diff --git a/index.json b/index.json
index bf70981e..5175d161 100644
--- a/index.json
+++ b/index.json
@@ -1 +1 @@
-{"version":"1.1.0","generated_at":"2026-04-05T23:56:33Z","repository":"https://github.com/mukul975/Anthropic-Cybersecurity-Skills","domain":"cybersecurity","total_skills":754,"skills":[{"name":"acquiring-disk-image-with-dd-and-dcfldd","description":"Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.","domain":"cybersecurity","path":"skills/acquiring-disk-image-with-dd-and-dcfldd"},{"name":"analyzing-active-directory-acl-abuse","description":"Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths","domain":"cybersecurity","path":"skills/analyzing-active-directory-acl-abuse"},{"name":"analyzing-android-malware-with-apktool","description":"Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.","domain":"cybersecurity","path":"skills/analyzing-android-malware-with-apktool"},{"name":"analyzing-api-gateway-access-logs","description":">","domain":"cybersecurity","path":"skills/analyzing-api-gateway-access-logs"},{"name":"analyzing-apt-group-with-mitre-navigator","description":"Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps","domain":"cybersecurity","path":"skills/analyzing-apt-group-with-mitre-navigator"},{"name":"analyzing-azure-activity-logs-for-threats","description":">","domain":"cybersecurity","path":"skills/analyzing-azure-activity-logs-for-threats"},{"name":"analyzing-bootkit-and-rootkit-samples","description":">","domain":"cybersecurity","path":"skills/analyzing-bootkit-and-rootkit-samples"},{"name":"analyzing-browser-forensics-with-hindsight","description":"Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.","domain":"cybersecurity","path":"skills/analyzing-browser-forensics-with-hindsight"},{"name":"analyzing-campaign-attribution-evidence","description":"Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr","domain":"cybersecurity","path":"skills/analyzing-campaign-attribution-evidence"},{"name":"analyzing-certificate-transparency-for-phishing","description":"Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,","domain":"cybersecurity","path":"skills/analyzing-certificate-transparency-for-phishing"},{"name":"analyzing-cloud-storage-access-patterns","description":"Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS","domain":"cybersecurity","path":"skills/analyzing-cloud-storage-access-patterns"},{"name":"analyzing-cobalt-strike-beacon-configuration","description":"Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure, malleable profiles, and operator tradecraft.","domain":"cybersecurity","path":"skills/analyzing-cobalt-strike-beacon-configuration"},{"name":"analyzing-cobaltstrike-malleable-c2-profiles","description":"Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract C2 indicators, detect evasion techniques, and generate network detection signatures.","domain":"cybersecurity","path":"skills/analyzing-cobaltstrike-malleable-c2-profiles"},{"name":"analyzing-command-and-control-communication","description":">","domain":"cybersecurity","path":"skills/analyzing-command-and-control-communication"},{"name":"analyzing-cyber-kill-chain","description":">","domain":"cybersecurity","path":"skills/analyzing-cyber-kill-chain"},{"name":"analyzing-disk-image-with-autopsy","description":"Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and build investigation timelines.","domain":"cybersecurity","path":"skills/analyzing-disk-image-with-autopsy"},{"name":"analyzing-dns-logs-for-exfiltration","description":"'Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert","domain":"cybersecurity","path":"skills/analyzing-dns-logs-for-exfiltration"},{"name":"analyzing-docker-container-forensics","description":"Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity and evidence.","domain":"cybersecurity","path":"skills/analyzing-docker-container-forensics"},{"name":"analyzing-email-headers-for-phishing-investigation","description":"Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify","domain":"cybersecurity","path":"skills/analyzing-email-headers-for-phishing-investigation"},{"name":"analyzing-ethereum-smart-contract-vulnerabilities","description":"Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.","domain":"cybersecurity","path":"skills/analyzing-ethereum-smart-contract-vulnerabilities"},{"name":"analyzing-golang-malware-with-ghidra","description":"Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.","domain":"cybersecurity","path":"skills/analyzing-golang-malware-with-ghidra"},{"name":"analyzing-heap-spray-exploitation","description":"Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.","domain":"cybersecurity","path":"skills/analyzing-heap-spray-exploitation"},{"name":"analyzing-indicators-of-compromise","description":"'Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts","domain":"cybersecurity","path":"skills/analyzing-indicators-of-compromise"},{"name":"analyzing-ios-app-security-with-objection","description":"'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that","domain":"cybersecurity","path":"skills/analyzing-ios-app-security-with-objection"},{"name":"analyzing-kubernetes-audit-logs","description":">","domain":"cybersecurity","path":"skills/analyzing-kubernetes-audit-logs"},{"name":"analyzing-linux-audit-logs-for-intrusion","description":">","domain":"cybersecurity","path":"skills/analyzing-linux-audit-logs-for-intrusion"},{"name":"analyzing-linux-elf-malware","description":">","domain":"cybersecurity","path":"skills/analyzing-linux-elf-malware"},{"name":"analyzing-linux-kernel-rootkits","description":"Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules), rkhunter system scanning, and /proc vs /sys discrepancy analysis to identify hooked syscalls, hidden kernel modules, and tampered system structures.","domain":"cybersecurity","path":"skills/analyzing-linux-kernel-rootkits"},{"name":"analyzing-linux-system-artifacts","description":"Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.","domain":"cybersecurity","path":"skills/analyzing-linux-system-artifacts"},{"name":"analyzing-lnk-file-and-jump-list-artifacts","description":"Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.","domain":"cybersecurity","path":"skills/analyzing-lnk-file-and-jump-list-artifacts"},{"name":"analyzing-macro-malware-in-office-documents","description":"'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download","domain":"cybersecurity","path":"skills/analyzing-macro-malware-in-office-documents"},{"name":"analyzing-malicious-pdf-with-peepdf","description":"Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.","domain":"cybersecurity","path":"skills/analyzing-malicious-pdf-with-peepdf"},{"name":"analyzing-malicious-url-with-urlscan","description":"URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,","domain":"cybersecurity","path":"skills/analyzing-malicious-url-with-urlscan"},{"name":"analyzing-malware-behavior-with-cuckoo-sandbox","description":">","domain":"cybersecurity","path":"skills/analyzing-malware-behavior-with-cuckoo-sandbox"},{"name":"analyzing-malware-family-relationships-with-malpedia","description":"Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.","domain":"cybersecurity","path":"skills/analyzing-malware-family-relationships-with-malpedia"},{"name":"analyzing-malware-persistence-with-autoruns","description":"","domain":"cybersecurity","path":"skills/analyzing-malware-persistence-with-autoruns"},{"name":"analyzing-malware-sandbox-evasion-techniques","description":"Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction","domain":"cybersecurity","path":"skills/analyzing-malware-sandbox-evasion-techniques"},{"name":"analyzing-memory-dumps-with-volatility","description":">","domain":"cybersecurity","path":"skills/analyzing-memory-dumps-with-volatility"},{"name":"analyzing-memory-forensics-with-lime-and-volatility","description":">","domain":"cybersecurity","path":"skills/analyzing-memory-forensics-with-lime-and-volatility"},{"name":"analyzing-mft-for-deleted-file-recovery","description":"Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record entries, $LogFile, $UsnJrnl, and MFT slack space using MFTECmd, analyzeMFT, and X-Ways Forensics.","domain":"cybersecurity","path":"skills/analyzing-mft-for-deleted-file-recovery"},{"name":"analyzing-network-covert-channels-in-malware","description":"Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,","domain":"cybersecurity","path":"skills/analyzing-network-covert-channels-in-malware"},{"name":"analyzing-network-flow-data-with-netflow","description":">-","domain":"cybersecurity","path":"skills/analyzing-network-flow-data-with-netflow"},{"name":"analyzing-network-packets-with-scapy","description":"Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing","domain":"cybersecurity","path":"skills/analyzing-network-packets-with-scapy"},{"name":"analyzing-network-traffic-for-incidents","description":">","domain":"cybersecurity","path":"skills/analyzing-network-traffic-for-incidents"},{"name":"analyzing-network-traffic-of-malware","description":">","domain":"cybersecurity","path":"skills/analyzing-network-traffic-of-malware"},{"name":"analyzing-network-traffic-with-wireshark","description":">","domain":"cybersecurity","path":"skills/analyzing-network-traffic-with-wireshark"},{"name":"analyzing-office365-audit-logs-for-compromise","description":"Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation, suspicious OAuth app grants, and other indicators of account