", - "baseline" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-user-behavior-analytics" - }, - { - "name": "performing-vlan-hopping-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "vlan-hopping", - "layer2-attack", - "switch-security", - "802.1q" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-vlan-hopping-attack" - }, - { - "name": "performing-vulnerability-scanning-with-nessus", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "vulnerability-scanning", - "Nessus", - "CVE", - "patch-management", - "Tenable" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-vulnerability-scanning-with-nessus" - }, - { - "name": "performing-web-application-firewall-bypass", - "description": "Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution, and payload obfuscation to deliver SQL injection, XSS, and other attack payloads past WAF detection rules.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "waf-bypass", - "waf-evasion", - "sql-injection", - "xss", - "payload-obfuscation", - "encoding-bypass", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-web-application-firewall-bypass" - }, - { - "name": "performing-web-application-penetration-test", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "web-application-pentest", - "OWASP", - "Burp-Suite", - "WSTG", - "application-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-web-application-penetration-test" - }, - { - "name": "performing-web-application-scanning-with-nikto", - "description": "Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies ve", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "cve", - "nikto", - "web-scanning", - "owasp", - "risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-web-application-scanning-with-nikto" - }, - { - "name": "performing-web-application-vulnerability-triage", - "description": "Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "web-application", - "vulnerability-triage", - "owasp", - "dast", - "sast", - "burp-suite", - "zap", - "false-positive", - "risk-rating" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-web-application-vulnerability-triage" - }, - { - "name": "performing-web-cache-deception-attack", - "description": "Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers and origin servers to cache and retrieve sensitive authenticated content.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "web-cache-deception", - "cdn-attack", - "cache-poisoning", - "path-normalization", - "cloudflare", - "cache-key", - "static-resource" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-web-cache-deception-attack" - }, - { - "name": "performing-web-cache-poisoning-attack", - "description": "Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through unkeyed headers and parameters during authorized security tests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "cache-poisoning", - "web-security", - "cdn", - "burpsuite", - "owasp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-web-cache-poisoning-attack" - }, - { - "name": "performing-wifi-password-cracking-with-aircrack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "wifi", - "aircrack-ng", - "wpa2", - "wireless-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-wifi-password-cracking-with-aircrack" - }, - { - "name": "performing-windows-artifact-analysis-with-eric-zimmerman-tools", - "description": "Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including KAPE, MFTECmd, PECmd, LECmd, JLECmd, and Timeline Explorer for parsing registry hives, prefetch files, event logs, and file system metadata.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "eric-zimmerman", - "ez-tools", - "kape", - "mftecmd", - "pecmd", - "lecmd", - "jlecmd", - "registry-forensics", - "windows-forensics", - "timeline-explorer", - "dfir", - "artifact-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools" - }, - { - "name": "performing-wireless-network-penetration-test", - "description": "Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3 keys, detecting rogue access points, and testing wireless segmentation using Aircrack-ng and related tools.", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "wireless-pentest", - "WiFi", - "Aircrack-ng", - "WPA2", - "WPA3", - "rogue-AP", - "evil-twin", - "802.11", - "Kismet" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-wireless-network-penetration-test" - }, - { - "name": "performing-wireless-security-assessment-with-kismet", - "description": "Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak encryption, and unauthorized clients through passive RF monitoring.", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "kismet", - "wireless-security", - "wifi-assessment", - "rogue-ap", - "802.11", - "wardriving", - "wids", - "wireless-ids", - "rf-monitoring" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-wireless-security-assessment-with-kismet" - }, - { - "name": "performing-yara-rule-development-for-detection", - "description": "Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "yara", - "malware-detection", - "signature-development", - "threat-hunting", - "pattern-matching", - "yara-x", - "indicator-development" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/performing-yara-rule-development-for-detection" - }, - { - "name": "prioritizing-vulnerabilities-with-cvss-scoring", - "description": "The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident Response and Security Teams) for assessing vulnerability severity. CVSS v4.0 (r", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "cve", - "cvss", - "risk", - "prioritization", - "nist" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/prioritizing-vulnerabilities-with-cvss-scoring" - }, - { - "name": "processing-stix-taxii-feeds", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "STIX-2.1", - "TAXII-2.1", - "OASIS", - "MISP", - "CTI", - "IOC", - "threat-intelligence", - "NIST-SP-800-150" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/processing-stix-taxii-feeds" - }, - { - "name": "profiling-threat-actor-groups", - "description": ">", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "MITRE-ATT&CK", - "threat-actor", - "APT", - "CrowdStrike", - "Mandiant", - "attribution", - "kill-chain", - "NIST-CSF" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/profiling-threat-actor-groups" - }, - { - "name": "recovering-deleted-files-with-photorec", - "description": "Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine regardless of file system damage.", - "domain": "cybersecurity", - "subdomain": "digital-forensics", - "tags": [ - "forensics", - "file-recovery", - "photorec", - "file-carving", - "data-recovery", - "evidence-recovery" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/recovering-deleted-files-with-photorec" - }, - { - "name": "recovering-from-ransomware-attack", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ransomware-defense", - "tags": [ - "ransomware", - "recovery", - "incident-response", - "backup", - "defense" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/recovering-from-ransomware-attack" - }, - { - "name": "remediating-s3-bucket-misconfiguration", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "s3-security", - "bucket-misconfiguration", - "data-exposure", - "public-access-block", - "aws-config" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/remediating-s3-bucket-misconfiguration" - }, - { - "name": "reverse-engineering-android-malware-with-jadx", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "Android", - "reverse-engineering", - "JADX", - "mobile-malware" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/reverse-engineering-android-malware-with-jadx" - }, - { - "name": "reverse-engineering-dotnet-malware-with-dnspy", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "dotnet", - "reverse-engineering", - "dnSpy", - "decompilation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/reverse-engineering-dotnet-malware-with-dnspy" - }, - { - "name": "reverse-engineering-ios-app-with-frida", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "ios", - "frida", - "reverse-engineering", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/reverse-engineering-ios-app-with-frida" - }, - { - "name": "reverse-engineering-malware-with-ghidra", - "description": ">", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "malware", - "reverse-engineering", - "Ghidra", - "disassembly", - "decompilation" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/reverse-engineering-malware-with-ghidra" - }, - { - "name": "reverse-engineering-ransomware-encryption-routine", - "description": "Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and potential decryption opportunities using static and dynamic analysis.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "ransomware", - "encryption", - "reverse-engineering", - "cryptanalysis", - "aes", - "rsa", - "decryption", - "malware-analysis" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/reverse-engineering-ransomware-encryption-routine" - }, - { - "name": "reverse-engineering-rust-malware", - "description": "Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated strings, crate dependency extraction, and Rust-specific control flow analysis.", - "domain": "cybersecurity", - "subdomain": "malware-analysis", - "tags": [ - "rust", - "reverse-engineering", - "malware-analysis", - "ghidra", - "ida-pro", - "binary-analysis", - "rust-malware" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/reverse-engineering-rust-malware" - }, - { - "name": "scanning-container-images-with-grype", - "description": "Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "grype", - "vulnerability-scanning", - "container-security", - "sbom", - "anchore", - "supply-chain" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/scanning-container-images-with-grype" - }, - { - "name": "scanning-containers-with-trivy-in-cicd", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "trivy", - "container-security", - "vulnerability-scanning", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/scanning-containers-with-trivy-in-cicd" - }, - { - "name": "scanning-docker-images-with-trivy", - "description": "Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "docker", - "security", - "trivy", - "vulnerability-scanning" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/scanning-docker-images-with-trivy" - }, - { - "name": "scanning-infrastructure-with-nessus", - "description": "Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrastructure including servers, workstations, network devices, and operating systems.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "vulnerability-management", - "cve", - "nessus", - "tenable", - "infrastructure-scanning", - "risk" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/scanning-infrastructure-with-nessus" - }, - { - "name": "scanning-kubernetes-manifests-with-kubesec", - "description": "Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "kubesec", - "kubernetes", - "manifest-scanning", - "security-scanning", - "devsecops", - "misconfiguration", - "static-analysis", - "ci-cd" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/scanning-kubernetes-manifests-with-kubesec" - }, - { - "name": "scanning-network-with-nmap-advanced", - "description": ">", - "domain": "cybersecurity", - "subdomain": "network-security", - "tags": [ - "network-security", - "nmap", - "port-scanning", - "service-enumeration", - "reconnaissance" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/scanning-network-with-nmap-advanced" - }, - { - "name": "securing-api-gateway-with-aws-waf", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "waf", - "api-gateway", - "rate-limiting", - "bot-protection", - "owasp" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-api-gateway-with-aws-waf" - }, - { - "name": "securing-aws-iam-permissions", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "aws-iam", - "least-privilege", - "permission-boundaries", - "access-analyzer", - "cloud-identity" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-aws-iam-permissions" - }, - { - "name": "securing-aws-lambda-execution-roles", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "aws", - "lambda", - "iam", - "least-privilege", - "execution-roles" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-aws-lambda-execution-roles" - }, - { - "name": "securing-azure-with-microsoft-defender", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "microsoft-defender", - "azure-security", - "cnapp", - "secure-score", - "cloud-workload-protection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-azure-with-microsoft-defender" - }, - { - "name": "securing-container-registry-images", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "cloud-security", - "containers", - "registry", - "image-scanning", - "trivy", - "cosign", - "supply-chain" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-container-registry-images" - }, - { - "name": "securing-container-registry-with-harbor", - "description": "Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated Trivy), image signing (Notary/Cosign), RBAC, content trust policies, replicatio", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "containers", - "kubernetes", - "docker", - "security", - "registry", - "harbor" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-container-registry-with-harbor" - }, - { - "name": "securing-github-actions-workflows", - "description": ">", - "domain": "cybersecurity", - "subdomain": "devsecops", - "tags": [ - "devsecops", - "cicd", - "github-actions", - "supply-chain", - "workflow-security", - "secure-sdlc" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-github-actions-workflows" - }, - { - "name": "securing-helm-chart-deployments", - "description": "Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing security contexts in Kubernetes releases.", - "domain": "cybersecurity", - "subdomain": "container-security", - "tags": [ - "helm", - "kubernetes", - "chart-security", - "supply-chain", - "configuration-security", - "deployment" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-helm-chart-deployments" - }, - { - "name": "securing-historian-server-in-ot-environment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "historian", - "osisoft-pi", - "data-integrity" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-historian-server-in-ot-environment" - }, - { - "name": "securing-kubernetes-on-cloud", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "kubernetes-security", - "eks", - "aks", - "gke", - "pod-security-standards", - "container-runtime" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-kubernetes-on-cloud" - }, - { - "name": "securing-remote-access-to-ot-environment", - "description": ">", - "domain": "cybersecurity", - "subdomain": "ot-ics-security", - "tags": [ - "ot-security", - "ics", - "scada", - "industrial-control", - "iec62443", - "remote-access", - "jump-server", - "mfa" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-remote-access-to-ot-environment" - }, - { - "name": "securing-serverless-functions", - "description": ">", - "domain": "cybersecurity", - "subdomain": "cloud-security", - "tags": [ - "serverless-security", - "aws-lambda", - "azure-functions", - "function-hardening", - "supply-chain" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/securing-serverless-functions" - }, - { - "name": "testing-android-intents-for-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "intents", - "ipc-security", - "owasp-mobile", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-android-intents-for-vulnerabilities" - }, - { - "name": "testing-api-authentication-weaknesses", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "authentication", - "jwt", - "session-management", - "credential-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-api-authentication-weaknesses" - }, - { - "name": "testing-api-for-broken-object-level-authorization", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "bola", - "idor", - "authorization", - "rest-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-api-for-broken-object-level-authorization" - }, - { - "name": "testing-api-for-mass-assignment-vulnerability", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "owasp", - "mass-assignment", - "auto-binding", - "parameter-tampering" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-api-for-mass-assignment-vulnerability" - }, - { - "name": "testing-api-security-with-owasp-top-10", - "description": "Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "api-security", - "owasp", - "rest-api", - "graphql", - "burpsuite", - "postman" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-api-security-with-owasp-top-10" - }, - { - "name": "testing-cors-misconfiguration", - "description": "Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "cors", - "web-security", - "owasp", - "same-origin-policy", - "burpsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-cors-misconfiguration" - }, - { - "name": "testing-for-broken-access-control", - "description": "Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "access-control", - "authorization", - "owasp", - "privilege-escalation", - "web-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-broken-access-control" - }, - { - "name": "testing-for-business-logic-vulnerabilities", - "description": "Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "business-logic", - "owasp", - "web-security", - "burpsuite", - "manual-testing" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-business-logic-vulnerabilities" - }, - { - "name": "testing-for-email-header-injection", - "description": "Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject additional email headers, modify recipients, and abuse contact forms for spam relay.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "email-injection", - "smtp-injection", - "crlf-injection", - "header-injection", - "spam-relay", - "contact-form", - "email-security" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-email-header-injection" - }, - { - "name": "testing-for-host-header-injection", - "description": "Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "host-header-injection", - "password-reset-poisoning", - "cache-poisoning", - "virtual-host", - "web-security", - "header-manipulation", - "ssrf" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-host-header-injection" - }, - { - "name": "testing-for-json-web-token-vulnerabilities", - "description": "Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "jwt", - "json-web-token", - "algorithm-confusion", - "authentication-bypass", - "token-forgery", - "kid-injection", - "jku-attack" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-json-web-token-vulnerabilities" - }, - { - "name": "testing-for-open-redirect-vulnerabilities", - "description": "Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "open-redirect", - "url-redirect", - "phishing", - "owasp", - "url-validation", - "redirect-bypass", - "unvalidated-redirect" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-open-redirect-vulnerabilities" - }, - { - "name": "testing-for-sensitive-data-exposure", - "description": "Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "data-exposure", - "pii", - "owasp", - "web-security", - "api-keys", - "secrets" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-sensitive-data-exposure" - }, - { - "name": "testing-for-xml-injection-vulnerabilities", - "description": "Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "xml-injection", - "xxe", - "xpath-injection", - "xml-parsing", - "web-security", - "entity-injection", - "dtd-attack" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-xml-injection-vulnerabilities" - }, - { - "name": "testing-for-xss-vulnerabilities", - "description": ">", - "domain": "cybersecurity", - "subdomain": "penetration-testing", - "tags": [ - "XSS", - "cross-site-scripting", - "client-side-security", - "OWASP-A03", - "JavaScript-injection" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-xss-vulnerabilities" - }, - { - "name": "testing-for-xss-vulnerabilities-with-burpsuite", - "description": "Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "xss", - "burpsuite", - "owasp", - "web-security", - "cross-site-scripting" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-xss-vulnerabilities-with-burpsuite" - }, - { - "name": "testing-for-xxe-injection-vulnerabilities", - "description": "Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "xxe", - "xml-injection", - "owasp", - "web-security", - "burpsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-for-xxe-injection-vulnerabilities" - }, - { - "name": "testing-jwt-token-security", - "description": "Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.", - "domain": "cybersecurity", - "subdomain": "web-application-security", - "tags": [ - "penetration-testing", - "jwt", - "authentication", - "web-security", - "token-security", - "burpsuite" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-jwt-token-security" - }, - { - "name": "testing-mobile-api-authentication", - "description": ">", - "domain": "cybersecurity", - "subdomain": "mobile-security", - "tags": [ - "mobile-security", - "android", - "ios", - "api-security", - "authentication", - "penetration-testing" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-mobile-api-authentication" - }, - { - "name": "testing-oauth2-implementation-flaws", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "oauth2", - "oidc", - "authentication", - "redirect-uri", - "token-security" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-oauth2-implementation-flaws" - }, - { - "name": "testing-ransomware-recovery-procedures", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-response", - "ransomware", - "disaster-recovery", - "backup", - "rto", - "rpo", - "resilience" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-ransomware-recovery-procedures" - }, - { - "name": "testing-websocket-api-security", - "description": ">", - "domain": "cybersecurity", - "subdomain": "api-security", - "tags": [ - "api-security", - "websocket", - "cswsh", - "real-time", - "injection", - "authentication" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/testing-websocket-api-security" - }, - { - "name": "tracking-threat-actor-infrastructure", - "description": "Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a", - "domain": "cybersecurity", - "subdomain": "threat-intelligence", - "tags": [ - "threat-intelligence", - "cti", - "ioc", - "mitre-attack", - "stix", - "infrastructure-tracking", - "shodan", - "censys", - "passive-dns" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/tracking-threat-actor-infrastructure" - }, - { - "name": "triaging-security-alerts-in-splunk", - "description": ">", - "domain": "cybersecurity", - "subdomain": "soc-operations", - "tags": [ - "soc", - "splunk", - "alert-triage", - "siem", - "notable-events", - "correlation-search", - "incident-review" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/triaging-security-alerts-in-splunk" - }, - { - "name": "triaging-security-incident", - "description": ">", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-triage", - "NIST-800-61", - "SANS-PICERL", - "severity-classification", - "SOC-operations" - ], - "version": "1.0.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/triaging-security-incident" - }, - { - "name": "triaging-security-incident-with-ir-playbook", - "description": "Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response teams, and initiate appropriate response procedures.", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-response", - "triage", - "playbook", - "severity-classification", - "soc" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/triaging-security-incident-with-ir-playbook" - }, - { - "name": "triaging-vulnerabilities-with-ssvc-framework", - "description": "Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree framework to produce actionable remediation priorities.", - "domain": "cybersecurity", - "subdomain": "vulnerability-management", - "tags": [ - "ssvc", - "vulnerability-triage", - "cisa", - "vulnerability-prioritization", - "decision-tree", - "cvss", - "remediation", - "risk-management" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/triaging-vulnerabilities-with-ssvc-framework" - }, - { - "name": "validating-backup-integrity-for-recovery", - "description": ">-", - "domain": "cybersecurity", - "subdomain": "incident-response", - "tags": [ - "incident-response", - "backup", - "integrity", - "hash-verification", - "restore-testing", - "disaster-recovery" - ], - "version": "1.0", - "author": "mukul975", - "license": "Apache-2.0", - "path": "skills/validating-backup-integrity-for-recovery" - } - ] -} \ No newline at end of file +{"version":"1.0.0","generated_at":"2026-03-21T10:36:19Z","repository":"https://github.com/mukul975/Anthropic-Cybersecurity-Skills","domain":"cybersecurity","total_skills":753,"skills":[{"name":"acquiring-disk-image-with-dd-and-dcfldd","path":"skills/acquiring-disk-image-with-dd-and-dcfldd"},{"name":"analyzing-active-directory-acl-abuse","path":"skills/analyzing-active-directory-acl-abuse"},{"name":"analyzing-android-malware-with-apktool","path":"skills/analyzing-android-malware-with-apktool"},{"name":"analyzing-api-gateway-access-logs","path":"skills/analyzing-api-gateway-access-logs"},{"name":"analyzing-apt-group-with-mitre-navigator","path":"skills/analyzing-apt-group-with-mitre-navigator"},{"name":"analyzing-azure-activity-logs-for-threats","path":"skills/analyzing-azure-activity-logs-for-threats"},{"name":"analyzing-bootkit-and-rootkit-samples","path":"skills/analyzing-bootkit-and-rootkit-samples"},{"name":"analyzing-browser-forensics-with-hindsight","path":"skills/analyzing-browser-forensics-with-hindsight"},{"name":"analyzing-campaign-attribution-evidence","path":"skills/analyzing-campaign-attribution-evidence"},{"name":"analyzing-certificate-transparency-for-phishing","path":"skills/analyzing-certificate-transparency-for-phishing"},{"name":"analyzing-cloud-storage-access-patterns","path":"skills/analyzing-cloud-storage-access-patterns"},{"name":"analyzing-cobalt-strike-beacon-configuration","path":"skills/analyzing-cobalt-strike-beacon-configuration"},{"name":"analyzing-cobaltstrike-malleable-c2-profiles","path":"skills/analyzing-cobaltstrike-malleable-c2-profiles"},{"name":"analyzing-command-and-control-communication","path":"skills/analyzing-command-and-control-communication"},{"name":"analyzing-cyber-kill-chain","path":"skills/analyzing-cyber-kill-chain"},{"name":"analyzing-disk-image-with-autopsy","path":"skills/analyzing-disk-image-with-autopsy"},{"name":"analyzing-dns-logs-for-exfiltration","path":"skills/analyzing-dns-logs-for-exfiltration"},{"name":"analyzing-docker-container-forensics","path":"skills/analyzing-docker-container-forensics"},{"name":"analyzing-email-headers-for-phishing-investigation","path":"skills/analyzing-email-headers-for-phishing-investigation"},{"name":"analyzing-ethereum-smart-contract-vulnerabilities","path":"skills/analyzing-ethereum-smart-contract-vulnerabilities"},{"name":"analyzing-golang-malware-with-ghidra","path":"skills/analyzing-golang-malware-with-ghidra"},{"name":"analyzing-heap-spray-exploitation","path":"skills/analyzing-heap-spray-exploitation"},{"name":"analyzing-indicators-of-compromise","path":"skills/analyzing-indicators-of-compromise"},{"name":"analyzing-ios-app-security-with-objection","path":"skills/analyzing-ios-app-security-with-objection"},{"name":"analyzing-kubernetes-audit-logs","path":"skills/analyzing-kubernetes-audit-logs"},{"name":"analyzing-linux-audit-logs-for-intrusion","path":"skills/analyzing-linux-audit-logs-for-intrusion"},{"name":"analyzing-linux-elf-malware","path":"skills/analyzing-linux-elf-malware"},{"name":"analyzing-linux-kernel-rootkits","path":"skills/analyzing-linux-kernel-rootkits"},{"name":"analyzing-linux-system-artifacts","path":"skills/analyzing-linux-system-artifacts"},{"name":"analyzing-lnk-file-and-jump-list-artifacts","path":"skills/analyzing-lnk-file-and-jump-list-artifacts"},{"name":"analyzing-macro-malware-in-office-documents","path":"skills/analyzing-macro-malware-in-office-documents"},{"name":"analyzing-malicious-pdf-with-peepdf","path":"skills/analyzing-malicious-pdf-with-peepdf"},{"name":"analyzing-malicious-url-with-urlscan","path":"skills/analyzing-malicious-url-with-urlscan"},{"name":"analyzing-malware-behavior-with-cuckoo-sandbox","path":"skills/analyzing-malware-behavior-with-cuckoo-sandbox"},{"name":"analyzing-malware-family-relationships-with-malpedia","path":"skills/analyzing-malware-family-relationships-with-malpedia"},{"name":"analyzing-malware-persistence-with-autoruns","path":"skills/analyzing-malware-persistence-with-autoruns"},{"name":"analyzing-malware-sandbox-evasion-techniques","path":"skills/analyzing-malware-sandbox-evasion-techniques"},{"name":"analyzing-memory-dumps-with-volatility","path":"skills/analyzing-memory-dumps-with-volatility"},{"name":"analyzing-memory-forensics-with-lime-and-volatility","path":"skills/analyzing-memory-forensics-with-lime-and-volatility"},{"name":"analyzing-mft-for-deleted-file-recovery","path":"skills/analyzing-mft-for-deleted-file-recovery"},{"name":"analyzing-network-covert-channels-in-malware","path":"skills/analyzing-network-covert-channels-in-malware"},{"name":"analyzing-network-flow-data-with-netflow","path":"skills/analyzing-network-flow-data-with-netflow"},{"name":"analyzing-network-packets-with-scapy","path":"skills/analyzing-network-packets-with-scapy"},{"name":"analyzing-network-traffic-for-incidents","path":"skills/analyzing-network-traffic-for-incidents"},{"name":"analyzing-network-traffic-of-malware","path":"skills/analyzing-network-traffic-of-malware"},{"name":"analyzing-network-traffic-with-wireshark","path":"skills/analyzing-network-traffic-with-wireshark"},{"name":"analyzing-office365-audit-logs-for-compromise","path":"skills/analyzing-office365-audit-logs-for-compromise"},{"name":"analyzing-outlook-pst-for-email-forensics","path":"skills/analyzing-outlook-pst-for-email-forensics"},{"name":"analyzing-packed-malware-with-upx-unpacker","path":"skills/analyzing-packed-malware-with-upx-unpacker"},{"name":"analyzing-pdf-malware-with-pdfid","path":"skills/analyzing-pdf-malware-with-pdfid"},{"name":"analyzing-persistence-mechanisms-in-linux","path":"skills/analyzing-persistence-mechanisms-in-linux"},{"name":"analyzing-powershell-empire-artifacts","path":"skills/analyzing-powershell-empire-artifacts"},{"name":"analyzing-powershell-script-block-logging","path":"skills/analyzing-powershell-script-block-logging"},{"name":"analyzing-prefetch-files-for-execution-history","path":"skills/analyzing-prefetch-files-for-execution-history"},{"name":"analyzing-ransomware-encryption-mechanisms","path":"skills/analyzing-ransomware-encryption-mechanisms"},{"name":"analyzing-ransomware-leak-site-intelligence","path":"skills/analyzing-ransomware-leak-site-intelligence"},{"name":"analyzing-ransomware-network-indicators","path":"skills/analyzing-ransomware-network-indicators"},{"name":"analyzing-ransomware-payment-wallets","path":"skills/analyzing-ransomware-payment-wallets"},{"name":"analyzing-sbom-for-supply-chain-vulnerabilities","path":"skills/analyzing-sbom-for-supply-chain-vulnerabilities"},{"name":"analyzing-security-logs-with-splunk","path":"skills/analyzing-security-logs-with-splunk"},{"name":"analyzing-slack-space-and-file-system-artifacts","path":"skills/analyzing-slack-space-and-file-system-artifacts"},{"name":"analyzing-supply-chain-malware-artifacts","path":"skills/analyzing-supply-chain-malware-artifacts"},{"name":"analyzing-threat-actor-ttps-with-mitre-attack","path":"skills/analyzing-threat-actor-ttps-with-mitre-attack"},{"name":"analyzing-threat-actor-ttps-with-mitre-navigator","path":"skills/analyzing-threat-actor-ttps-with-mitre-navigator"},{"name":"analyzing-threat-intelligence-feeds","path":"skills/analyzing-threat-intelligence-feeds"},{"name":"analyzing-threat-landscape-with-misp","path":"skills/analyzing-threat-landscape-with-misp"},{"name":"analyzing-tls-certificate-transparency-logs","path":"skills/analyzing-tls-certificate-transparency-logs"},{"name":"analyzing-typosquatting-domains-with-dnstwist","path":"skills/analyzing-typosquatting-domains-with-dnstwist"},{"name":"analyzing-uefi-bootkit-persistence","path":"skills/analyzing-uefi-bootkit-persistence"},{"name":"analyzing-usb-device-connection-history","path":"skills/analyzing-usb-device-connection-history"},{"name":"analyzing-web-server-logs-for-intrusion","path":"skills/analyzing-web-server-logs-for-intrusion"},{"name":"analyzing-windows-amcache-artifacts","path":"skills/analyzing-windows-amcache-artifacts"},{"name":"analyzing-windows-event-logs-in-splunk","path":"skills/analyzing-windows-event-logs-in-splunk"},{"name":"analyzing-windows-lnk-files-for-artifacts","path":"skills/analyzing-windows-lnk-files-for-artifacts"},{"name":"analyzing-windows-prefetch-with-python","path":"skills/analyzing-windows-prefetch-with-python"},{"name":"analyzing-windows-registry-for-artifacts","path":"skills/analyzing-windows-registry-for-artifacts"},{"name":"analyzing-windows-shellbag-artifacts","path":"skills/analyzing-windows-shellbag-artifacts"},{"name":"auditing-aws-s3-bucket-permissions","path":"skills/auditing-aws-s3-bucket-permissions"},{"name":"auditing-azure-active-directory-configuration","path":"skills/auditing-azure-active-directory-configuration"},{"name":"auditing-cloud-with-cis-benchmarks","path":"skills/auditing-cloud-with-cis-benchmarks"},{"name":"auditing-gcp-iam-permissions","path":"skills/auditing-gcp-iam-permissions"},{"name":"auditing-kubernetes-cluster-rbac","path":"skills/auditing-kubernetes-cluster-rbac"},{"name":"auditing-terraform-infrastructure-for-security","path":"skills/auditing-terraform-infrastructure-for-security"},{"name":"auditing-tls-certificate-transparency-logs","path":"skills/auditing-tls-certificate-transparency-logs"},{"name":"automating-ioc-enrichment","path":"skills/automating-ioc-enrichment"},{"name":"building-adversary-infrastructure-tracking-system","path":"skills/building-adversary-infrastructure-tracking-system"},{"name":"building-attack-pattern-library-from-cti-reports","path":"skills/building-attack-pattern-library-from-cti-reports"},{"name":"building-automated-malware-submission-pipeline","path":"skills/building-automated-malware-submission-pipeline"},{"name":"building-c2-infrastructure-with-sliver-framework","path":"skills/building-c2-infrastructure-with-sliver-framework"},{"name":"building-cloud-siem-with-sentinel","path":"skills/building-cloud-siem-with-sentinel"},{"name":"building-detection-rule-with-splunk-spl","path":"skills/building-detection-rule-with-splunk-spl"},{"name":"building-detection-rules-with-sigma","path":"skills/building-detection-rules-with-sigma"},{"name":"building-devsecops-pipeline-with-gitlab-ci","path":"skills/building-devsecops-pipeline-with-gitlab-ci"},{"name":"building-identity-federation-with-saml-azure-ad","path":"skills/building-identity-federation-with-saml-azure-ad"},{"name":"building-identity-governance-lifecycle-process","path":"skills/building-identity-governance-lifecycle-process"},{"name":"building-incident-response-dashboard","path":"skills/building-incident-response-dashboard"},{"name":"building-incident-response-playbook","path":"skills/building-incident-response-playbook"},{"name":"building-incident-timeline-with-timesketch","path":"skills/building-incident-timeline-with-timesketch"},{"name":"building-ioc-defanging-and-sharing-pipeline","path":"skills/building-ioc-defanging-and-sharing-pipeline"},{"name":"building-ioc-enrichment-pipeline-with-opencti","path":"skills/building-ioc-enrichment-pipeline-with-opencti"},{"name":"building-malware-incident-communication-template","path":"skills/building-malware-incident-communication-template"},{"name":"building-patch-tuesday-response-process","path":"skills/building-patch-tuesday-response-process"},{"name":"building-phishing-reporting-button-workflow","path":"skills/building-phishing-reporting-button-workflow"},{"name":"building-ransomware-playbook-with-cisa-framework","path":"skills/building-ransomware-playbook-with-cisa-framework"},{"name":"building-red-team-c2-infrastructure-with-havoc","path":"skills/building-red-team-c2-infrastructure-with-havoc"},{"name":"building-role-mining-for-rbac-optimization","path":"skills/building-role-mining-for-rbac-optimization"},{"name":"building-soc-escalation-matrix","path":"skills/building-soc-escalation-matrix"},{"name":"building-soc-metrics-and-kpi-tracking","path":"skills/building-soc-metrics-and-kpi-tracking"},{"name":"building-soc-playbook-for-ransomware","path":"skills/building-soc-playbook-for-ransomware"},{"name":"building-threat-actor-profile-from-osint","path":"skills/building-threat-actor-profile-from-osint"},{"name":"building-threat-feed-aggregation-with-misp","path":"skills/building-threat-feed-aggregation-with-misp"},{"name":"building-threat-hunt-hypothesis-framework","path":"skills/building-threat-hunt-hypothesis-framework"},{"name":"building-threat-intelligence-enrichment-in-splunk","path":"skills/building-threat-intelligence-enrichment-in-splunk"},{"name":"building-threat-intelligence-feed-integration","path":"skills/building-threat-intelligence-feed-integration"},{"name":"building-threat-intelligence-platform","path":"skills/building-threat-intelligence-platform"},{"name":"building-vulnerability-aging-and-sla-tracking","path":"skills/building-vulnerability-aging-and-sla-tracking"},{"name":"building-vulnerability-dashboard-with-defectdojo","path":"skills/building-vulnerability-dashboard-with-defectdojo"},{"name":"building-vulnerability-exception-tracking-system","path":"skills/building-vulnerability-exception-tracking-system"},{"name":"building-vulnerability-scanning-workflow","path":"skills/building-vulnerability-scanning-workflow"},{"name":"bypassing-authentication-with-forced-browsing","path":"skills/bypassing-authentication-with-forced-browsing"},{"name":"collecting-indicators-of-compromise","path":"skills/collecting-indicators-of-compromise"},{"name":"collecting-open-source-intelligence","path":"skills/collecting-open-source-intelligence"},{"name":"collecting-threat-intelligence-with-misp","path":"skills/collecting-threat-intelligence-with-misp"},{"name":"collecting-volatile-evidence-from-compromised-host","path":"skills/collecting-volatile-evidence-from-compromised-host"},{"name":"conducting-api-security-testing","path":"skills/conducting-api-security-testing"},{"name":"conducting-cloud-incident-response","path":"skills/conducting-cloud-incident-response"},{"name":"conducting-cloud-penetration-testing","path":"skills/conducting-cloud-penetration-testing"},{"name":"conducting-domain-persistence-with-dcsync","path":"skills/conducting-domain-persistence-with-dcsync"},{"name":"conducting-external-reconnaissance-with-osint","path":"skills/conducting-external-reconnaissance-with-osint"},{"name":"conducting-full-scope-red-team-engagement","path":"skills/conducting-full-scope-red-team-engagement"},{"name":"conducting-internal-network-penetration-test","path":"skills/conducting-internal-network-penetration-test"},{"name":"conducting-internal-reconnaissance-with-bloodhound-ce","path":"skills/conducting-internal-reconnaissance-with-bloodhound-ce"},{"name":"conducting-malware-incident-response","path":"skills/conducting-malware-incident-response"},{"name":"conducting-man-in-the-middle-attack-simulation","path":"skills/conducting-man-in-the-middle-attack-simulation"},{"name":"conducting-memory-forensics-with-volatility","path":"skills/conducting-memory-forensics-with-volatility"},{"name":"conducting-mobile-app-penetration-test","path":"skills/conducting-mobile-app-penetration-test"},{"name":"conducting-network-penetration-test","path":"skills/conducting-network-penetration-test"},{"name":"conducting-pass-the-ticket-attack","path":"skills/conducting-pass-the-ticket-attack"},{"name":"conducting-phishing-incident-response","path":"skills/conducting-phishing-incident-response"},{"name":"conducting-post-incident-lessons-learned","path":"skills/conducting-post-incident-lessons-learned"},{"name":"conducting-social-engineering-penetration-test","path":"skills/conducting-social-engineering-penetration-test"},{"name":"conducting-social-engineering-pretext-call","path":"skills/conducting-social-engineering-pretext-call"},{"name":"conducting-spearphishing-simulation-campaign","path":"skills/conducting-spearphishing-simulation-campaign"},{"name":"conducting-wireless-network-penetration-test","path":"skills/conducting-wireless-network-penetration-test"},{"name":"configuring-active-directory-tiered-model","path":"skills/configuring-active-directory-tiered-model"},{"name":"configuring-aws-verified-access-for-ztna","path":"skills/configuring-aws-verified-access-for-ztna"},{"name":"configuring-certificate-authority-with-openssl","path":"skills/configuring-certificate-authority-with-openssl"},{"name":"configuring-host-based-intrusion-detection","path":"skills/configuring-host-based-intrusion-detection"},{"name":"configuring-hsm-for-key-storage","path":"skills/configuring-hsm-for-key-storage"},{"name":"configuring-identity-aware-proxy-with-google-iap","path":"skills/configuring-identity-aware-proxy-with-google-iap"},{"name":"configuring-ldap-security-hardening","path":"skills/configuring-ldap-security-hardening"},{"name":"configuring-microsegmentation-for-zero-trust","path":"skills/configuring-microsegmentation-for-zero-trust"},{"name":"configuring-multi-factor-authentication-with-duo","path":"skills/configuring-multi-factor-authentication-with-duo"},{"name":"configuring-network-segmentation-with-vlans","path":"skills/configuring-network-segmentation-with-vlans"},{"name":"configuring-oauth2-authorization-flow","path":"skills/configuring-oauth2-authorization-flow"},{"name":"configuring-pfsense-firewall-rules","path":"skills/configuring-pfsense-firewall-rules"},{"name":"configuring-snort-ids-for-intrusion-detection","path":"skills/configuring-snort-ids-for-intrusion-detection"},{"name":"configuring-suricata-for-network-monitoring","path":"skills/configuring-suricata-for-network-monitoring"},{"name":"configuring-tls-1-3-for-secure-communications","path":"skills/configuring-tls-1-3-for-secure-communications"},{"name":"configuring-windows-defender-advanced-settings","path":"skills/configuring-windows-defender-advanced-settings"},{"name":"configuring-windows-event-logging-for-detection","path":"skills/configuring-windows-event-logging-for-detection"},{"name":"configuring-zscaler-private-access-for-ztna","path":"skills/configuring-zscaler-private-access-for-ztna"},{"name":"containing-active-breach","path":"skills/containing-active-breach"},{"name":"correlating-security-events-in-qradar","path":"skills/correlating-security-events-in-qradar"},{"name":"correlating-threat-campaigns","path":"skills/correlating-threat-campaigns"},{"name":"deobfuscating-javascript-malware","path":"skills/deobfuscating-javascript-malware"},{"name":"deobfuscating-powershell-obfuscated-malware","path":"skills/deobfuscating-powershell-obfuscated-malware"},{"name":"deploying-active-directory-honeytokens","path":"skills/deploying-active-directory-honeytokens"},{"name":"deploying-cloudflare-access-for-zero-trust","path":"skills/deploying-cloudflare-access-for-zero-trust"},{"name":"deploying-decoy-files-for-ransomware-detection","path":"skills/deploying-decoy-files-for-ransomware-detection"},{"name":"deploying-edr-agent-with-crowdstrike","path":"skills/deploying-edr-agent-with-crowdstrike"},{"name":"deploying-osquery-for-endpoint-monitoring","path":"skills/deploying-osquery-for-endpoint-monitoring"},{"name":"deploying-palo-alto-prisma-access-zero-trust","path":"skills/deploying-palo-alto-prisma-access-zero-trust"},{"name":"deploying-ransomware-canary-files","path":"skills/deploying-ransomware-canary-files"},{"name":"deploying-software-defined-perimeter","path":"skills/deploying-software-defined-perimeter"},{"name":"deploying-tailscale-for-zero-trust-vpn","path":"skills/deploying-tailscale-for-zero-trust-vpn"},{"name":"detecting-ai-model-prompt-injection-attacks","path":"skills/detecting-ai-model-prompt-injection-attacks"},{"name":"detecting-anomalies-in-industrial-control-systems","path":"skills/detecting-anomalies-in-industrial-control-systems"},{"name":"detecting-anomalous-authentication-patterns","path":"skills/detecting-anomalous-authentication-patterns"},{"name":"detecting-api-enumeration-attacks","path":"skills/detecting-api-enumeration-attacks"},{"name":"detecting-arp-poisoning-in-network-traffic","path":"skills/detecting-arp-poisoning-in-network-traffic"},{"name":"detecting-attacks-on-historian-servers","path":"skills/detecting-attacks-on-historian-servers"},{"name":"detecting-attacks-on-scada-systems","path":"skills/detecting-attacks-on-scada-systems"},{"name":"detecting-aws-cloudtrail-anomalies","path":"skills/detecting-aws-cloudtrail-anomalies"},{"name":"detecting-aws-credential-exposure-with-trufflehog","path":"skills/detecting-aws-credential-exposure-with-trufflehog"},{"name":"detecting-aws-guardduty-findings-automation","path":"skills/detecting-aws-guardduty-findings-automation"},{"name":"detecting-aws-iam-privilege-escalation","path":"skills/detecting-aws-iam-privilege-escalation"},{"name":"detecting-azure-lateral-movement","path":"skills/detecting-azure-lateral-movement"},{"name":"detecting-azure-service-principal-abuse","path":"skills/detecting-azure-service-principal-abuse"},{"name":"detecting-azure-storage-account-misconfigurations","path":"skills/detecting-azure-storage-account-misconfigurations"},{"name":"detecting-beaconing-patterns-with-zeek","path":"skills/detecting-beaconing-patterns-with-zeek"},{"name":"detecting-bluetooth-low-energy-attacks","path":"skills/detecting-bluetooth-low-energy-attacks"},{"name":"detecting-broken-object-property-level-authorization","path":"skills/detecting-broken-object-property-level-authorization"},{"name":"detecting-business-email-compromise","path":"skills/detecting-business-email-compromise"},{"name":"detecting-business-email-compromise-with-ai","path":"skills/detecting-business-email-compromise-with-ai"},{"name":"detecting-cloud-threats-with-guardduty","path":"skills/detecting-cloud-threats-with-guardduty"},{"name":"detecting-command-and-control-over-dns","path":"skills/detecting-command-and-control-over-dns"},{"name":"detecting-compromised-cloud-credentials","path":"skills/detecting-compromised-cloud-credentials"},{"name":"detecting-container-drift-at-runtime","path":"skills/detecting-container-drift-at-runtime"},{"name":"detecting-container-escape-attempts","path":"skills/detecting-container-escape-attempts"},{"name":"detecting-container-escape-with-falco-rules","path":"skills/detecting-container-escape-with-falco-rules"},{"name":"detecting-credential-dumping-techniques","path":"skills/detecting-credential-dumping-techniques"},{"name":"detecting-cryptomining-in-cloud","path":"skills/detecting-cryptomining-in-cloud"},{"name":"detecting-dcsync-attack-in-active-directory","path":"skills/detecting-dcsync-attack-in-active-directory"},{"name":"detecting-deepfake-audio-in-vishing-attacks","path":"skills/detecting-deepfake-audio-in-vishing-attacks"},{"name":"detecting-dll-sideloading-attacks","path":"skills/detecting-dll-sideloading-attacks"},{"name":"detecting-dnp3-protocol-anomalies","path":"skills/detecting-dnp3-protocol-anomalies"},{"name":"detecting-dns-exfiltration-with-dns-query-analysis","path":"skills/detecting-dns-exfiltration-with-dns-query-analysis"},{"name":"detecting-email-account-compromise","path":"skills/detecting-email-account-compromise"},{"name":"detecting-email-forwarding-rules-attack","path":"skills/detecting-email-forwarding-rules-attack"},{"name":"detecting-evasion-techniques-in-endpoint-logs","path":"skills/detecting-evasion-techniques-in-endpoint-logs"},{"name":"detecting-exfiltration-over-dns-with-zeek","path":"skills/detecting-exfiltration-over-dns-with-zeek"},{"name":"detecting-fileless-attacks-on-endpoints","path":"skills/detecting-fileless-attacks-on-endpoints"},{"name":"detecting-fileless-malware-techniques","path":"skills/detecting-fileless-malware-techniques"},{"name":"detecting-golden-ticket-attacks-in-kerberos-logs","path":"skills/detecting-golden-ticket-attacks-in-kerberos-logs"},{"name":"detecting-golden-ticket-forgery","path":"skills/detecting-golden-ticket-forgery"},{"name":"detecting-insider-data-exfiltration-via-dlp","path":"skills/detecting-insider-data-exfiltration-via-dlp"},{"name":"detecting-insider-threat-behaviors","path":"skills/detecting-insider-threat-behaviors"},{"name":"detecting-insider-threat-with-ueba","path":"skills/detecting-insider-threat-with-ueba"},{"name":"detecting-kerberoasting-attacks","path":"skills/detecting-kerberoasting-attacks"},{"name":"detecting-lateral-movement-in-network","path":"skills/detecting-lateral-movement-in-network"},{"name":"detecting-lateral-movement-with-splunk","path":"skills/detecting-lateral-movement-with-splunk"},{"name":"detecting-lateral-movement-with-zeek","path":"skills/detecting-lateral-movement-with-zeek"},{"name":"detecting-living-off-the-land-attacks","path":"skills/detecting-living-off-the-land-attacks"},{"name":"detecting-living-off-the-land-with-lolbas","path":"skills/detecting-living-off-the-land-with-lolbas"},{"name":"detecting-malicious-scheduled-tasks-with-sysmon","path":"skills/detecting-malicious-scheduled-tasks-with-sysmon"},{"name":"detecting-mimikatz-execution-patterns","path":"skills/detecting-mimikatz-execution-patterns"},{"name":"detecting-misconfigured-azure-storage","path":"skills/detecting-misconfigured-azure-storage"},{"name":"detecting-mobile-malware-behavior","path":"skills/detecting-mobile-malware-behavior"},{"name":"detecting-modbus-command-injection-attacks","path":"skills/detecting-modbus-command-injection-attacks"},{"name":"detecting-modbus-protocol-anomalies","path":"skills/detecting-modbus-protocol-anomalies"},{"name":"detecting-network-anomalies-with-zeek","path":"skills/detecting-network-anomalies-with-zeek"},{"name":"detecting-network-scanning-with-ids-signatures","path":"skills/detecting-network-scanning-with-ids-signatures"},{"name":"detecting-ntlm-relay-with-event-correlation","path":"skills/detecting-ntlm-relay-with-event-correlation"},{"name":"detecting-oauth-token-theft","path":"skills/detecting-oauth-token-theft"},{"name":"detecting-pass-the-hash-attacks","path":"skills/detecting-pass-the-hash-attacks"},{"name":"detecting-pass-the-ticket-attacks","path":"skills/detecting-pass-the-ticket-attacks"},{"name":"detecting-port-scanning-with-fail2ban","path":"skills/detecting-port-scanning-with-fail2ban"},{"name":"detecting-privilege-escalation-attempts","path":"skills/detecting-privilege-escalation-attempts"},{"name":"detecting-privilege-escalation-in-kubernetes-pods","path":"skills/detecting-privilege-escalation-in-kubernetes-pods"},{"name":"detecting-process-hollowing-technique","path":"skills/detecting-process-hollowing-technique"},{"name":"detecting-process-injection-techniques","path":"skills/detecting-process-injection-techniques"},{"name":"detecting-qr-code-phishing-with-email-security","path":"skills/detecting-qr-code-phishing-with-email-security"},{"name":"detecting-ransomware-encryption-behavior","path":"skills/detecting-ransomware-encryption-behavior"},{"name":"detecting-ransomware-precursors-in-network","path":"skills/detecting-ransomware-precursors-in-network"},{"name":"detecting-rdp-brute-force-attacks","path":"skills/detecting-rdp-brute-force-attacks"},{"name":"detecting-rootkit-activity","path":"skills/detecting-rootkit-activity"},{"name":"detecting-s3-data-exfiltration-attempts","path":"skills/detecting-s3-data-exfiltration-attempts"},{"name":"detecting-serverless-function-injection","path":"skills/detecting-serverless-function-injection"},{"name":"detecting-service-account-abuse","path":"skills/detecting-service-account-abuse"},{"name":"detecting-shadow-api-endpoints","path":"skills/detecting-shadow-api-endpoints"},{"name":"detecting-shadow-it-cloud-usage","path":"skills/detecting-shadow-it-cloud-usage"},{"name":"detecting-spearphishing-with-email-gateway","path":"skills/detecting-spearphishing-with-email-gateway"},{"name":"detecting-sql-injection-via-waf-logs","path":"skills/detecting-sql-injection-via-waf-logs"},{"name":"detecting-stuxnet-style-attacks","path":"skills/detecting-stuxnet-style-attacks"},{"name":"detecting-supply-chain-attacks-in-ci-cd","path":"skills/detecting-supply-chain-attacks-in-ci-cd"},{"name":"detecting-suspicious-oauth-application-consent","path":"skills/detecting-suspicious-oauth-application-consent"},{"name":"detecting-suspicious-powershell-execution","path":"skills/detecting-suspicious-powershell-execution"},{"name":"detecting-t1003-credential-dumping-with-edr","path":"skills/detecting-t1003-credential-dumping-with-edr"},{"name":"detecting-t1055-process-injection-with-sysmon","path":"skills/detecting-t1055-process-injection-with-sysmon"},{"name":"detecting-t1548-abuse-elevation-control-mechanism","path":"skills/detecting-t1548-abuse-elevation-control-mechanism"},{"name":"detecting-typosquatting-packages-in-npm-pypi","path":"skills/detecting-typosquatting-packages-in-npm-pypi"},{"name":"detecting-wmi-persistence","path":"skills/detecting-wmi-persistence"},{"name":"eradicating-malware-from-infected-systems","path":"skills/eradicating-malware-from-infected-systems"},{"name":"evaluating-threat-intelligence-platforms","path":"skills/evaluating-threat-intelligence-platforms"},{"name":"executing-active-directory-attack-simulation","path":"skills/executing-active-directory-attack-simulation"},{"name":"executing-phishing-simulation-campaign","path":"skills/executing-phishing-simulation-campaign"},{"name":"executing-red-team-engagement-planning","path":"skills/executing-red-team-engagement-planning"},{"name":"executing-red-team-exercise","path":"skills/executing-red-team-exercise"},{"name":"exploiting-active-directory-certificate-services-esc1","path":"skills/exploiting-active-directory-certificate-services-esc1"},{"name":"exploiting