compromise.","domain":"cybersecurity","path":"skills/analyzing-office365-audit-logs-for-compromise"},{"name":"analyzing-outlook-pst-for-email-forensics","description":"Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,","domain":"cybersecurity","path":"skills/analyzing-outlook-pst-for-email-forensics"},{"name":"analyzing-packed-malware-with-upx-unpacker","description":">","domain":"cybersecurity","path":"skills/analyzing-packed-malware-with-upx-unpacker"},{"name":"analyzing-pdf-malware-with-pdfid","description":">","domain":"cybersecurity","path":"skills/analyzing-pdf-malware-with-pdfid"},{"name":"analyzing-persistence-mechanisms-in-linux","description":"","domain":"cybersecurity","path":"skills/analyzing-persistence-mechanisms-in-linux"},{"name":"analyzing-powershell-empire-artifacts","description":"Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns,","domain":"cybersecurity","path":"skills/analyzing-powershell-empire-artifacts"},{"name":"analyzing-powershell-script-block-logging","description":">-","domain":"cybersecurity","path":"skills/analyzing-powershell-script-block-logging"},{"name":"analyzing-prefetch-files-for-execution-history","description":"Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.","domain":"cybersecurity","path":"skills/analyzing-prefetch-files-for-execution-history"},{"name":"analyzing-ransomware-encryption-mechanisms","description":">","domain":"cybersecurity","path":"skills/analyzing-ransomware-encryption-mechanisms"},{"name":"analyzing-ransomware-leak-site-intelligence","description":"Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.","domain":"cybersecurity","path":"skills/analyzing-ransomware-leak-site-intelligence"},{"name":"analyzing-ransomware-network-indicators","description":"Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration","domain":"cybersecurity","path":"skills/analyzing-ransomware-network-indicators"},{"name":"analyzing-ransomware-payment-wallets","description":">","domain":"cybersecurity","path":"skills/analyzing-ransomware-payment-wallets"},{"name":"analyzing-sbom-for-supply-chain-vulnerabilities","description":"'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities","domain":"cybersecurity","path":"skills/analyzing-sbom-for-supply-chain-vulnerabilities"},{"name":"analyzing-security-logs-with-splunk","description":"","domain":"cybersecurity","path":"skills/analyzing-security-logs-with-splunk"},{"name":"analyzing-slack-space-and-file-system-artifacts","description":"Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.","domain":"cybersecurity","path":"skills/analyzing-slack-space-and-file-system-artifacts"},{"name":"analyzing-supply-chain-malware-artifacts","description":"Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,","domain":"cybersecurity","path":"skills/analyzing-supply-chain-malware-artifacts"},{"name":"analyzing-threat-actor-ttps-with-mitre-attack","description":"MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-attack"},{"name":"analyzing-threat-actor-ttps-with-mitre-navigator","description":"'Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-navigator"},{"name":"analyzing-threat-intelligence-feeds","description":">","domain":"cybersecurity","path":"skills/analyzing-threat-intelligence-feeds"},{"name":"analyzing-threat-landscape-with-misp","description":"Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,","domain":"cybersecurity","path":"skills/analyzing-threat-landscape-with-misp"},{"name":"analyzing-tls-certificate-transparency-logs","description":"'Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate","domain":"cybersecurity","path":"skills/analyzing-tls-certificate-transparency-logs"},{"name":"analyzing-typosquatting-domains-with-dnstwist","description":"Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations","domain":"cybersecurity","path":"skills/analyzing-typosquatting-domains-with-dnstwist"},{"name":"analyzing-uefi-bootkit-persistence","description":"'Analyzes UEFI bootkit persistence mechanisms including firmware implants in SPI flash, EFI System Partition","domain":"cybersecurity","path":"skills/analyzing-uefi-bootkit-persistence"},{"name":"analyzing-usb-device-connection-history","description":"Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable media usage and potential data exfiltration.","domain":"cybersecurity","path":"skills/analyzing-usb-device-connection-history"},{"name":"analyzing-web-server-logs-for-intrusion","description":">-","domain":"cybersecurity","path":"skills/analyzing-web-server-logs-for-intrusion"},{"name":"analyzing-windows-amcache-artifacts","description":">","domain":"cybersecurity","path":"skills/analyzing-windows-amcache-artifacts"},{"name":"analyzing-windows-event-logs-in-splunk","description":"'Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege","domain":"cybersecurity","path":"skills/analyzing-windows-event-logs-in-splunk"},{"name":"analyzing-windows-lnk-files-for-artifacts","description":"Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.","domain":"cybersecurity","path":"skills/analyzing-windows-lnk-files-for-artifacts"},{"name":"analyzing-windows-prefetch-with-python","description":"Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.","domain":"cybersecurity","path":"skills/analyzing-windows-prefetch-with-python"},{"name":"analyzing-windows-registry-for-artifacts","description":"Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and evidence of system compromise.","domain":"cybersecurity","path":"skills/analyzing-windows-registry-for-artifacts"},{"name":"analyzing-windows-shellbag-artifacts","description":"Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable media and network shares, and establish user interaction with directories even after deletion using SBECmd and ShellBags Explorer.","domain":"cybersecurity","path":"skills/analyzing-windows-shellbag-artifacts"},{"name":"auditing-aws-s3-bucket-permissions","description":">","domain":"cybersecurity","path":"skills/auditing-aws-s3-bucket-permissions"},{"name":"auditing-azure-active-directory-configuration","description":">","domain":"cybersecurity","path":"skills/auditing-azure-active-directory-configuration"},{"name":"auditing-cloud-with-cis-benchmarks","description":"'This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS,","domain":"cybersecurity","path":"skills/auditing-cloud-with-cis-benchmarks"},{"name":"auditing-gcp-iam-permissions","description":">","domain":"cybersecurity","path":"skills/auditing-gcp-iam-permissions"},{"name":"auditing-kubernetes-cluster-rbac","description":">","domain":"cybersecurity","path":"skills/auditing-kubernetes-cluster-rbac"},{"name":"auditing-terraform-infrastructure-for-security","description":">","domain":"cybersecurity","path":"skills/auditing-terraform-infrastructure-for-security"},{"name":"auditing-tls-certificate-transparency-logs","description":">","domain":"cybersecurity","path":"skills/auditing-tls-certificate-transparency-logs"},{"name":"automating-ioc-enrichment","description":">","domain":"cybersecurity","path":"skills/automating-ioc-enrichment"},{"name":"building-adversary-infrastructure-tracking-system","description":"Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS data, and IP enrichment to map and monitor threat actor command-and-control networks.","domain":"cybersecurity","path":"skills/building-adversary-infrastructure-tracking-system"},{"name":"building-attack-pattern-library-from-cti-reports","description":"Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library","domain":"cybersecurity","path":"skills/building-attack-pattern-library-from-cti-reports"},{"name":"building-automated-malware-submission-pipeline","description":">","domain":"cybersecurity","path":"skills/building-automated-malware-submission-pipeline"},{"name":"building-c2-infrastructure-with-sliver-framework","description":"Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with","domain":"cybersecurity","path":"skills/building-c2-infrastructure-with-sliver-framework"},{"name":"building-cloud-siem-with-sentinel","description":"'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security","domain":"cybersecurity","path":"skills/building-cloud-siem-with-sentinel"},{"name":"building-detection-rule-with-splunk-spl","description":"Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify","domain":"cybersecurity","path":"skills/building-detection-rule-with-splunk-spl"},{"name":"building-detection-rules-with-sigma","description":"'Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms","domain":"cybersecurity","path":"skills/building-detection-rules-with-sigma"},{"name":"building-devsecops-pipeline-with-gitlab-ci","description":"Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.","domain":"cybersecurity","path":"skills/building-devsecops-pipeline-with-gitlab-ci"},{"name":"building-identity-federation-with-saml-azure-ad","description":"Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID) for seamless cross-domain authentication and SSO to cloud applications.","domain":"cybersecurity","path":"skills/building-identity-federation-with-saml-azure-ad"},{"name":"building-identity-governance-lifecycle-process","description":"'Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,","domain":"cybersecurity","path":"skills/building-identity-governance-lifecycle-process"},{"name":"building-incident-response-dashboard","description":">","domain":"cybersecurity","path":"skills/building-incident-response-dashboard"},{"name":"building-incident-response-playbook","description":">","domain":"cybersecurity","path":"skills/building-incident-response-playbook"},{"name":"building-incident-timeline-with-timesketch","description":"","domain":"cybersecurity","path":"skills/building-incident-timeline-with-timesketch"},{"name":"building-ioc-defanging-and-sharing-pipeline","description":"Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.","domain":"cybersecurity","path":"skills/building-ioc-defanging-and-sharing-pipeline"},{"name":"building-ioc-enrichment-pipeline-with-opencti","description":"OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O","domain":"cybersecurity","path":"skills/building-ioc-enrichment-pipeline-with-opencti"},{"name":"building-malware-incident-communication-template","description":"Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.","domain":"cybersecurity","path":"skills/building-malware-incident-communication-template"},{"name":"building-patch-tuesday-response-process","description":"Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.","domain":"cybersecurity","path":"skills/building-patch-tuesday-response-process"},{"name":"building-phishing-reporting-button-workflow","description":"Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.","domain":"cybersecurity","path":"skills/building-phishing-reporting-button-workflow"},{"name":"building-ransomware-playbook-with-cisa-framework","description":">","domain":"cybersecurity","path":"skills/building-ransomware-playbook-with-cisa-framework"},{"name":"building-red-team-c2-infrastructure-with-havoc","description":"Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for","domain":"cybersecurity","path":"skills/building-red-team-c2-infrastructure-with-havoc"},{"name":"building-role-mining-for-rbac-optimization","description":"Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.","domain":"cybersecurity","path":"skills/building-role-mining-for-rbac-optimization"},{"name":"building-soc-escalation-matrix","description":"Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.","domain":"cybersecurity","path":"skills/building-soc-escalation-matrix"},{"name":"building-soc-metrics-and-kpi-tracking","description":"'Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to","domain":"cybersecurity","path":"skills/building-soc-metrics-and-kpi-tracking"},{"name":"building-soc-playbook-for-ransomware","description":"","domain":"cybersecurity","path":"skills/building-soc-playbook-for-ransomware"},{"name":"building-threat-actor-profile-from-osint","description":"Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary motivations, capabilities, infrastructure, and TTPs for proactive defense.","domain":"cybersecurity","path":"skills/building-threat-actor-profile-from-osint"},{"name":"building-threat-feed-aggregation-with-misp","description":"Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.","domain":"cybersecurity","path":"skills/building-threat-feed-aggregation-with-misp"},{"name":"building-threat-hunt-hypothesis-framework","description":"Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and environmental data into testable hunting hypotheses.","domain":"cybersecurity","path":"skills/building-threat-hunt-hypothesis-framework"},{"name":"building-threat-intelligence-enrichment-in-splunk","description":"Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular inputs, and the Threat Intelligence Framework.","domain":"cybersecurity","path":"skills/building-threat-intelligence-enrichment-in-splunk"},{"name":"building-threat-intelligence-feed-integration","description":">","domain":"cybersecurity","path":"skills/building-threat-intelligence-feed-integration"},{"name":"building-threat-intelligence-platform","description":"Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T","domain":"cybersecurity","path":"skills/building-threat-intelligence-platform"},{"name":"building-vulnerability-aging-and-sla-tracking","description":"Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.","domain":"cybersecurity","path":"skills/building-vulnerability-aging-and-sla-tracking"},{"name":"building-vulnerability-dashboard-with-defectdojo","description":"Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.","domain":"cybersecurity","path":"skills/building-vulnerability-dashboard-with-defectdojo"},{"name":"building-vulnerability-exception-tracking-system","description":"Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.","domain":"cybersecurity","path":"skills/building-vulnerability-exception-tracking-system"},{"name":"building-vulnerability-scanning-workflow","description":">","domain":"cybersecurity","path":"skills/building-vulnerability-scanning-workflow"},{"name":"bypassing-authentication-with-forced-browsing","description":"Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.","domain":"cybersecurity","path":"skills/bypassing-authentication-with-forced-browsing"},{"name":"collecting-indicators-of-compromise","description":">","domain":"cybersecurity","path":"skills/collecting-indicators-of-compromise"},{"name":"collecting-open-source-intelligence","description":">","domain":"cybersecurity","path":"skills/collecting-open-source-intelligence"},{"name":"collecting-threat-intelligence-with-misp","description":"MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat","domain":"cybersecurity","path":"skills/collecting-threat-intelligence-with-misp"},{"name":"collecting-volatile-evidence-from-compromised-host","description":"Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory, network connections, processes, and system state before they are lost.","domain":"cybersecurity","path":"skills/collecting-volatile-evidence-from-compromised-host"},{"name":"conducting-api-security-testing","description":">","domain":"cybersecurity","path":"skills/conducting-api-security-testing"},{"name":"conducting-cloud-incident-response","description":">","domain":"cybersecurity","path":"skills/conducting-cloud-incident-response"},{"name":"conducting-cloud-penetration-testing","description":"'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP","domain":"cybersecurity","path":"skills/conducting-cloud-penetration-testing"},{"name":"conducting-domain-persistence-with-dcsync","description":"Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting","domain":"cybersecurity","path":"skills/conducting-domain-persistence-with-dcsync"},{"name":"conducting-external-reconnaissance-with-osint","description":">","domain":"cybersecurity","path":"skills/conducting-external-reconnaissance-with-osint"},{"name":"conducting-full-scope-red-team-engagement","description":"Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using","domain":"cybersecurity","path":"skills/conducting-full-scope-red-team-engagement"},{"name":"conducting-internal-network-penetration-test","description":"Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify","domain":"cybersecurity","path":"skills/conducting-internal-network-penetration-test"},{"name":"conducting-internal-reconnaissance-with-bloodhound-ce","description":"Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify","domain":"cybersecurity","path":"skills/conducting-internal-reconnaissance-with-bloodhound-ce"},{"name":"conducting-malware-incident-response","description":"","domain":"cybersecurity","path":"skills/conducting-malware-incident-response"},{"name":"conducting-man-in-the-middle-attack-simulation","description":">","domain":"cybersecurity","path":"skills/conducting-man-in-the-middle-attack-simulation"},{"name":"conducting-memory-forensics-with-volatility","description":">","domain":"cybersecurity","path":"skills/conducting-memory-forensics-with-volatility"},{"name":"conducting-mobile-app-penetration-test","description":"'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security","domain":"cybersecurity","path":"skills/conducting-mobile-app-penetration-test"},{"name":"conducting-network-penetration-test","description":">","domain":"cybersecurity","path":"skills/conducting-network-penetration-test"},{"name":"conducting-pass-the-ticket-attack","description":"Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate","domain":"cybersecurity","path":"skills/conducting-pass-the-ticket-attack"},{"name":"conducting-phishing-incident-response","description":">","domain":"cybersecurity","path":"skills/conducting-phishing-incident-response"},{"name":"conducting-post-incident-lessons-learned","description":"Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce actionable recommendations to improve future incident response.","domain":"cybersecurity","path":"skills/conducting-post-incident-lessons-learned"},{"name":"conducting-social-engineering-penetration-test","description":"Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical","domain":"cybersecurity","path":"skills/conducting-social-engineering-penetration-test"},{"name":"conducting-social-engineering-pretext-call","description":"Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social","domain":"cybersecurity","path":"skills/conducting-social-engineering-pretext-call"},{"name":"conducting-spearphishing-simulation-campaign","description":"Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.","domain":"cybersecurity","path":"skills/conducting-spearphishing-simulation-campaign"},{"name":"conducting-wireless-network-penetration-test","description":">","domain":"cybersecurity","path":"skills/conducting-wireless-network-penetration-test"},{"name":"configuring-active-directory-tiered-model","description":"Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f","domain":"cybersecurity","path":"skills/configuring-active-directory-tiered-model"},{"name":"configuring-aws-verified-access-for-ztna","description":"Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.","domain":"cybersecurity","path":"skills/configuring-aws-verified-access-for-ztna"},{"name":"configuring-certificate-authority-with-openssl","description":"A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking digital certificates. This skill covers building a two-tier CA hierarchy (Root CA +","domain":"cybersecurity","path":"skills/configuring-certificate-authority-with-openssl"},{"name":"configuring-host-based-intrusion-detection","description":">","domain":"cybersecurity","path":"skills/configuring-host-based-intrusion-detection"},{"name":"configuring-hsm-for-key-storage","description":"Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and","domain":"cybersecurity","path":"skills/configuring-hsm-for-key-storage"},{"name":"configuring-identity-aware-proxy-with-google-iap","description":">","domain":"cybersecurity","path":"skills/configuring-identity-aware-proxy-with-google-iap"},{"name":"configuring-ldap-security-hardening","description":"Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous binding, and channel binding bypass. Covers LDAPS enforcement, channel binding, LDAP si","domain":"cybersecurity","path":"skills/configuring-ldap-security-hardening"},{"name":"configuring-microsegmentation-for-zero-trust","description":"Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like VMware NSX, Illumio, and Calico, preventing lateral movement in zero trust architectures.","domain":"cybersecurity","path":"skills/configuring-microsegmentation-for-zero-trust"},{"name":"configuring-multi-factor-authentication-with-duo","description":"Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust","domain":"cybersecurity","path":"skills/configuring-multi-factor-authentication-with-duo"},{"name":"configuring-network-segmentation-with-vlans","description":">","domain":"cybersecurity","path":"skills/configuring-network-segmentation-with-vlans"},{"name":"configuring-oauth2-authorization-flow","description":"Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token","domain":"cybersecurity","path":"skills/configuring-oauth2-authorization-flow"},{"name":"configuring-pfsense-firewall-rules","description":">","domain":"cybersecurity","path":"skills/configuring-pfsense-firewall-rules"},{"name":"configuring-snort-ids-for-intrusion-detection","description":">","domain":"cybersecurity","path":"skills/configuring-snort-ids-for-intrusion-detection"},{"name":"configuring-suricata-for-network-monitoring","description":">","domain":"cybersecurity","path":"skills/configuring-suricata-for-network-monitoring"},{"name":"configuring-tls-1-3-for-secure-communications","description":"TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements over TLS 1.2 in both security and performance. It reduces handshake latency to 1-R","domain":"cybersecurity","path":"skills/configuring-tls-1-3-for-secure-communications"},{"name":"configuring-windows-defender-advanced-settings","description":">","domain":"cybersecurity","path":"skills/configuring-windows-defender-advanced-settings"},{"name":"configuring-windows-event-logging-for-detection","description":">","domain":"cybersecurity","path":"skills/configuring-windows-event-logging-for-detection"},{"name":"configuring-zscaler-private-access-for-ztna","description":">","domain":"cybersecurity","path":"skills/configuring-zscaler-private-access-for-ztna"},{"name":"containing-active-breach","description":">","domain":"cybersecurity","path":"skills/containing-active-breach"},{"name":"correlating-security-events-in-qradar","description":">","domain":"cybersecurity","path":"skills/correlating-security-events-in-qradar"},{"name":"correlating-threat-campaigns","description":">","domain":"cybersecurity","path":"skills/correlating-threat-campaigns"},{"name":"deobfuscating-javascript-malware","description":">","domain":"cybersecurity","path":"skills/deobfuscating-javascript-malware"},{"name":"deobfuscating-powershell-obfuscated-malware","description":"","domain":"cybersecurity","path":"skills/deobfuscating-powershell-obfuscated-malware"},{"name":"deploying-active-directory-honeytokens","description":">","domain":"cybersecurity","path":"skills/deploying-active-directory-honeytokens"},{"name":"deploying-cloudflare-access-for-zero-trust","description":"'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,","domain":"cybersecurity","path":"skills/deploying-cloudflare-access-for-zero-trust"},{"name":"deploying-decoy-files-for-ransomware-detection","description":">","domain":"cybersecurity","path":"skills/deploying-decoy-files-for-ransomware-detection"},{"name":"deploying-edr-agent-with-crowdstrike","description":"'Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat","domain":"cybersecurity","path":"skills/deploying-edr-agent-with-crowdstrike"},{"name":"deploying-osquery-for-endpoint-monitoring","description":">","domain":"cybersecurity","path":"skills/deploying-osquery-for-endpoint-monitoring"},{"name":"deploying-palo-alto-prisma-access-zero-trust","description":"'Deploying