-active-directory-with-bloodhound","path":"skills/exploiting-active-directory-with-bloodhound"},{"name":"exploiting-api-injection-vulnerabilities","path":"skills/exploiting-api-injection-vulnerabilities"},{"name":"exploiting-bgp-hijacking-vulnerabilities","path":"skills/exploiting-bgp-hijacking-vulnerabilities"},{"name":"exploiting-broken-function-level-authorization","path":"skills/exploiting-broken-function-level-authorization"},{"name":"exploiting-broken-link-hijacking","path":"skills/exploiting-broken-link-hijacking"},{"name":"exploiting-constrained-delegation-abuse","path":"skills/exploiting-constrained-delegation-abuse"},{"name":"exploiting-deeplink-vulnerabilities","path":"skills/exploiting-deeplink-vulnerabilities"},{"name":"exploiting-excessive-data-exposure-in-api","path":"skills/exploiting-excessive-data-exposure-in-api"},{"name":"exploiting-http-request-smuggling","path":"skills/exploiting-http-request-smuggling"},{"name":"exploiting-idor-vulnerabilities","path":"skills/exploiting-idor-vulnerabilities"},{"name":"exploiting-insecure-data-storage-in-mobile","path":"skills/exploiting-insecure-data-storage-in-mobile"},{"name":"exploiting-insecure-deserialization","path":"skills/exploiting-insecure-deserialization"},{"name":"exploiting-ipv6-vulnerabilities","path":"skills/exploiting-ipv6-vulnerabilities"},{"name":"exploiting-jwt-algorithm-confusion-attack","path":"skills/exploiting-jwt-algorithm-confusion-attack"},{"name":"exploiting-kerberoasting-with-impacket","path":"skills/exploiting-kerberoasting-with-impacket"},{"name":"exploiting-mass-assignment-in-rest-apis","path":"skills/exploiting-mass-assignment-in-rest-apis"},{"name":"exploiting-ms17-010-eternalblue-vulnerability","path":"skills/exploiting-ms17-010-eternalblue-vulnerability"},{"name":"exploiting-nopac-cve-2021-42278-42287","path":"skills/exploiting-nopac-cve-2021-42278-42287"},{"name":"exploiting-nosql-injection-vulnerabilities","path":"skills/exploiting-nosql-injection-vulnerabilities"},{"name":"exploiting-oauth-misconfiguration","path":"skills/exploiting-oauth-misconfiguration"},{"name":"exploiting-prototype-pollution-in-javascript","path":"skills/exploiting-prototype-pollution-in-javascript"},{"name":"exploiting-race-condition-vulnerabilities","path":"skills/exploiting-race-condition-vulnerabilities"},{"name":"exploiting-server-side-request-forgery","path":"skills/exploiting-server-side-request-forgery"},{"name":"exploiting-smb-vulnerabilities-with-metasploit","path":"skills/exploiting-smb-vulnerabilities-with-metasploit"},{"name":"exploiting-sql-injection-vulnerabilities","path":"skills/exploiting-sql-injection-vulnerabilities"},{"name":"exploiting-sql-injection-with-sqlmap","path":"skills/exploiting-sql-injection-with-sqlmap"},{"name":"exploiting-template-injection-vulnerabilities","path":"skills/exploiting-template-injection-vulnerabilities"},{"name":"exploiting-type-juggling-vulnerabilities","path":"skills/exploiting-type-juggling-vulnerabilities"},{"name":"exploiting-vulnerabilities-with-metasploit-framework","path":"skills/exploiting-vulnerabilities-with-metasploit-framework"},{"name":"exploiting-websocket-vulnerabilities","path":"skills/exploiting-websocket-vulnerabilities"},{"name":"exploiting-zerologon-vulnerability-cve-2020-1472","path":"skills/exploiting-zerologon-vulnerability-cve-2020-1472"},{"name":"extracting-browser-history-artifacts","path":"skills/extracting-browser-history-artifacts"},{"name":"extracting-config-from-agent-tesla-rat","path":"skills/extracting-config-from-agent-tesla-rat"},{"name":"extracting-credentials-from-memory-dump","path":"skills/extracting-credentials-from-memory-dump"},{"name":"extracting-iocs-from-malware-samples","path":"skills/extracting-iocs-from-malware-samples"},{"name":"extracting-memory-artifacts-with-rekall","path":"skills/extracting-memory-artifacts-with-rekall"},{"name":"extracting-windows-event-logs-artifacts","path":"skills/extracting-windows-event-logs-artifacts"},{"name":"generating-threat-intelligence-reports","path":"skills/generating-threat-intelligence-reports"},{"name":"hardening-docker-containers-for-production","path":"skills/hardening-docker-containers-for-production"},{"name":"hardening-docker-daemon-configuration","path":"skills/hardening-docker-daemon-configuration"},{"name":"hardening-linux-endpoint-with-cis-benchmark","path":"skills/hardening-linux-endpoint-with-cis-benchmark"},{"name":"hardening-windows-endpoint-with-cis-benchmark","path":"skills/hardening-windows-endpoint-with-cis-benchmark"},{"name":"hunting-advanced-persistent-threats","path":"skills/hunting-advanced-persistent-threats"},{"name":"hunting-credential-stuffing-attacks","path":"skills/hunting-credential-stuffing-attacks"},{"name":"hunting-for-anomalous-powershell-execution","path":"skills/hunting-for-anomalous-powershell-execution"},{"name":"hunting-for-beaconing-with-frequency-analysis","path":"skills/hunting-for-beaconing-with-frequency-analysis"},{"name":"hunting-for-cobalt-strike-beacons","path":"skills/hunting-for-cobalt-strike-beacons"},{"name":"hunting-for-command-and-control-beaconing","path":"skills/hunting-for-command-and-control-beaconing"},{"name":"hunting-for-data-exfiltration-indicators","path":"skills/hunting-for-data-exfiltration-indicators"},{"name":"hunting-for-data-staging-before-exfiltration","path":"skills/hunting-for-data-staging-before-exfiltration"},{"name":"hunting-for-dcom-lateral-movement","path":"skills/hunting-for-dcom-lateral-movement"},{"name":"hunting-for-dcsync-attacks","path":"skills/hunting-for-dcsync-attacks"},{"name":"hunting-for-defense-evasion-via-timestomping","path":"skills/hunting-for-defense-evasion-via-timestomping"},{"name":"hunting-for-dns-based-persistence","path":"skills/hunting-for-dns-based-persistence"},{"name":"hunting-for-dns-tunneling-with-zeek","path":"skills/hunting-for-dns-tunneling-with-zeek"},{"name":"hunting-for-domain-fronting-c2-traffic","path":"skills/hunting-for-domain-fronting-c2-traffic"},{"name":"hunting-for-lateral-movement-via-wmi","path":"skills/hunting-for-lateral-movement-via-wmi"},{"name":"hunting-for-living-off-the-cloud-techniques","path":"skills/hunting-for-living-off-the-cloud-techniques"},{"name":"hunting-for-living-off-the-land-binaries","path":"skills/hunting-for-living-off-the-land-binaries"},{"name":"hunting-for-lolbins-execution-in-endpoint-logs","path":"skills/hunting-for-lolbins-execution-in-endpoint-logs"},{"name":"hunting-for-ntlm-relay-attacks","path":"skills/hunting-for-ntlm-relay-attacks"},{"name":"hunting-for-persistence-mechanisms-in-windows","path":"skills/hunting-for-persistence-mechanisms-in-windows"},{"name":"hunting-for-persistence-via-wmi-subscriptions","path":"skills/hunting-for-persistence-via-wmi-subscriptions"},{"name":"hunting-for-process-injection-techniques","path":"skills/hunting-for-process-injection-techniques"},{"name":"hunting-for-registry-persistence-mechanisms","path":"skills/hunting-for-registry-persistence-mechanisms"},{"name":"hunting-for-registry-run-key-persistence","path":"skills/hunting-for-registry-run-key-persistence"},{"name":"hunting-for-scheduled-task-persistence","path":"skills/hunting-for-scheduled-task-persistence"},{"name":"hunting-for-shadow-copy-deletion","path":"skills/hunting-for-shadow-copy-deletion"},{"name":"hunting-for-spearphishing-indicators","path":"skills/hunting-for-spearphishing-indicators"},{"name":"hunting-for-startup-folder-persistence","path":"skills/hunting-for-startup-folder-persistence"},{"name":"hunting-for-supply-chain-compromise","path":"skills/hunting-for-supply-chain-compromise"},{"name":"hunting-for-suspicious-scheduled-tasks","path":"skills/hunting-for-suspicious-scheduled-tasks"},{"name":"hunting-for-t1098-account-manipulation","path":"skills/hunting-for-t1098-account-manipulation"},{"name":"hunting-for-unusual-network-connections","path":"skills/hunting-for-unusual-network-connections"},{"name":"hunting-for-unusual-service-installations","path":"skills/hunting-for-unusual-service-installations"},{"name":"hunting-for-webshell-activity","path":"skills/hunting-for-webshell-activity"},{"name":"implementing-aes-encryption-for-data-at-rest","path":"skills/implementing-aes-encryption-for-data-at-rest"},{"name":"implementing-alert-fatigue-reduction","path":"skills/implementing-alert-fatigue-reduction"},{"name":"implementing-anti-phishing-training-program","path":"skills/implementing-anti-phishing-training-program"},{"name":"implementing-anti-ransomware-group-policy","path":"skills/implementing-anti-ransomware-group-policy"},{"name":"implementing-api-abuse-detection-with-rate-limiting","path":"skills/implementing-api-abuse-detection-with-rate-limiting"},{"name":"implementing-api-gateway-security-controls","path":"skills/implementing-api-gateway-security-controls"},{"name":"implementing-api-key-security-controls","path":"skills/implementing-api-key-security-controls"},{"name":"implementing-api-rate-limiting-and-throttling","path":"skills/implementing-api-rate-limiting-and-throttling"},{"name":"implementing-api-schema-validation-security","path":"skills/implementing-api-schema-validation-security"},{"name":"implementing-api-security-posture-management","path":"skills/implementing-api-security-posture-management"},{"name":"implementing-api-security-testing-with-42crunch","path":"skills/implementing-api-security-testing-with-42crunch"},{"name":"implementing-api-threat-protection-with-apigee","path":"skills/implementing-api-threat-protection-with-apigee"},{"name":"implementing-application-whitelisting-with-applocker","path":"skills/implementing-application-whitelisting-with-applocker"},{"name":"implementing-aqua-security-for-container-scanning","path":"skills/implementing-aqua-security-for-container-scanning"},{"name":"implementing-attack-path-analysis-with-xm-cyber","path":"skills/implementing-attack-path-analysis-with-xm-cyber"},{"name":"implementing-attack-surface-management","path":"skills/implementing-attack-surface-management"},{"name":"implementing-aws-config-rules-for-compliance","path":"skills/implementing-aws-config-rules-for-compliance"},{"name":"implementing-aws-iam-permission-boundaries","path":"skills/implementing-aws-iam-permission-boundaries"},{"name":"implementing-aws-macie-for-data-classification","path":"skills/implementing-aws-macie-for-data-classification"},{"name":"implementing-aws-nitro-enclave-security","path":"skills/implementing-aws-nitro-enclave-security"},{"name":"implementing-aws-security-hub","path":"skills/implementing-aws-security-hub"},{"name":"implementing-aws-security-hub-compliance","path":"skills/implementing-aws-security-hub-compliance"},{"name":"implementing-azure-ad-privileged-identity-management","path":"skills/implementing-azure-ad-privileged-identity-management"},{"name":"implementing-azure-defender-for-cloud","path":"skills/implementing-azure-defender-for-cloud"},{"name":"implementing-beyondcorp-zero-trust-access-model","path":"skills/implementing-beyondcorp-zero-trust-access-model"},{"name":"implementing-bgp-security-with-rpki","path":"skills/implementing-bgp-security-with-rpki"},{"name":"implementing-browser-isolation-for-zero-trust","path":"skills/implementing-browser-isolation-for-zero-trust"},{"name":"implementing-canary-tokens-for-network-intrusion","path":"skills/implementing-canary-tokens-for-network-intrusion"},{"name":"implementing-cisa-zero-trust-maturity-model","path":"skills/implementing-cisa-zero-trust-maturity-model"},{"name":"implementing-cloud-dlp-for-data-protection","path":"skills/implementing-cloud-dlp-for-data-protection"},{"name":"implementing-cloud-security-posture-management","path":"skills/implementing-cloud-security-posture-management"},{"name":"implementing-cloud-trail-log-analysis","path":"skills/implementing-cloud-trail-log-analysis"},{"name":"implementing-cloud-vulnerability-posture-management","path":"skills/implementing-cloud-vulnerability-posture-management"},{"name":"implementing-cloud-waf-rules","path":"skills/implementing-cloud-waf-rules"},{"name":"implementing-cloud-workload-protection","path":"skills/implementing-cloud-workload-protection"},{"name":"implementing-code-signing-for-artifacts","path":"skills/implementing-code-signing-for-artifacts"},{"name":"implementing-conditional-access-policies-azure-ad","path":"skills/implementing-conditional-access-policies-azure-ad"},{"name":"implementing-conduit-security-for-ot-remote-access","path":"skills/implementing-conduit-security-for-ot-remote-access"},{"name":"implementing-container-image-minimal-base-with-distroless","path":"skills/implementing-container-image-minimal-base-with-distroless"},{"name":"implementing-container-network-policies-with-calico","path":"skills/implementing-container-network-policies-with-calico"},{"name":"implementing-continuous-security-validation-with-bas","path":"skills/implementing-continuous-security-validation-with-bas"},{"name":"implementing-data-loss-prevention-with-microsoft-purview","path":"skills/implementing-data-loss-prevention-with-microsoft-purview"},{"name":"implementing-ddos-mitigation-with-cloudflare","path":"skills/implementing-ddos-mitigation-with-cloudflare"},{"name":"implementing-deception-based-detection-with-canarytoken","path":"skills/implementing-deception-based-detection-with-canarytoken"},{"name":"implementing-delinea-secret-server-for-pam","path":"skills/implementing-delinea-secret-server-for-pam"},{"name":"implementing-device-posture-assessment-in-zero-trust","path":"skills/implementing-device-posture-assessment-in-zero-trust"},{"name":"implementing-devsecops-security