Palo Alto Networks Prisma Access for SASE-based zero trust network access using GlobalProtect agents,","domain":"cybersecurity","path":"skills/deploying-palo-alto-prisma-access-zero-trust"},{"name":"deploying-ransomware-canary-files","description":">","domain":"cybersecurity","path":"skills/deploying-ransomware-canary-files"},{"name":"deploying-software-defined-perimeter","description":"Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual TLS, and SDP controller/gateway configuration to enforce zero trust network access.","domain":"cybersecurity","path":"skills/deploying-software-defined-perimeter"},{"name":"deploying-tailscale-for-zero-trust-vpn","description":"Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls, ACLs, and exit nodes for secure peer-to-peer connectivity.","domain":"cybersecurity","path":"skills/deploying-tailscale-for-zero-trust-vpn"},{"name":"detecting-ai-model-prompt-injection-attacks","description":"'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex","domain":"cybersecurity","path":"skills/detecting-ai-model-prompt-injection-attacks"},{"name":"detecting-anomalies-in-industrial-control-systems","description":"'This skill covers deploying anomaly detection systems for industrial control environments using machine learning","domain":"cybersecurity","path":"skills/detecting-anomalies-in-industrial-control-systems"},{"name":"detecting-anomalous-authentication-patterns","description":"'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning","domain":"cybersecurity","path":"skills/detecting-anomalous-authentication-patterns"},{"name":"detecting-api-enumeration-attacks","description":"Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.","domain":"cybersecurity","path":"skills/detecting-api-enumeration-attacks"},{"name":"detecting-arp-poisoning-in-network-traffic","description":"Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.","domain":"cybersecurity","path":"skills/detecting-arp-poisoning-in-network-traffic"},{"name":"detecting-attacks-on-historian-servers","description":">","domain":"cybersecurity","path":"skills/detecting-attacks-on-historian-servers"},{"name":"detecting-attacks-on-scada-systems","description":"'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems","domain":"cybersecurity","path":"skills/detecting-attacks-on-scada-systems"},{"name":"detecting-aws-cloudtrail-anomalies","description":"Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.","domain":"cybersecurity","path":"skills/detecting-aws-cloudtrail-anomalies"},{"name":"detecting-aws-credential-exposure-with-trufflehog","description":">","domain":"cybersecurity","path":"skills/detecting-aws-credential-exposure-with-trufflehog"},{"name":"detecting-aws-guardduty-findings-automation","description":"Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.","domain":"cybersecurity","path":"skills/detecting-aws-guardduty-findings-automation"},{"name":"detecting-aws-iam-privilege-escalation","description":"Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations","domain":"cybersecurity","path":"skills/detecting-aws-iam-privilege-escalation"},{"name":"detecting-azure-lateral-movement","description":"Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.","domain":"cybersecurity","path":"skills/detecting-azure-lateral-movement"},{"name":"detecting-azure-service-principal-abuse","description":"Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin","domain":"cybersecurity","path":"skills/detecting-azure-service-principal-abuse"},{"name":"detecting-azure-storage-account-misconfigurations","description":"Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing","domain":"cybersecurity","path":"skills/detecting-azure-storage-account-misconfigurations"},{"name":"detecting-beaconing-patterns-with-zeek","description":">","domain":"cybersecurity","path":"skills/detecting-beaconing-patterns-with-zeek"},{"name":"detecting-bluetooth-low-energy-attacks","description":">","domain":"cybersecurity","path":"skills/detecting-bluetooth-low-energy-attacks"},{"name":"detecting-broken-object-property-level-authorization","description":"Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive data exposure and mass assignment attacks.","domain":"cybersecurity","path":"skills/detecting-broken-object-property-level-authorization"},{"name":"detecting-business-email-compromise","description":"Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors,","domain":"cybersecurity","path":"skills/detecting-business-email-compromise"},{"name":"detecting-business-email-compromise-with-ai","description":"Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing","domain":"cybersecurity","path":"skills/detecting-business-email-compromise-with-ai"},{"name":"detecting-cloud-threats-with-guardduty","description":">","domain":"cybersecurity","path":"skills/detecting-cloud-threats-with-guardduty"},{"name":"detecting-command-and-control-over-dns","description":">","domain":"cybersecurity","path":"skills/detecting-command-and-control-over-dns"},{"name":"detecting-compromised-cloud-credentials","description":">","domain":"cybersecurity","path":"skills/detecting-compromised-cloud-credentials"},{"name":"detecting-container-drift-at-runtime","description":"Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system changes, and configuration deviations from the original container image.","domain":"cybersecurity","path":"skills/detecting-container-drift-at-runtime"},{"name":"detecting-container-escape-attempts","description":"Container escape is a critical attack technique where an adversary breaks out of container isolation to access","domain":"cybersecurity","path":"skills/detecting-container-escape-attempts"},{"name":"detecting-container-escape-with-falco-rules","description":"Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file","domain":"cybersecurity","path":"skills/detecting-container-escape-with-falco-rules"},{"name":"detecting-credential-dumping-techniques","description":"Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows","domain":"cybersecurity","path":"skills/detecting-credential-dumping-techniques"},{"name":"detecting-cryptomining-in-cloud","description":">","domain":"cybersecurity","path":"skills/detecting-cryptomining-in-cloud"},{"name":"detecting-dcsync-attack-in-active-directory","description":"Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes","domain":"cybersecurity","path":"skills/detecting-dcsync-attack-in-active-directory"},{"name":"detecting-deepfake-audio-in-vishing-attacks","description":"'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features","domain":"cybersecurity","path":"skills/detecting-deepfake-audio-in-vishing-attacks"},{"name":"detecting-dll-sideloading-attacks","description":"Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack","domain":"cybersecurity","path":"skills/detecting-dll-sideloading-attacks"},{"name":"detecting-dnp3-protocol-anomalies","description":"'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring","domain":"cybersecurity","path":"skills/detecting-dnp3-protocol-anomalies"},{"name":"detecting-dns-exfiltration-with-dns-query-analysis","description":"Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.","domain":"cybersecurity","path":"skills/detecting-dns-exfiltration-with-dns-query-analysis"},{"name":"detecting-email-account-compromise","description":"Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.","domain":"cybersecurity","path":"skills/detecting-email-account-compromise"},{"name":"detecting-email-forwarding-rules-attack","description":"Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications","domain":"cybersecurity","path":"skills/detecting-email-forwarding-rules-attack"},{"name":"detecting-evasion-techniques-in-endpoint-logs","description":"'Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,","domain":"cybersecurity","path":"skills/detecting-evasion-techniques-in-endpoint-logs"},{"name":"detecting-exfiltration-over-dns-with-zeek","description":"Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns","domain":"cybersecurity","path":"skills/detecting-exfiltration-over-dns-with-zeek"},{"name":"detecting-fileless-attacks-on-endpoints","description":">","domain":"cybersecurity","path":"skills/detecting-fileless-attacks-on-endpoints"},{"name":"detecting-fileless-malware-techniques","description":"'Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,","domain":"cybersecurity","path":"skills/detecting-fileless-malware-techniques"},{"name":"detecting-golden-ticket-attacks-in-kerberos-logs","description":"Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption types, impossible ticket lifetimes, non-existent accounts, and forged PAC signatures in domain controller event logs.","domain":"cybersecurity","path":"skills/detecting-golden-ticket-attacks-in-kerberos-logs"},{"name":"detecting-golden-ticket-forgery","description":"Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17),","domain":"cybersecurity","path":"skills/detecting-golden-ticket-forgery"},{"name":"detecting-insider-data-exfiltration-via-dlp","description":">","domain":"cybersecurity","path":"skills/detecting-insider-data-exfiltration-via-dlp"},{"name":"detecting-insider-threat-behaviors","description":"Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,","domain":"cybersecurity","path":"skills/detecting-insider-threat-behaviors"},{"name":"detecting-insider-threat-with-ueba","description":"Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.","domain":"cybersecurity","path":"skills/detecting-insider-threat-with-ueba"},{"name":"detecting-kerberoasting-attacks","description":"Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with","domain":"cybersecurity","path":"skills/detecting-kerberoasting-attacks"},{"name":"detecting-lateral-movement-in-network","description":"'Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-in-network"},{"name":"detecting-lateral-movement-with-splunk","description":"Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-splunk"},{"name":"detecting-lateral-movement-with-zeek","description":">","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-zeek"},{"name":"detecting-living-off-the-land-attacks","description":"'Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-attacks"},{"name":"detecting-living-off-the-land-with-lolbas","description":"Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-with-lolbas"},{"name":"detecting-malicious-scheduled-tasks-with-sysmon","description":"'Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe),","domain":"cybersecurity","path":"skills/detecting-malicious-scheduled-tasks-with-sysmon"},{"name":"detecting-mimikatz-execution-patterns","description":"Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory","domain":"cybersecurity","path":"skills/detecting-mimikatz-execution-patterns"},{"name":"detecting-misconfigured-azure-storage","description":"'Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption","domain":"cybersecurity","path":"skills/detecting-misconfigured-azure-storage"},{"name":"detecting-mobile-malware-behavior","description":">","domain":"cybersecurity","path":"skills/detecting-mobile-malware-behavior"},{"name":"detecting-modbus-command-injection-attacks","description":">","domain":"cybersecurity","path":"skills/detecting-modbus-command-injection-attacks"},{"name":"detecting-modbus-protocol-anomalies","description":"'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.","domain":"cybersecurity","path":"skills/detecting-modbus-protocol-anomalies"},{"name":"detecting-network-anomalies-with-zeek","description":">","domain":"cybersecurity","path":"skills/detecting-network-anomalies-with-zeek"},{"name":"detecting-network-scanning-with-ids-signatures","description":"Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.","domain":"cybersecurity","path":"skills/detecting-network-scanning-with-ids-signatures"},{"name":"detecting-ntlm-relay-with-event-correlation","description":"'Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for","domain":"cybersecurity","path":"skills/detecting-ntlm-relay-with-event-correlation"},{"name":"detecting-oauth-token-theft","description":">","domain":"cybersecurity","path":"skills/detecting-oauth-token-theft"},{"name":"detecting-pass-the-hash-attacks","description":"Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where","domain":"cybersecurity","path":"skills/detecting-pass-the-hash-attacks"},{"name":"detecting-pass-the-ticket-attacks","description":"Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous","domain":"cybersecurity","path":"skills/detecting-pass-the-ticket-attacks"},{"name":"detecting-port-scanning-with-fail2ban","description":">","domain":"cybersecurity","path":"skills/detecting-port-scanning-with-fail2ban"},{"name":"detecting-privilege-escalation-attempts","description":"Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-attempts"},{"name":"detecting-privilege-escalation-in-kubernetes-pods","description":"Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-in-kubernetes-pods"},{"name":"detecting-process-hollowing-technique","description":"Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child","domain":"cybersecurity","path":"skills/detecting-process-hollowing-technique"},{"name":"detecting-process-injection-techniques","description":"'Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,","domain":"cybersecurity","path":"skills/detecting-process-injection-techniques"},{"name":"detecting-qr-code-phishing-with-email-security","description":"Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious","domain":"cybersecurity","path":"skills/detecting-qr-code-phishing-with-email-security"},{"name":"detecting-ransomware-encryption-behavior","description":">","domain":"cybersecurity","path":"skills/detecting-ransomware-encryption-behavior"},{"name":"detecting-ransomware-precursors-in-network","description":">","domain":"cybersecurity","path":"skills/detecting-ransomware-precursors-in-network"},{"name":"detecting-rdp-brute-force-attacks","description":"Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.","domain":"cybersecurity","path":"skills/detecting-rdp-brute-force-attacks"},{"name":"detecting-rootkit-activity","description":">","domain":"cybersecurity","path":"skills/detecting-rootkit-activity"},{"name":"detecting-s3-data-exfiltration-attempts","description":">","domain":"cybersecurity","path":"skills/detecting-s3-data-exfiltration-attempts"},{"name":"detecting-serverless-function-injection","description":">","domain":"cybersecurity","path":"skills/detecting-serverless-function-injection"},{"name":"detecting-service-account-abuse","description":"Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement,","domain":"cybersecurity","path":"skills/detecting-service-account-abuse"},{"name":"detecting-shadow-api-endpoints","description":"Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.","domain":"cybersecurity","path":"skills/detecting-shadow-api-endpoints"},{"name":"detecting-shadow-it-cloud-usage","description":"Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.","domain":"cybersecurity","path":"skills/detecting-shadow-it-cloud-usage"},{"name":"detecting-spearphishing-with-email-gateway","description":"Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,","domain":"cybersecurity","path":"skills/detecting-spearphishing-with-email-gateway"},{"name":"detecting-sql-injection-via-waf-logs","description":">-","domain":"cybersecurity","path":"skills/detecting-sql-injection-via-waf-logs"},{"name":"detecting-stuxnet-style-attacks","description":">","domain":"cybersecurity","path":"skills/detecting-stuxnet-style-attacks"},{"name":"detecting-supply-chain-attacks-in-ci-cd","description":"'Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned","domain":"cybersecurity","path":"skills/detecting-supply-chain-attacks-in-ci-cd"},{"name":"detecting-suspicious-oauth-application-consent","description":"Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.","domain":"cybersecurity","path":"skills/detecting-suspicious-oauth-application-consent"},{"name":"detecting-suspicious-powershell-execution","description":"Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,","domain":"cybersecurity","path":"skills/detecting-suspicious-powershell-execution"},{"name":"detecting-t1003-credential-dumping-with-edr","description":"Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials","domain":"cybersecurity","path":"skills/detecting-t1003-credential-dumping-with-edr"},{"name":"detecting-t1055-process-injection-with-sysmon","description":"Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection","domain":"cybersecurity","path":"skills/detecting-t1055-process-injection-with-sysmon"},{"name":"detecting-t1548-abuse-elevation-control-mechanism","description":"Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation","domain":"cybersecurity","path":"skills/detecting-t1548-abuse-elevation-control-mechanism"},{"name":"detecting-typosquatting-packages-in-npm-pypi","description":">","domain":"cybersecurity","path":"skills/detecting-typosquatting-packages-in-npm-pypi"},{"name":"detecting-wmi-persistence","description":"Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,","domain":"cybersecurity","path":"skills/detecting-wmi-persistence"},{"name":"eradicating-malware-from-infected-systems","description":"Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.","domain":"cybersecurity","path":"skills/eradicating-malware-from-infected-systems"},{"name":"evaluating-threat-intelligence-platforms","description":">","domain":"cybersecurity","path":"skills/evaluating-threat-intelligence-platforms"},{"name":"executing-active-directory-attack-simulation","description":"'Executes authorized attack simulations against Active Directory environments to identify misconfigurations,","domain":"cybersecurity","path":"skills/executing-active-directory-attack-simulation"},{"name":"executing-phishing-simulation-campaign","description":">","domain":"cybersecurity","path":"skills/executing-phishing-simulation-campaign"},{"name":"executing-red-team-engagement-planning","description":"Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.","domain":"cybersecurity","path":"skills/executing-red-team-engagement-planning"},{"name":"executing-red-team-exercise","description":"'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s","domain":"cybersecurity","path":"skills/executing-red-team-exercise"},{"name":"exploiting-active-directory-certificate-services-esc1","description":"Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates","domain":"cybersecurity","path":"skills/exploiting-active-directory-certificate-services-esc1"},{"name":"exploiting-active-directory-with-bloodhound","description":"BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and","domain":"cybersecurity","path":"skills/exploiting-active-directory-with-bloodhound"},{"name":"exploiting-api-injection-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-api-injection-vulnerabilities"},{"name":"exploiting-bgp-hijacking-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-bgp-hijacking-vulnerabilities"},{"name":"exploiting-broken-function-level-authorization","description":">","domain":"cybersecurity","path":"skills/exploiting-broken-function-level-authorization"},{"name":"exploiting-broken-link-hijacking","description":"Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned cloud resources, and dead external services that can be claimed by an attacker.","domain":"cybersecurity","path":"skills/exploiting-broken-link-hijacking"},{"name":"exploiting-constrained-delegation-abuse","description":"Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users","domain":"cybersecurity","path":"skills/exploiting-constrained-delegation-abuse"},{"name":"exploiting-deeplink-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-deeplink-vulnerabilities"},{"name":"exploiting-excessive-data-exposure-in-api","description":">","domain":"cybersecurity","path":"skills/exploiting-excessive-data-exposure-in-api"},{"name":"exploiting-http-request-smuggling","description":"Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.","domain":"cybersecurity","path":"skills/exploiting-http-request-smuggling"},{"name":"exploiting-idor-vulnerabilities","description":"Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.","domain":"cybersecurity","path":"skills/exploiting-idor-vulnerabilities"},{"name":"exploiting-insecure-data-storage-in-mobile","description":"'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including","domain":"cybersecurity","path":"skills/exploiting-insecure-data-storage-in-mobile"},{"name":"exploiting-insecure-deserialization","description":"Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications to achieve remote code execution during authorized penetration tests.","domain":"cybersecurity","path":"skills/exploiting-insecure-deserialization"},{"name":"exploiting-ipv6-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-ipv6-vulnerabilities"},{"name":"exploiting-jwt-algorithm-confusion-attack","description":">","domain":"cybersecurity","path":"skills/exploiting-jwt-algorithm-confusion-attack"},{"name":"exploiting-kerberoasting-with-impacket","description":"Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active","domain":"cybersecurity","path":"skills/exploiting-kerberoasting-with-impacket"},{"name":"exploiting-mass-assignment-in-rest-apis","description":"Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields, and bypass authorization controls by injecting unexpected parameters in API requests.","domain":"cybersecurity","path":"skills/exploiting-mass-assignment-in-rest-apis"},{"name":"exploiting-ms17-010-eternalblue-vulnerability","description":"MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code","domain":"cybersecurity","path":"skills/exploiting-ms17-010-eternalblue-vulnerability"},{"name":"exploiting-nopac-cve-2021-42278-42287","description":"Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)","domain":"cybersecurity","path":"skills/exploiting-nopac-cve-2021-42278-42287"},{"name":"exploiting-nosql-injection-vulnerabilities","description":"Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate authentication bypass, data extraction, and unauthorized access risks.","domain":"cybersecurity","path":"skills/exploiting-nosql-injection-vulnerabilities"},{"name":"exploiting-oauth-misconfiguration","description":"Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.","domain":"cybersecurity","path":"skills/exploiting-oauth-misconfiguration"},{"name":"exploiting-prototype-pollution-in-javascript","description":"Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications to achieve XSS, RCE, and authentication bypass through property injection.","domain":"cybersecurity","path":"skills/exploiting-prototype-pollution-in-javascript"},{"name":"exploiting-race-condition-vulnerabilities","description":"Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack technique to bypass rate limits, duplicate transactions, and exploit time-of-check-to-time-of-use flaws.","domain":"cybersecurity","path":"skills/exploiting-race-condition-vulnerabilities"},{"name":"exploiting-server-side-request-forgery","description":"Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.","domain":"cybersecurity","path":"skills/exploiting-server-side-request-forgery"},{"name":"exploiting-smb-vulnerabilities-with-metasploit","description":">","domain":"cybersecurity","path":"skills/exploiting-smb-vulnerabilities-with-metasploit"},{"name":"exploiting-sql-injection-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-sql-injection-vulnerabilities"},{"name":"exploiting-sql-injection-with-sqlmap","description":"Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.","domain":"cybersecurity","path":"skills/exploiting-sql-injection-with-sqlmap"},{"name":"exploiting-template-injection-vulnerabilities","description":"Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.","domain":"cybersecurity","path":"skills/exploiting-template-injection-vulnerabilities"},{"name":"exploiting-type-juggling-vulnerabilities","description":"Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.","domain":"cybersecurity","path":"skills/exploiting-type-juggling-vulnerabilities"},{"name":"exploiting-vulnerabilities-with-metasploit-framework","description":"The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules","domain":"cybersecurity","path":"skills/exploiting-vulnerabilities-with-metasploit-framework"},{"name":"exploiting-websocket-vulnerabilities","description":"Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.","domain":"cybersecurity","path":"skills/exploiting-websocket-vulnerabilities"},{"name":"exploiting-zerologon-vulnerability-cve-2020-1472","description":"Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller","domain":"cybersecurity","path":"skills/exploiting-zerologon-vulnerability-cve-2020-1472"},{"name":"extracting-browser-history-artifacts","description":"Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.","domain":"cybersecurity","path":"skills/extracting-browser-history-artifacts"},{"name":"extracting-config-from-agent-tesla-rat","description":"Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,","domain":"cybersecurity","path":"skills/extracting-config-from-agent-tesla-rat"},{"name":"extracting-credentials-from-memory-dump","description":"Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.","domain":"cybersecurity","path":"skills/extracting-credentials-from-memory-dump"},{"name":"extracting-iocs-from-malware-samples","description":">","domain":"cybersecurity","path":"skills/extracting-iocs-from-malware-samples"},{"name":"extracting-memory-artifacts-with-rekall","description":">","domain":"cybersecurity","path":"skills/extracting-memory-artifacts-with-rekall"},{"name":"extracting-windows-event-logs-artifacts","description":"Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.","domain":"cybersecurity","path":"skills/extracting-windows-event-logs-artifacts"},{"name":"generating-threat-intelligence-reports","description":">","domain":"cybersecurity","path":"skills/generating-threat-intelligence-reports"},{"name":"hardening-docker-containers-for-production","description":"Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas","domain":"cybersecurity","path":"skills/hardening-docker-containers-for-production"},{"name":"hardening-docker-daemon-configuration","description":"Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.","domain":"cybersecurity","path":"skills/hardening-docker-daemon-configuration"},{"name":"hardening-linux-endpoint-with-cis-benchmark","description":">","domain":"cybersecurity","path":"skills/hardening-linux-endpoint-with-cis-benchmark"},{"name":"hardening-windows-endpoint-with-cis-benchmark","description":">","domain":"cybersecurity","path":"skills/hardening-windows-endpoint-with-cis-benchmark"},{"name":"hunting-advanced-persistent-threats","description":"'Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven","domain":"cybersecurity","path":"skills/hunting-advanced-persistent-threats"},{"name":"hunting-credential-stuffing-attacks","description":">","domain":"cybersecurity","path":"skills/hunting-credential-stuffing-attacks"},{"name":"hunting-for-anomalous-powershell-execution","description":">","domain":"cybersecurity","path":"skills/hunting-for-anomalous-powershell-execution"},{"name":"hunting-for-beaconing-with-frequency-analysis","description":"Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis,","domain":"cybersecurity","path":"skills/hunting-for-beaconing-with-frequency-analysis"},{"name":"hunting-for-cobalt-strike-beacons","description":"Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.","domain":"cybersecurity","path":"skills/hunting-for-cobalt-strike-beacons"},{"name":"hunting-for-command-and-control-beaconing","description":"Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation","domain":"cybersecurity","path":"skills/hunting-for-command-and-control-beaconing"},{"name":"hunting-for-data-exfiltration-indicators","description":"Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud","domain":"cybersecurity","path":"skills/hunting-for-data-exfiltration-indicators"},{"name":"hunting-for-data-staging-before-exfiltration","description":"Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp","domain":"cybersecurity","path":"skills/hunting-for-data-staging-before-exfiltration"},{"name":"hunting-for-dcom-lateral-movement","description":"'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows","domain":"cybersecurity","path":"skills/hunting-for-dcom-lateral-movement"},{"name":"hunting-for-dcsync-attacks","description":"Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests","domain":"cybersecurity","path":"skills/hunting-for-dcsync-attacks"},{"name":"hunting-for-defense-evasion-via-timestomping","description":"'Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps","domain":"cybersecurity","path":"skills/hunting-for-defense-evasion-via-timestomping"},{"name":"hunting-for-dns-based-persistence","description":"Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.","domain":"cybersecurity","path":"skills/hunting-for-dns-based-persistence"},{"name":"hunting-for-dns-tunneling-with-zeek","description":"Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive","domain":"cybersecurity","path":"skills/hunting-for-dns-tunneling-with-zeek"},{"name":"hunting-for-domain-fronting-c2-traffic","description":"Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate","domain":"cybersecurity","path":"skills/hunting-for-domain-fronting-c2-traffic"},{"name":"hunting-for-lateral-movement-via-wmi","description":"Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.","domain":"cybersecurity","path":"skills/hunting-for-lateral-movement-via-wmi"},{"name":"hunting-for-living-off-the-cloud-techniques","description":"Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-cloud-techniques"},{"name":"hunting-for-living-off-the-land-binaries","description":"Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-land-binaries"},{"name":"hunting-for-lolbins-execution-in-endpoint-logs","description":"Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs","domain":"cybersecurity","path":"skills/hunting-for-lolbins-execution-in-endpoint-logs"},{"name":"hunting-for-ntlm-relay-attacks","description":"Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying","domain":"cybersecurity","path":"skills/hunting-for-ntlm-relay-attacks"},{"name":"hunting-for-persistence-mechanisms-in-windows","description":"Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,","domain":"cybersecurity","path":"skills/hunting-for-persistence-mechanisms-in-windows"},{"name":"hunting-for-persistence-via-wmi-subscriptions","description":"Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI","domain":"cybersecurity","path":"skills/hunting-for-persistence-via-wmi-subscriptions"},{"name":"hunting-for-process-injection-techniques","description":"Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection","domain":"cybersecurity","path":"skills/hunting-for-process-injection-techniques"},{"name":"hunting-for-registry-persistence-mechanisms","description":"Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and","domain":"cybersecurity","path":"skills/hunting-for-registry-persistence-mechanisms"},{"name":"hunting-for-registry-run-key-persistence","description":"Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry","domain":"cybersecurity","path":"skills/hunting-for-registry-run-key-persistence"},{"name":"hunting-for-scheduled-task-persistence","description":"Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task","domain":"cybersecurity","path":"skills/hunting-for-scheduled-task-persistence"},{"name":"hunting-for-shadow-copy-deletion","description":"Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring","domain":"cybersecurity","path":"skills/hunting-for-shadow-copy-deletion"},{"name":"hunting-for-spearphishing-indicators","description":"Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect","domain":"cybersecurity","path":"skills/hunting-for-spearphishing-indicators"},{"name":"hunting-for-startup-folder-persistence","description":"Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation,","domain":"cybersecurity","path":"skills/hunting-for-startup-folder-persistence"},{"name":"hunting-for-supply-chain-compromise","description":"Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,","domain":"cybersecurity","path":"skills/hunting-for-supply-chain-compromise"},{"name":"hunting-for-suspicious-scheduled-tasks","description":"Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.","domain":"cybersecurity","path":"skills/hunting-for-suspicious-scheduled-tasks"},{"name":"hunting-for-t1098-account-manipulation","description":"Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group","domain":"cybersecurity","path":"skills/hunting-for-t1098-account-manipulation"},{"name":"hunting-for-unusual-network-connections","description":"Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard","domain":"cybersecurity","path":"skills/hunting-for-unusual-network-connections"},{"name":"hunting-for-unusual-service-installations","description":"Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event","domain":"cybersecurity","path":"skills/hunting-for-unusual-service-installations"},{"name":"hunting-for-webshell-activity","description":"Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious","domain":"cybersecurity","path":"skills/hunting-for-webshell-activity"},{"name":"implementing-aes-encryption-for-data-at-rest","description":"AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classified