-scanning","path":"skills/implementing-devsecops-security-scanning"},{"name":"implementing-diamond-model-analysis","path":"skills/implementing-diamond-model-analysis"},{"name":"implementing-digital-signatures-with-ed25519","path":"skills/implementing-digital-signatures-with-ed25519"},{"name":"implementing-disk-encryption-with-bitlocker","path":"skills/implementing-disk-encryption-with-bitlocker"},{"name":"implementing-dmarc-dkim-spf-email-security","path":"skills/implementing-dmarc-dkim-spf-email-security"},{"name":"implementing-dragos-platform-for-ot-monitoring","path":"skills/implementing-dragos-platform-for-ot-monitoring"},{"name":"implementing-ebpf-security-monitoring","path":"skills/implementing-ebpf-security-monitoring"},{"name":"implementing-email-sandboxing-with-proofpoint","path":"skills/implementing-email-sandboxing-with-proofpoint"},{"name":"implementing-end-to-end-encryption-for-messaging","path":"skills/implementing-end-to-end-encryption-for-messaging"},{"name":"implementing-endpoint-detection-with-wazuh","path":"skills/implementing-endpoint-detection-with-wazuh"},{"name":"implementing-endpoint-dlp-controls","path":"skills/implementing-endpoint-dlp-controls"},{"name":"implementing-envelope-encryption-with-aws-kms","path":"skills/implementing-envelope-encryption-with-aws-kms"},{"name":"implementing-epss-score-for-vulnerability-prioritization","path":"skills/implementing-epss-score-for-vulnerability-prioritization"},{"name":"implementing-file-integrity-monitoring-with-aide","path":"skills/implementing-file-integrity-monitoring-with-aide"},{"name":"implementing-fuzz-testing-in-cicd-with-aflplusplus","path":"skills/implementing-fuzz-testing-in-cicd-with-aflplusplus"},{"name":"implementing-gcp-binary-authorization","path":"skills/implementing-gcp-binary-authorization"},{"name":"implementing-gcp-organization-policy-constraints","path":"skills/implementing-gcp-organization-policy-constraints"},{"name":"implementing-gcp-vpc-firewall-rules","path":"skills/implementing-gcp-vpc-firewall-rules"},{"name":"implementing-gdpr-data-protection-controls","path":"skills/implementing-gdpr-data-protection-controls"},{"name":"implementing-gdpr-data-subject-access-request","path":"skills/implementing-gdpr-data-subject-access-request"},{"name":"implementing-github-advanced-security-for-code-scanning","path":"skills/implementing-github-advanced-security-for-code-scanning"},{"name":"implementing-google-workspace-admin-security","path":"skills/implementing-google-workspace-admin-security"},{"name":"implementing-google-workspace-phishing-protection","path":"skills/implementing-google-workspace-phishing-protection"},{"name":"implementing-google-workspace-sso-configuration","path":"skills/implementing-google-workspace-sso-configuration"},{"name":"implementing-hardware-security-key-authentication","path":"skills/implementing-hardware-security-key-authentication"},{"name":"implementing-hashicorp-vault-dynamic-secrets","path":"skills/implementing-hashicorp-vault-dynamic-secrets"},{"name":"implementing-honeypot-for-ransomware-detection","path":"skills/implementing-honeypot-for-ransomware-detection"},{"name":"implementing-honeytokens-for-breach-detection","path":"skills/implementing-honeytokens-for-breach-detection"},{"name":"implementing-ics-firewall-with-tofino","path":"skills/implementing-ics-firewall-with-tofino"},{"name":"implementing-identity-governance-with-sailpoint","path":"skills/implementing-identity-governance-with-sailpoint"},{"name":"implementing-identity-verification-for-zero-trust","path":"skills/implementing-identity-verification-for-zero-trust"},{"name":"implementing-iec-62443-security-zones","path":"skills/implementing-iec-62443-security-zones"},{"name":"implementing-image-provenance-verification-with-cosign","path":"skills/implementing-image-provenance-verification-with-cosign"},{"name":"implementing-immutable-backup-with-restic","path":"skills/implementing-immutable-backup-with-restic"},{"name":"implementing-infrastructure-as-code-security-scanning","path":"skills/implementing-infrastructure-as-code-security-scanning"},{"name":"implementing-iso-27001-information-security-management","path":"skills/implementing-iso-27001-information-security-management"},{"name":"implementing-just-in-time-access-provisioning","path":"skills/implementing-just-in-time-access-provisioning"},{"name":"implementing-jwt-signing-and-verification","path":"skills/implementing-jwt-signing-and-verification"},{"name":"implementing-kubernetes-network-policy-with-calico","path":"skills/implementing-kubernetes-network-policy-with-calico"},{"name":"implementing-kubernetes-pod-security-standards","path":"skills/implementing-kubernetes-pod-security-standards"},{"name":"implementing-llm-guardrails-for-security","path":"skills/implementing-llm-guardrails-for-security"},{"name":"implementing-log-forwarding-with-fluentd","path":"skills/implementing-log-forwarding-with-fluentd"},{"name":"implementing-log-integrity-with-blockchain","path":"skills/implementing-log-integrity-with-blockchain"},{"name":"implementing-memory-protection-with-dep-aslr","path":"skills/implementing-memory-protection-with-dep-aslr"},{"name":"implementing-microsegmentation-with-guardicore","path":"skills/implementing-microsegmentation-with-guardicore"},{"name":"implementing-mimecast-targeted-attack-protection","path":"skills/implementing-mimecast-targeted-attack-protection"},{"name":"implementing-mitre-attack-coverage-mapping","path":"skills/implementing-mitre-attack-coverage-mapping"},{"name":"implementing-mobile-application-management","path":"skills/implementing-mobile-application-management"},{"name":"implementing-mtls-for-zero-trust-services","path":"skills/implementing-mtls-for-zero-trust-services"},{"name":"implementing-nerc-cip-compliance-controls","path":"skills/implementing-nerc-cip-compliance-controls"},{"name":"implementing-network-access-control","path":"skills/implementing-network-access-control"},{"name":"implementing-network-access-control-with-cisco-ise","path":"skills/implementing-network-access-control-with-cisco-ise"},{"name":"implementing-network-deception-with-honeypots","path":"skills/implementing-network-deception-with-honeypots"},{"name":"implementing-network-intrusion-prevention-with-suricata","path":"skills/implementing-network-intrusion-prevention-with-suricata"},{"name":"implementing-network-policies-for-kubernetes","path":"skills/implementing-network-policies-for-kubernetes"},{"name":"implementing-network-segmentation-for-ot","path":"skills/implementing-network-segmentation-for-ot"},{"name":"implementing-network-segmentation-with-firewall-zones","path":"skills/implementing-network-segmentation-with-firewall-zones"},{"name":"implementing-network-traffic-analysis-with-arkime","path":"skills/implementing-network-traffic-analysis-with-arkime"},{"name":"implementing-network-traffic-baselining","path":"skills/implementing-network-traffic-baselining"},{"name":"implementing-next-generation-firewall-with-palo-alto","path":"skills/implementing-next-generation-firewall-with-palo-alto"},{"name":"implementing-opa-gatekeeper-for-policy-enforcement","path":"skills/implementing-opa-gatekeeper-for-policy-enforcement"},{"name":"implementing-ot-incident-response-playbook","path":"skills/implementing-ot-incident-response-playbook"},{"name":"implementing-ot-network-traffic-analysis-with-nozomi","path":"skills/implementing-ot-network-traffic-analysis-with-nozomi"},{"name":"implementing-pam-for-database-access","path":"skills/implementing-pam-for-database-access"},{"name":"implementing-passwordless-auth-with-microsoft-entra","path":"skills/implementing-passwordless-auth-with-microsoft-entra"},{"name":"implementing-passwordless-authentication-with-fido2","path":"skills/implementing-passwordless-authentication-with-fido2"},{"name":"implementing-patch-management-for-ot-systems","path":"skills/implementing-patch-management-for-ot-systems"},{"name":"implementing-patch-management-workflow","path":"skills/implementing-patch-management-workflow"},{"name":"implementing-pci-dss-compliance-controls","path":"skills/implementing-pci-dss-compliance-controls"},{"name":"implementing-pod-security-admission-controller","path":"skills/implementing-pod-security-admission-controller"},{"name":"implementing-policy-as-code-with-open-policy-agent","path":"skills/implementing-policy-as-code-with-open-policy-agent"},{"name":"implementing-privileged-access-management-with-cyberark","path":"skills/implementing-privileged-access-management-with-cyberark"},{"name":"implementing-privileged-access-workstation","path":"skills/implementing-privileged-access-workstation"},{"name":"implementing-privileged-session-monitoring","path":"skills/implementing-privileged-session-monitoring"},{"name":"implementing-proofpoint-email-security-gateway","path":"skills/implementing-proofpoint-email-security-gateway"},{"name":"implementing-purdue-model-network-segmentation","path":"skills/implementing-purdue-model-network-segmentation"},{"name":"implementing-ransomware-backup-strategy","path":"skills/implementing-ransomware-backup-strategy"},{"name":"implementing-ransomware-kill-switch-detection","path":"skills/implementing-ransomware-kill-switch-detection"},{"name":"implementing-rapid7-insightvm-for-scanning","path":"skills/implementing-rapid7-insightvm-for-scanning"},{"name":"implementing-rbac-hardening-for-kubernetes","path":"skills/implementing-rbac-hardening-for-kubernetes"},{"name":"implementing-rsa-key-pair-management","path":"skills/implementing-rsa-key-pair-management"},{"name":"implementing-runtime-application-self-protection","path":"skills/implementing-runtime-application-self-protection"},{"name":"implementing-runtime-security-with-tetragon","path":"skills/implementing-runtime-security-with-tetragon"},{"name":"implementing-saml-sso-with-okta","path":"skills/implementing-saml-sso-with-okta"},{"name":"implementing-scim-provisioning-with-okta","path":"skills/implementing-scim-provisioning-with-okta"},{"name":"implementing-secret-scanning-with-gitleaks","path":"skills/implementing-secret-scanning-with-gitleaks"},{"name":"implementing-secrets-management-with-vault","path":"skills/implementing-secrets-management-with-vault"},{"name":"implementing-secrets-scanning-in-ci-cd","path":"skills/implementing-secrets-scanning-in-ci-cd"},{"name":"implementing-security-chaos-engineering","path":"skills/implementing-security-chaos-engineering"},{"name":"implementing-security-information-sharing-with-stix2","path":"skills/implementing-security-information-sharing-with-stix2"},{"name":"implementing-security-monitoring-with-datadog","path":"skills/implementing-security-monitoring-with-datadog"},{"name":"implementing-semgrep-for-custom-sast-rules","path":"skills/implementing-semgrep-for-custom-sast-rules"},{"name":"implementing-siem-correlation-rules-for-apt","path":"skills/implementing-siem-correlation-rules-for-apt"},{"name":"implementing-siem-use-case-tuning","path":"skills/implementing-siem-use-case-tuning"},{"name":"implementing-siem-use-cases-for-detection","path":"skills/implementing-siem-use-cases-for-detection"},{"name":"implementing-sigstore-for-software-signing","path":"skills/implementing-sigstore-for-software-signing"},{"name":"implementing-soar-automation-with-phantom","path":"skills/implementing-soar-automation-with-phantom"},{"name":"implementing-soar-playbook-for-phishing","path":"skills/implementing-soar-playbook-for-phishing"},{"name":"implementing-soar-playbook-with-palo-alto-xsoar","path":"skills/implementing-soar-playbook-with-palo-alto-xsoar"},{"name":"implementing-stix-taxii-feed-integration","path":"skills/implementing-stix-taxii-feed-integration"},{"name":"implementing-supply-chain-security-with-in-toto","path":"skills/implementing-supply-chain-security-with-in-toto"},{"name":"implementing-syslog-centralization-with-rsyslog","path":"skills/implementing-syslog-centralization-with-rsyslog"},{"name":"implementing-taxii-server-with-opentaxii","path":"skills/implementing-taxii-server-with-opentaxii"},{"name":"implementing-threat-intelligence-lifecycle-management","path":"skills/implementing-threat-intelligence-lifecycle-management"},{"name":"implementing-threat-modeling-with-mitre-attack","path":"skills/implementing-threat-modeling-with-mitre-attack"},{"name":"implementing-ticketing-system-for-incidents","path":"skills/implementing-ticketing-system-for-incidents"},{"name":"implementing-usb-device-control-policy","path":"skills/implementing-usb-device-control-policy"},{"name":"implementing-velociraptor-for-ir-collection","path":"skills/implementing-velociraptor-for-ir-collection"},{"name":"implementing-vulnerability-management-with-greenbone","path":"skills/implementing-vulnerability-management-with-greenbone"},{"name":"implementing-vulnerability-remediation-sla","path":"skills/implementing-vulnerability-remediation-sla"},{"name":"implementing-vulnerability-sla-breach-alerting","path":"skills/implementing-vulnerability-sla-breach-alerting"},{"name":"implementing-web-application-logging-with-modsecurity","path":"skills/implementing-web-application-logging-with-modsecurity"},{"name":"implementing-zero-knowledge-proof-for-authentication","path":"skills/implementing-zero-knowledge-proof-for-authentication"},{"name":"implementing-zero-standing-privilege-with-cyberark","path":"skills/implementing-zero-standing-privilege-with-cyberark"},{"name":"implementing-zero-trust-dns-with-nextdns","path":"skills/implementing-zero-trust-dns-with-nextdns"},{"name":"implementing-zero-trust-for-saas-applications","path":"skills/implementing-zero-trust-for-saas-applications"},{"name":"implementing-zero-trust-in-cloud","path":"skills/implementing-zero-trust-in-cloud"},{"name":"implementing-zero-trust-network-access","path":"skills/implementing-zero-trust-network-access"},{"name":"implementing-zero-trust-network-access-with-zscaler","path":"skills/implementing-zero-trust-network-access-with-zscaler"},{"name":"implementing-zero-trust-with-beyondcorp","path":"skills/implementing-zero-trust-with-beyondcorp"},{"name":"implementing-zero-trust-with-hashicorp-boundary","path":"skills/implementing-zero-trust-with-hashicorp-boundary"},{"name":"integrating-dast-with-owasp-zap-in-pipeline","path":"skills/integrating-dast-with-owasp-zap-in-pipeline"},{"name":"integrating-sast-into-github-actions-pipeline","path":"skills/integrating-sast-into-github-actions-pipeline"},{"name":"intercepting-mobile-traffic-with-burpsuite","path":"skills/intercepting-mobile-traffic-with-burpsuite"},{"name":"investigating-insider-threat-indicators","path":"skills/investigating-insider-threat-indicators"},{"name":"investigating-phishing-email-incident","path":"skills/investigating-phishing-email-incident"},{"name":"investigating-ransomware-attack-artifacts","path":"skills/investigating-ransomware-attack-artifacts"},{"name":"managing-cloud-identity-with-okta","path":"skills/managing-cloud-identity-with-okta"},{"name":"managing-intelligence-lifecycle","path":"skills/managing-intelligence-lifecycle"},{"name":"mapping-mitre-attack-techniques","path":"skills/mapping-mitre-attack-techniques"},{"name":"monitoring-darkweb-sources","path":"skills/monitoring-darkweb-sources"},{"name":"monitoring-scada-modbus-traffic-anomalies","path":"skills/monitoring-scada-modbus-traffic-anomalies"},{"name":"performing-access-recertification-with-saviynt","path":"skills/performing-access-recertification-with-saviynt"},{"name":"performing-access-review-and-certification","path":"skills/performing-access-review-and-certification"},{"name":"performing-active-directory-bloodhound-analysis","path":"skills/performing-active-directory-bloodhound-analysis"},{"name":"performing-active-directory-compromise-investigation","path":"skills/performing-active-directory-compromise-investigation"},{"name":"performing-active-directory-forest-trust-attack","path":"skills/performing-active-directory-forest-trust-attack"},{"name":"performing-active-directory-penetration-test","path":"skills/performing-active-directory-penetration-test"},{"name":"performing-active-directory-vulnerability-assessment","path":"skills/performing-active-directory-vulnerability-assessment"},{"name":"performing-adversary-in-the-middle-phishing-detection","path":"skills/performing-adversary-in-the-middle-phishing-detection"},{"name":"performing-agentless-vulnerability-scanning","path":"skills/performing-agentless-vulnerability-scanning"},{"name":"performing-ai-driven-osint-correlation","path":"skills/performing-ai-driven-osint-correlation"},{"name":"performing-alert-triage-with-elastic-siem","path":"skills/performing-alert-triage-with-elastic-siem"},{"name":"performing-android-app-static-analysis-with-mobsf","path":"skills/performing-android-app-static-analysis-with-mobsf"},{"name":"performing-api-fuzzing-with-restler","path":"skills/performing-api-fuzzing-with-restler"},{"name":"performing-api-inventory-and-discovery","path":"skills/performing-api-inventory-and-discovery"},{"name":"performing-api-rate-limiting-bypass","path":"skills/performing-api-rate-limiting-bypass"},{"name":"performing-api-security-testing-with-postman","path":"skills/performing-api-security-testing-with-postman"},{"name":"performing-arp-spoofing-attack-simulation","path":"skills/performing-arp-spoofing-attack-simulation"},{"name":"performing-asset-criticality-scoring-for-vulns","path":"skills/performing-asset-criticality-scoring-for-vulns"},{"name":"performing-authenticated-scan-with-openvas","path":"skills/performing-authenticated-scan-with-openvas"},{"name":"performing-authenticated-vulnerability-scan","path":"skills/performing-authenticated-vulnerability-scan"},{"name":"performing-automated-malware-analysis-with-cape","path":"skills/performing-automated-malware-analysis-with-cape"},{"name":"performing-aws-account-enumeration-with-scout-suite","path":"skills/performing-aws-account-enumeration-with-scout-suite"},{"name":"performing-aws-privilege-escalation-assessment","path":"skills/performing-aws-privilege-escalation-assessment"},{"name":"performing-bandwidth-throttling-attack-simulation","path":"skills/performing-bandwidth-throttling-attack-simulation"},{"name":"performing-binary-exploitation-analysis","path":"skills/performing-binary-exploitation-analysis"},{"name":"performing-blind-ssrf-exploitation","path":"skills/performing-blind-ssrf-exploitation"},{"name":"performing-bluetooth-security-assessment","path":"skills/performing-bluetooth-security-assessment"},{"name":"performing-brand-monitoring-for-impersonation","path":"skills/performing-brand-monitoring-for-impersonation"},{"name":"performing-clickjacking-attack-test","path":"skills/performing-clickjacking-attack-test"},{"name":"performing-cloud-asset-inventory-with-cartography","path":"skills/performing-cloud-asset-inventory-with-cartography"},{"name":"performing-cloud-forensics-investigation","path":"skills/performing-cloud-forensics-investigation"},{"name":"performing-cloud-forensics-with-aws-cloudtrail","path":"skills/performing-cloud-forensics-with-aws-cloudtrail"},{"name":"performing-cloud-incident-containment-procedures","path":"skills/performing-cloud-incident-containment-procedures"},{"name":"performing-cloud-log-forensics-with-athena","path":"skills/performing-cloud-log-forensics-with-athena"},{"name":"performing-cloud-native-forensics-with-falco","path":"skills/performing-cloud-native-forensics-with-falco"},{"name":"performing-cloud-penetration-testing-with-pacu","path":"skills/performing-cloud-penetration-testing-with-pacu"},{"name":"performing-cloud-storage-forensic-acquisition","path":"skills/performing-cloud-storage-forensic-acquisition"},{"name":"performing-container-escape-detection","path":"skills/performing-container-escape-detection"},{"name":"performing-container-image-hardening","path":"skills/performing-container-image-hardening"},{"name":"performing-container-security-scanning-with-trivy","path":"skills/performing-container-security-scanning-with-trivy"},{"name":"performing-content-security-policy-bypass","path":"skills/performing-content-security-policy-bypass"},{"name":"performing-credential-access-with-lazagne","path":"skills/performing-credential-access-with-lazagne"},{"name":"performing-cryptographic-audit-of-application","path":"skills/performing-cryptographic-audit-of-application"},{"name":"performing-csrf-attack-simulation","path":"skills/performing-csrf-attack-simulation"},{"name":"performing-cve-prioritization-with-kev-catalog","path":"skills/performing-cve-prioritization-with-kev-catalog"},{"name":"performing-dark-web-monitoring-for-threats","path":"skills/performing-dark-web-monitoring-for-threats"},{"name":"performing-deception-technology-deployment","path":"skills/performing-deception-technology-deployment"},{"name":"performing-directory-traversal-testing","path":"skills/performing-directory-traversal-testing"},{"name":"performing-disk-forensics-investigation","path":"skills/performing-disk-forensics-investigation"},{"name":"performing-dmarc-policy-enforcement-rollout","path":"skills/performing-dmarc-policy-enforcement-rollout"},{"name":"performing-dns-enumeration-and-zone-transfer","path":"skills/performing-dns-enumeration-and-zone-transfer"},{"name":"performing-dns-tunneling-detection","path":"skills/performing-dns-tunneling-detection"},{"name":"performing-docker-bench-security-assessment","path":"skills/performing-docker-bench-security-assessment"},{"name":"performing-dynamic-analysis-of-android-app","path":"skills/performing-dynamic-analysis-of-android-app"},{"name":"performing-dynamic-analysis-with-any-run","path":"skills/performing-dynamic-analysis-with-any-run"},{"name":"performing-endpoint-forensics-investigation","path":"skills/performing-endpoint-forensics-investigation"},{"name":"performing-endpoint-vulnerability-remediation","path":"skills/performing-endpoint-vulnerability-remediation"},{"name":"performing-entitlement-review-with-sailpoint-iiq","path":"skills/performing-entitlement-review-with-sailpoint-iiq"},{"name":"performing-external-network-penetration-test","path":"skills/performing-external-network-penetration-test"},{"name":"performing-false-positive-reduction-in-siem","path":"skills/performing-false-positive-reduction-in-siem"},{"name":"performing-file-carving-with-foremost","path":"skills/performing-file-carving-with-foremost"},{"name":"performing-firmware-extraction-with-binwalk","path":"skills/performing-firmware-extraction-with-binwalk"},{"name":"performing-firmware-malware-analysis","path":"skills/performing-firmware-malware-analysis"},{"name":"performing-fuzzing-with-aflplusplus","path":"skills/performing-fuzzing-with-aflplusplus"},{"name":"performing-gcp-penetration-testing-with-gcpbucketbrute","path":"skills/performing-gcp-penetration-testing-with-gcpbucketbrute"},{"name":"performing-gcp-security-assessment-with-forseti","path":"skills/performing-gcp-security-assessment-with-forseti"},{"name":"performing-graphql-depth-limit-attack","path":"skills/performing-graphql-depth-limit-attack"},{"name":"performing-graphql-introspection-attack","path":"skills/performing-graphql-introspection-attack"},{"name":"performing-graphql-security-assessment","path":"skills/performing-graphql-security-assessment"},{"name":"performing-hardware-security-module-integration","path":"skills/performing-hardware-security-module-integration"},{"name":"performing-hash-cracking-with-hashcat","path":"skills/performing-hash-cracking-with-hashcat"},{"name":"performing-http-parameter-pollution-attack","path":"skills/performing-http-parameter-pollution-attack"},{"name":"performing-ics-asset-discovery-with-claroty","path":"skills/performing-ics-asset-discovery-with-claroty"},{"name":"performing-indicator-lifecycle-management","path":"skills/performing-indicator-lifecycle-management"},{"name":"performing-initial-access-with-evilginx3","path":"skills/performing-initial-access-with-evilginx3"},{"name":"performing-insider-threat-investigation","path":"skills/performing-insider-threat-investigation"},{"name":"performing-ioc-enrichment-automation","path":"skills/performing-ioc-enrichment-automation"},{"name":"performing-ios-app-security-assessment","path":"skills/performing-ios-app-security-assessment"},{"name":"performing-iot-security-assessment","path":"skills/performing-iot-security-assessment"},{"name":"performing-ip-reputation-analysis-with-shodan","path":"skills/performing-ip-reputation-analysis-with-shodan"},{"name":"performing-jwt-none-algorithm-attack","path":"skills/performing-jwt-none-algorithm-attack"},{"name":"performing-kerberoasting-attack","path":"skills/performing-kerberoasting-attack"},{"name":"performing-kubernetes-cis-benchmark-with-kube-bench","path":"skills/performing-kubernetes-cis-benchmark-with-kube-bench"},{"name":"performing-kubernetes-etcd-security-assessment","path":"skills/performing-kubernetes-etcd-security-assessment"},{"name":"performing-kubernetes-penetration-testing","path":"skills/performing-kubernetes-penetration-testing"},{"name":"performing-lateral-movement-detection","path":"skills/performing-lateral-movement-detection"},{"name":"performing-lateral-movement-with-wmiexec","path":"skills/performing-lateral-movement-with-wmiexec"},{"name":"performing-linux-log-forensics-investigation","path":"skills/performing-linux-log-forensics-investigation"},{"name":"performing-log-analysis-for-forensic-investigation","path":"skills/performing-log-analysis-for-forensic-investigation"},{"name":"performing-log-source-onboarding-in-siem","path":"skills/performing-log-source-onboarding-in-siem"},{"name":"performing-malware-hash-enrichment-with-virustotal","path":"skills/performing-malware-hash-enrichment-with-virustotal"},{"name":"performing-malware-ioc-extraction","path":"skills/performing-malware-ioc-extraction"},{"name":"performing-malware-persistence-investigation","path":"skills/performing-malware-persistence-investigation"},{"name":"performing-malware-triage-with-yara","path":"skills/performing-malware-triage-with-yara"},{"name":"performing-memory-forensics-with-volatility3","path":"skills/performing-memory-forensics-with-volatility3"},{"name":"performing-memory-forensics-with-volatility3-plugins","path":"skills/performing-memory-forensics-with-volatility3-plugins"},{"name":"performing-mobile-app-certificate-pinning-bypass","path":"skills/performing-mobile-app-certificate-pinning-bypass"},{"name":"performing-mobile-device-forensics-with-cellebrite","path":"skills/performing-mobile-device-forensics-with-cellebrite"},{"name":"performing-network-forensics-with-wireshark","path":"skills/performing-network-forensics-with-wireshark"},{"name":"performing-network-packet-capture-analysis","path":"skills/performing-network-packet-capture-analysis"},{"name":"performing-network-traffic-analysis-with-tshark","path":"skills/performing-network-traffic-analysis-with-tshark"},{"name":"performing-network-traffic-analysis-with-zeek","path":"skills/performing-network-traffic-analysis-with-zeek"},{"name":"performing-nist-csf-maturity-assessment","path":"skills/performing-nist-csf-maturity-assessment"},{"name":"performing-oauth-scope-minimization-review","path":"skills/performing-oauth-scope-minimization-review"},{"name":"performing-oil-gas-cybersecurity-assessment","path":"skills/performing-oil-gas-cybersecurity-assessment"},{"name":"performing-open-source-intelligence-gathering","path":"skills/performing-open-source-intelligence-gathering"},{"name":"performing-osint-with-spiderfoot","path":"skills/performing-osint-with-spiderfoot"},{"name":"performing-ot-network-security-assessment","path":"skills/performing-ot-network-security-assessment"},{"name":"performing-ot-vulnerability-assessment-with-claroty","path":"skills/performing-ot-vulnerability-assessment-with-claroty"},{"name":"performing-ot-vulnerability-scanning-safely","path":"skills/performing-ot-vulnerability-scanning-safely"},{"name":"performing-packet-injection-attack","path":"skills/performing-packet-injection-attack"},{"name":"performing-paste-site-monitoring-for-credentials","path":"skills/performing-paste-site-monitoring-for-credentials"},{"name":"performing-phishing-simulation-with-gophish","path":"skills/performing-phishing-simulation-with-gophish"},{"name":"performing-physical-intrusion-assessment","path":"skills/performing-physical-intrusion-assessment"},{"name":"performing-plc-firmware-security-analysis","path":"skills/performing-plc-firmware-security-analysis"},{"name":"performing-post-quantum-cryptography-migration","path":"skills/performing-post-quantum-cryptography-migration"},{"name":"performing-power-grid-cybersecurity-assessment","path":"skills/performing-power-grid-cybersecurity-assessment"},{"name":"performing-privacy-impact-assessment","path":"skills/performing-privacy-impact-assessment"},{"name":"performing-privilege-escalation-assessment","path":"skills/performing-privilege-escalation-assessment"},{"name":"performing-privilege-escalation-on-linux","path":"skills/performing-privilege-escalation-on-linux"},{"name":"performing-privileged-account-access-review","path":"skills/performing-privileged-account-access-review"},{"name":"performing-privileged-account-discovery","path":"skills/performing-privileged-account-discovery"},{"name":"performing-purple-team-atomic-testing","path":"skills/performing-purple-team-atomic-testing"},{"name":"performing-purple-team-exercise","path":"skills/performing-purple-team-exercise"},{"name":"performing-ransomware-response","path":"skills/performing-ransomware-response"},{"name":"performing-ransomware-tabletop-exercise","path":"skills/performing-ransomware-tabletop-exercise"},{"name":"performing-red-team-phishing-with-gophish","path":"skills/performing-red-team-phishing-with-gophish"},{"name":"performing-red-team-with-covenant","path":"skills/performing-red-team-with-covenant"},{"name":"performing-s7comm-protocol-security-analysis","path":"skills/performing-s7comm-protocol-security-analysis"},{"name":"performing-sca-dependency-scanning-with-snyk","path":"skills/performing-sca-dependency-scanning-with-snyk"},{"name":"performing-scada-hmi-security-assessment","path":"skills/performing-scada-hmi-security-assessment"},{"name":"performing-second-order-sql-injection","path":"skills/performing-second-order-sql-injection"},{"name":"performing-security-headers-audit","path":"skills/performing-security-headers-audit"},{"name":"performing-serverless-function-security-review","path":"skills/performing-serverless-function-security-review"},{"name":"performing-service-account-audit","path":"skills/performing-service-account-audit"},{"name":"performing-service-account-credential-rotation","path":"skills/performing-service-account-credential-rotation"},{"name":"performing-soap-web-service-security-testing","path":"skills/performing-soap-web-service-security-testing"},{"name":"performing-soc-tabletop-exercise","path":"skills/performing-soc-tabletop-exercise"},{"name":"performing-soc2-type2-audit-preparation","path":"skills/performing-soc2-type2-audit-preparation"},{"name":"performing-sqlite-database-forensics","path":"skills/performing-sqlite-database-forensics"},{"name":"performing-ssl-certificate-lifecycle-management","path":"skills/performing-ssl-certificate-lifecycle-management"},{"name":"performing-ssl-stripping-attack","path":"skills/performing-ssl-stripping-attack"},{"name":"performing-ssl-tls-inspection-configuration","path":"skills/performing-ssl-tls-inspection-configuration"},{"name":"performing-ssl-tls-security-assessment","path":"skills/performing-ssl-tls-security-assessment"},{"name":"performing-ssrf-vulnerability-exploitation","path":"skills/performing-ssrf-vulnerability-exploitation"},{"name":"performing-static-malware-analysis-with-pe-studio","path":"skills/performing-static-malware-analysis-with-pe-studio"},{"name":"performing-steganography-detection","path":"skills/performing-steganography-detection"},{"name":"performing-subdomain-enumeration-with-subfinder","path":"skills/performing-subdomain-enumeration-with-subfinder"},{"name":"performing-supply-chain-attack-simulation","path":"skills/performing-supply-chain-attack-simulation"},{"name":"performing-thick-client-application-penetration-test","path":"skills/performing-thick-client-application-penetration-test"},{"name":"performing-threat-emulation-with-atomic-red-team","path":"skills/performing-threat-emulation-with-atomic-red-team"},{"name":"performing-threat-hunting-with-elastic-siem","path":"skills/performing-threat-hunting-with-elastic-siem"},{"name":"performing-threat-hunting-with-yara-rules","path":"skills/performing-threat-hunting-with-yara-rules"},{"name":"performing-threat-intelligence-sharing-with-misp","path":"skills/performing-threat-intelligence-sharing-with-misp"},{"name":"performing-threat-landscape-assessment-for-sector","path":"skills/performing-threat-landscape-assessment-for-sector"},{"name":"performing-threat-modeling-with-owasp-threat-dragon","path":"skills/performing-threat-modeling-with-owasp-threat-dragon"},{"name":"performing-timeline-reconstruction-with-plaso","path":"skills/performing-timeline-reconstruction-with-plaso"},{"name":"performing-user-behavior-analytics","path":"skills/performing-user-behavior-analytics"},{"name":"performing-vlan-hopping-attack","path":"skills/performing-vlan-hopping-attack"},{"name":"performing-vulnerability-scanning-with-nessus","path":"skills/performing-vulnerability-scanning-with-nessus"},{"name":"performing-web-application-firewall-bypass","path":"skills/performing-web-application-firewall-bypass"},{"name":"performing-web-application-penetration-test","path":"skills/performing-web-application-penetration-test"},{"name":"performing-web-application-scanning-with-nikto","path":"skills/performing-web-application-scanning-with-nikto"},{"name":"performing-web-application-vulnerability-triage","path":"skills/performing-web-application-vulnerability-triage"},{"name":"performing-web-cache-deception-attack","path":"skills/performing-web-cache-deception-attack"},{"name":"performing-web-cache-poisoning-attack","path":"skills/performing-web-cache-poisoning-attack"},{"name":"performing-wifi-password-cracking-with-aircrack","path":"skills/performing-wifi-password-cracking-with-aircrack"},{"name":"performing-windows-artifact-analysis-with-eric-zimmerman-tools","path":"skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools"},{"name":"performing-wireless-network-penetration-test","path":"skills/performing-wireless-network-penetration-test"},{"name":"performing-wireless-security-assessment-with-kismet","path":"skills/performing-wireless-security-assessment-with-kismet"},{"name":"performing-yara-rule-development-for-detection","path":"skills/performing-yara-rule-development-for-detection"},{"name":"prioritizing-vulnerabilities-with-cvss-scoring","path":"skills/prioritizing-vulnerabilities-with-cvss-scoring"},{"name":"processing-stix-taxii-feeds","path":"skills/processing-stix-taxii-feeds"},{"name":"profiling-threat-actor-groups","path":"skills/profiling-threat-actor-groups"},{"name":"recovering-deleted-files-with-photorec","path":"skills/recovering-deleted-files-with-photorec"},{"name":"recovering-from-ransomware-attack","path":"skills/recovering-from-ransomware-attack"},{"name":"remediating-s3-bucket-misconfiguration","path":"skills/remediating-s3-bucket-misconfiguration"},{"name":"reverse-engineering-android-malware-with-jadx","path":"skills/reverse-engineering-android-malware-with-jadx"},{"name":"reverse-engineering-dotnet-malware-with-dnspy","path":"skills/reverse-engineering-dotnet-malware-with-dnspy"},{"name":"reverse-engineering-ios-app-with-frida","path":"skills/reverse-engineering-ios-app-with-frida"},{"name":"reverse-engineering-malware-with-ghidra","path":"skills/reverse-engineering-malware-with-ghidra"},{"name":"reverse-engineering-ransomware-encryption-routine","path":"skills/reverse-engineering-ransomware-encryption-routine"},{"name":"reverse-engineering-rust-malware","path":"skills/reverse-engineering-rust-malware"},{"name":"scanning-container-images-with-grype","path":"skills/scanning-container-images-with-grype"},{"name":"scanning-containers-with-trivy-in-cicd","path":"skills/scanning-containers-with-trivy-in-cicd"},{"name":"scanning-docker-images-with-trivy","path":"skills/scanning-docker-images-with-trivy"},{"name":"scanning-infrastructure-with-nessus","path":"skills/scanning-infrastructure-with-nessus"},{"name":"scanning-kubernetes-manifests-with-kubesec","path":"skills/scanning-kubernetes-manifests-with-kubesec"},{"name":"scanning-network-with-nmap-advanced","path":"skills/scanning-network-with-nmap-advanced"},{"name":"securing-api-gateway-with-aws-waf","path":"skills/securing-api-gateway-with-aws-waf"},{"name":"securing-aws-iam-permissions","path":"skills/securing-aws-iam-permissions"},{"name":"securing-aws-lambda-execution-roles","path":"skills/securing-aws-lambda-execution-roles"},{"name":"securing-azure-with-microsoft-defender","path":"skills/securing-azure-with-microsoft-defender"},{"name":"securing-container-registry-images","path":"skills/securing-container-registry-images"},{"name":"securing-container-registry-with-harbor","path":"skills/securing-container-registry-with-harbor"},{"name":"securing-github-actions-workflows","path":"skills/securing-github-actions-workflows"},{"name":"securing-helm-chart-deployments","path":"skills/securing-helm-chart-deployments"},{"name":"securing-historian-server-in-ot-environment","path":"skills/securing-historian-server-in-ot-environment"},{"name":"securing-kubernetes-on-cloud","path":"skills/securing-kubernetes-on-cloud"},{"name":"securing-remote-access-to-ot-environment","path":"skills/securing-remote-access-to-ot-environment"},{"name":"securing-serverless-functions","path":"skills/securing-serverless-functions"},{"name":"testing-android-intents-for-vulnerabilities","path":"skills/testing-android-intents-for-vulnerabilities"},{"name":"testing-api-authentication-weaknesses","path":"skills/testing-api-authentication-weaknesses"},{"name":"testing-api-for-broken-object-level-authorization","path":"skills/testing-api-for-broken-object-level-authorization"},{"name":"testing-api-for-mass-assignment-vulnerability","path":"skills/testing-api-for-mass-assignment-vulnerability"},{"name":"testing-api-security-with-owasp-top-10","path":"skills/testing-api-security-with-owasp-top-10"},{"name":"testing-cors-misconfiguration","path":"skills/testing-cors-misconfiguration"},{"name":"testing-for-broken-access-control","path":"skills/testing-for-broken-access-control"},{"name":"testing-for-business-logic-vulnerabilities","path":"skills/testing-for-business-logic-vulnerabilities"},{"name":"testing-for-email-header-injection","path":"skills/testing-for-email-header-injection"},{"name":"testing-for-host-header-injection","path":"skills/testing-for-host-header-injection"},{"name":"testing-for-json-web-token-vulnerabilities","path":"skills/testing-for-json-web-token-vulnerabilities"},{"name":"testing-for-open-redirect-vulnerabilities","path":"skills/testing-for-open-redirect-vulnerabilities"},{"name":"testing-for-sensitive-data-exposure","path":"skills/testing-for-sensitive-data-exposure"},{"name":"testing-for-xml-injection-vulnerabilities","path":"skills/testing-for-xml-injection-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities","path":"skills/testing-for-xss-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities-with-burpsuite","path":"skills/testing-for-xss-vulnerabilities-with-burpsuite"},{"name":"testing-for-xxe-injection-vulnerabilities","path":"skills/testing-for-xxe-injection-vulnerabilities"},{"name":"testing-jwt-token-security","path":"skills/testing-jwt-token-security"},{"name":"testing-mobile-api-authentication","path":"skills/testing-mobile-api-authentication"},{"name":"testing-oauth2-implementation-flaws","path":"skills/testing-oauth2-implementation-flaws"},{"name":"testing-ransomware-recovery-procedures","path":"skills/testing-ransomware-recovery-procedures"},{"name":"testing-websocket-api-security","path":"skills/testing-websocket-api-security"},{"name":"tracking-threat-actor-infrastructure","path":"skills/tracking-threat-actor-infrastructure"},{"name":"triaging-security-alerts-in-splunk","path":"skills/triaging-security-alerts-in-splunk"},{"name":"triaging-security-incident","path":"skills/triaging-security-incident"},{"name":"triaging-security-incident-with-ir-playbook","path":"skills/triaging-security-incident-with-ir-playbook"},{"name":"triaging-vulnerabilities-with-ssvc-framework","path":"skills/triaging-vulnerabilities-with-ssvc-framework"},{"name":"validating-backup-integrity-for-recovery","path":"skills/validating-backup-integrity-for-recovery"}]} \ No newline at end of file