and sensitive data. This skill covers implementing AES-256 encryption in GCM m","domain":"cybersecurity","path":"skills/implementing-aes-encryption-for-data-at-rest"},{"name":"implementing-alert-fatigue-reduction","description":">","domain":"cybersecurity","path":"skills/implementing-alert-fatigue-reduction"},{"name":"implementing-anti-phishing-training-program","description":"Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv","domain":"cybersecurity","path":"skills/implementing-anti-phishing-training-program"},{"name":"implementing-anti-ransomware-group-policy","description":">","domain":"cybersecurity","path":"skills/implementing-anti-ransomware-group-policy"},{"name":"implementing-api-abuse-detection-with-rate-limiting","description":"Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent DDoS, brute force, and credential stuffing attacks.","domain":"cybersecurity","path":"skills/implementing-api-abuse-detection-with-rate-limiting"},{"name":"implementing-api-gateway-security-controls","description":">","domain":"cybersecurity","path":"skills/implementing-api-gateway-security-controls"},{"name":"implementing-api-key-security-controls","description":"'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication","domain":"cybersecurity","path":"skills/implementing-api-key-security-controls"},{"name":"implementing-api-rate-limiting-and-throttling","description":">","domain":"cybersecurity","path":"skills/implementing-api-rate-limiting-and-throttling"},{"name":"implementing-api-schema-validation-security","description":"Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.","domain":"cybersecurity","path":"skills/implementing-api-schema-validation-security"},{"name":"implementing-api-security-posture-management","description":"Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while enforcing security policies across the API lifecycle.","domain":"cybersecurity","path":"skills/implementing-api-security-posture-management"},{"name":"implementing-api-security-testing-with-42crunch","description":"Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic conformance scanning of OpenAPI specifications.","domain":"cybersecurity","path":"skills/implementing-api-security-testing-with-42crunch"},{"name":"implementing-api-threat-protection-with-apigee","description":"Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.","domain":"cybersecurity","path":"skills/implementing-api-threat-protection-with-apigee"},{"name":"implementing-application-whitelisting-with-applocker","description":">","domain":"cybersecurity","path":"skills/implementing-application-whitelisting-with-applocker"},{"name":"implementing-aqua-security-for-container-scanning","description":"Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.","domain":"cybersecurity","path":"skills/implementing-aqua-security-for-container-scanning"},{"name":"implementing-attack-path-analysis-with-xm-cyber","description":"Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize the 2% of exposures that threaten critical assets.","domain":"cybersecurity","path":"skills/implementing-attack-path-analysis-with-xm-cyber"},{"name":"implementing-attack-surface-management","description":">","domain":"cybersecurity","path":"skills/implementing-attack-surface-management"},{"name":"implementing-aws-config-rules-for-compliance","description":">","domain":"cybersecurity","path":"skills/implementing-aws-config-rules-for-compliance"},{"name":"implementing-aws-iam-permission-boundaries","description":"Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.","domain":"cybersecurity","path":"skills/implementing-aws-iam-permission-boundaries"},{"name":"implementing-aws-macie-for-data-classification","description":"Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine","domain":"cybersecurity","path":"skills/implementing-aws-macie-for-data-classification"},{"name":"implementing-aws-nitro-enclave-security","description":">","domain":"cybersecurity","path":"skills/implementing-aws-nitro-enclave-security"},{"name":"implementing-aws-security-hub","description":">","domain":"cybersecurity","path":"skills/implementing-aws-security-hub"},{"name":"implementing-aws-security-hub-compliance","description":">","domain":"cybersecurity","path":"skills/implementing-aws-security-hub-compliance"},{"name":"implementing-azure-ad-privileged-identity-management","description":"Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows, and access reviews for Azure AD privileged roles.","domain":"cybersecurity","path":"skills/implementing-azure-ad-privileged-identity-management"},{"name":"implementing-azure-defender-for-cloud","description":"'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across","domain":"cybersecurity","path":"skills/implementing-azure-defender-for-cloud"},{"name":"implementing-beyondcorp-zero-trust-access-model","description":">","domain":"cybersecurity","path":"skills/implementing-beyondcorp-zero-trust-access-model"},{"name":"implementing-bgp-security-with-rpki","description":"Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and ROV policies on Cisco and Juniper routers to prevent route hijacking.","domain":"cybersecurity","path":"skills/implementing-bgp-security-with-rpki"},{"name":"implementing-browser-isolation-for-zero-trust","description":">","domain":"cybersecurity","path":"skills/implementing-browser-isolation-for-zero-trust"},{"name":"implementing-canary-tokens-for-network-intrusion","description":">","domain":"cybersecurity","path":"skills/implementing-canary-tokens-for-network-intrusion"},{"name":"implementing-cisa-zero-trust-maturity-model","description":"Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications,","domain":"cybersecurity","path":"skills/implementing-cisa-zero-trust-maturity-model"},{"name":"implementing-cloud-dlp-for-data-protection","description":"'Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud","domain":"cybersecurity","path":"skills/implementing-cloud-dlp-for-data-protection"},{"name":"implementing-cloud-security-posture-management","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-security-posture-management"},{"name":"implementing-cloud-trail-log-analysis","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-trail-log-analysis"},{"name":"implementing-cloud-vulnerability-posture-management","description":"Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite for multi-cloud vulnerability detection.","domain":"cybersecurity","path":"skills/implementing-cloud-vulnerability-posture-management"},{"name":"implementing-cloud-waf-rules","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-waf-rules"},{"name":"implementing-cloud-workload-protection","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-workload-protection"},{"name":"implementing-code-signing-for-artifacts","description":">","domain":"cybersecurity","path":"skills/implementing-code-signing-for-artifacts"},{"name":"implementing-conditional-access-policies-azure-ad","description":"Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l","domain":"cybersecurity","path":"skills/implementing-conditional-access-policies-azure-ad"},{"name":"implementing-conduit-security-for-ot-remote-access","description":">","domain":"cybersecurity","path":"skills/implementing-conduit-security-for-ot-remote-access"},{"name":"implementing-container-image-minimal-base-with-distroless","description":"Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.","domain":"cybersecurity","path":"skills/implementing-container-image-minimal-base-with-distroless"},{"name":"implementing-container-network-policies-with-calico","description":"Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control pod-to-pod traffic, restrict egress, and implement zero-trust microsegmentation.","domain":"cybersecurity","path":"skills/implementing-container-network-policies-with-calico"},{"name":"implementing-continuous-security-validation-with-bas","description":"Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating","domain":"cybersecurity","path":"skills/implementing-continuous-security-validation-with-bas"},{"name":"implementing-data-loss-prevention-with-microsoft-purview","description":">","domain":"cybersecurity","path":"skills/implementing-data-loss-prevention-with-microsoft-purview"},{"name":"implementing-ddos-mitigation-with-cloudflare","description":"Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.","domain":"cybersecurity","path":"skills/implementing-ddos-mitigation-with-cloudflare"},{"name":"implementing-deception-based-detection-with-canarytoken","description":"Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens.","domain":"cybersecurity","path":"skills/implementing-deception-based-detection-with-canarytoken"},{"name":"implementing-delinea-secret-server-for-pam","description":">","domain":"cybersecurity","path":"skills/implementing-delinea-secret-server-for-pam"},{"name":"implementing-device-posture-assessment-in-zero-trust","description":">","domain":"cybersecurity","path":"skills/implementing-device-posture-assessment-in-zero-trust"},{"name":"implementing-devsecops-security-scanning","description":">","domain":"cybersecurity","path":"skills/implementing-devsecops-security-scanning"},{"name":"implementing-diamond-model-analysis","description":">-","domain":"cybersecurity","path":"skills/implementing-diamond-model-analysis"},{"name":"implementing-digital-signatures-with-ed25519","description":"Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove","domain":"cybersecurity","path":"skills/implementing-digital-signatures-with-ed25519"},{"name":"implementing-disk-encryption-with-bitlocker","description":">","domain":"cybersecurity","path":"skills/implementing-disk-encryption-with-bitlocker"},{"name":"implementing-dmarc-dkim-spf-email-security","description":"SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper im","domain":"cybersecurity","path":"skills/implementing-dmarc-dkim-spf-email-security"},{"name":"implementing-dragos-platform-for-ot-monitoring","description":"'Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol","domain":"cybersecurity","path":"skills/implementing-dragos-platform-for-ot-monitoring"},{"name":"implementing-ebpf-security-monitoring","description":"'Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network","domain":"cybersecurity","path":"skills/implementing-ebpf-security-monitoring"},{"name":"implementing-email-sandboxing-with-proofpoint","description":"Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry","domain":"cybersecurity","path":"skills/implementing-email-sandboxing-with-proofpoint"},{"name":"implementing-end-to-end-encryption-for-messaging","description":"End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version","domain":"cybersecurity","path":"skills/implementing-end-to-end-encryption-for-messaging"},{"name":"implementing-endpoint-detection-with-wazuh","description":"Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule","domain":"cybersecurity","path":"skills/implementing-endpoint-detection-with-wazuh"},{"name":"implementing-endpoint-dlp-controls","description":"'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through","domain":"cybersecurity","path":"skills/implementing-endpoint-dlp-controls"},{"name":"implementing-envelope-encryption-with-aws-kms","description":"Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself is encrypted with a master key (KEK) managed by AWS KMS. This approach allows encrypting","domain":"cybersecurity","path":"skills/implementing-envelope-encryption-with-aws-kms"},{"name":"implementing-epss-score-for-vulnerability-prioritization","description":"Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.","domain":"cybersecurity","path":"skills/implementing-epss-score-for-vulnerability-prioritization"},{"name":"implementing-file-integrity-monitoring-with-aide","description":"Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting","domain":"cybersecurity","path":"skills/implementing-file-integrity-monitoring-with-aide"},{"name":"implementing-fuzz-testing-in-cicd-with-aflplusplus","description":"Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,","domain":"cybersecurity","path":"skills/implementing-fuzz-testing-in-cicd-with-aflplusplus"},{"name":"implementing-gcp-binary-authorization","description":"Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested container images are deployed to Google Kubernetes Engine and Cloud Run.","domain":"cybersecurity","path":"skills/implementing-gcp-binary-authorization"},{"name":"implementing-gcp-organization-policy-constraints","description":"Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.","domain":"cybersecurity","path":"skills/implementing-gcp-organization-policy-constraints"},{"name":"implementing-gcp-vpc-firewall-rules","description":">","domain":"cybersecurity","path":"skills/implementing-gcp-vpc-firewall-rules"},{"name":"implementing-gdpr-data-protection-controls","description":"The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing","domain":"cybersecurity","path":"skills/implementing-gdpr-data-protection-controls"},{"name":"implementing-gdpr-data-subject-access-request","description":">","domain":"cybersecurity","path":"skills/implementing-gdpr-data-subject-access-request"},{"name":"implementing-github-advanced-security-for-code-scanning","description":"Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.","domain":"cybersecurity","path":"skills/implementing-github-advanced-security-for-code-scanning"},{"name":"implementing-google-workspace-admin-security","description":">","domain":"cybersecurity","path":"skills/implementing-google-workspace-admin-security"},{"name":"implementing-google-workspace-phishing-protection","description":"Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.","domain":"cybersecurity","path":"skills/implementing-google-workspace-phishing-protection"},{"name":"implementing-google-workspace-sso-configuration","description":"Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.","domain":"cybersecurity","path":"skills/implementing-google-workspace-sso-configuration"},{"name":"implementing-hardware-security-key-authentication","description":"'Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication","domain":"cybersecurity","path":"skills/implementing-hardware-security-key-authentication"},{"name":"implementing-hashicorp-vault-dynamic-secrets","description":">","domain":"cybersecurity","path":"skills/implementing-hashicorp-vault-dynamic-secrets"},{"name":"implementing-honeypot-for-ransomware-detection","description":"'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible","domain":"cybersecurity","path":"skills/implementing-honeypot-for-ransomware-detection"},{"name":"implementing-honeytokens-for-breach-detection","description":">","domain":"cybersecurity","path":"skills/implementing-honeytokens-for-breach-detection"},{"name":"implementing-ics-firewall-with-tofino","description":">","domain":"cybersecurity","path":"skills/implementing-ics-firewall-with-tofino"},{"name":"implementing-identity-governance-with-sailpoint","description":"Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy","domain":"cybersecurity","path":"skills/implementing-identity-governance-with-sailpoint"},{"name":"implementing-identity-verification-for-zero-trust","description":"Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based","domain":"cybersecurity","path":"skills/implementing-identity-verification-for-zero-trust"},{"name":"implementing-iec-62443-security-zones","description":">","domain":"cybersecurity","path":"skills/implementing-iec-62443-security-zones"},{"name":"implementing-image-provenance-verification-with-cosign","description":"Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations, and Kubernetes admission enforcement.","domain":"cybersecurity","path":"skills/implementing-image-provenance-verification-with-cosign"},{"name":"implementing-immutable-backup-with-restic","description":"'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant","domain":"cybersecurity","path":"skills/implementing-immutable-backup-with-restic"},{"name":"implementing-infrastructure-as-code-security-scanning","description":">","domain":"cybersecurity","path":"skills/implementing-infrastructure-as-code-security-scanning"},{"name":"implementing-iso-27001-information-security-management","description":"ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete","domain":"cybersecurity","path":"skills/implementing-iso-27001-information-security-management"},{"name":"implementing-just-in-time-access-provisioning","description":"Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo","domain":"cybersecurity","path":"skills/implementing-just-in-time-access-provisioning"},{"name":"implementing-jwt-signing-and-verification","description":"JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization in web applications. This skill covers implementing secure JWT signing with HMAC-SHA256","domain":"cybersecurity","path":"skills/implementing-jwt-signing-and-verification"},{"name":"implementing-kubernetes-network-policy-with-calico","description":"Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod communication.","domain":"cybersecurity","path":"skills/implementing-kubernetes-network-policy-with-calico"},{"name":"implementing-kubernetes-pod-security-standards","description":"Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted -- enforced by the Pod Security Admission (PSA) controller built into Kubernetes 1.25+. PS","domain":"cybersecurity","path":"skills/implementing-kubernetes-pod-security-standards"},{"name":"implementing-llm-guardrails-for-security","description":"'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,","domain":"cybersecurity","path":"skills/implementing-llm-guardrails-for-security"},{"name":"implementing-log-forwarding-with-fluentd","description":"Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed infrastructure","domain":"cybersecurity","path":"skills/implementing-log-forwarding-with-fluentd"},{"name":"implementing-log-integrity-with-blockchain","description":">-","domain":"cybersecurity","path":"skills/implementing-log-integrity-with-blockchain"},{"name":"implementing-memory-protection-with-dep-aslr","description":">","domain":"cybersecurity","path":"skills/implementing-memory-protection-with-dep-aslr"},{"name":"implementing-microsegmentation-with-guardicore","description":">","domain":"cybersecurity","path":"skills/implementing-microsegmentation-with-guardicore"},{"name":"implementing-mimecast-targeted-attack-protection","description":"Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.","domain":"cybersecurity","path":"skills/implementing-mimecast-targeted-attack-protection"},{"name":"implementing-mitre-attack-coverage-mapping","description":"Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure","domain":"cybersecurity","path":"skills/implementing-mitre-attack-coverage-mapping"},{"name":"implementing-mobile-application-management","description":">","domain":"cybersecurity","path":"skills/implementing-mobile-application-management"},{"name":"implementing-mtls-for-zero-trust-services","description":">","domain":"cybersecurity","path":"skills/implementing-mtls-for-zero-trust-services"},{"name":"implementing-nerc-cip-compliance-controls","description":">","domain":"cybersecurity","path":"skills/implementing-nerc-cip-compliance-controls"},{"name":"implementing-network-access-control","description":">","domain":"cybersecurity","path":"skills/implementing-network-access-control"},{"name":"implementing-network-access-control-with-cisco-ise","description":"Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass, posture assessment, and dynamic VLAN assignment for network access control.","domain":"cybersecurity","path":"skills/implementing-network-access-control-with-cisco-ise"},{"name":"implementing-network-deception-with-honeypots","description":"Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.","domain":"cybersecurity","path":"skills/implementing-network-deception-with-honeypots"},{"name":"implementing-network-intrusion-prevention-with-suricata","description":"Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets, and inline traffic inspection for real-time threat blocking.","domain":"cybersecurity","path":"skills/implementing-network-intrusion-prevention-with-suricata"},{"name":"implementing-network-policies-for-kubernetes","description":"Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plu","domain":"cybersecurity","path":"skills/implementing-network-policies-for-kubernetes"},{"name":"implementing-network-segmentation-for-ot","description":">","domain":"cybersecurity","path":"skills/implementing-network-segmentation-for-ot"},{"name":"implementing-network-segmentation-with-firewall-zones","description":"Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.","domain":"cybersecurity","path":"skills/implementing-network-segmentation-with-firewall-zones"},{"name":"implementing-network-traffic-analysis-with-arkime","description":">-","domain":"cybersecurity","path":"skills/implementing-network-traffic-analysis-with-arkime"},{"name":"implementing-network-traffic-baselining","description":"Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score anomaly detection, and hourly/daily traffic pattern profiling","domain":"cybersecurity","path":"skills/implementing-network-traffic-baselining"},{"name":"implementing-next-generation-firewall-with-palo-alto","description":"Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies, SSL decryption, and threat prevention profiles for enterprise network security.","domain":"cybersecurity","path":"skills/implementing-next-generation-firewall-with-palo-alto"},{"name":"implementing-opa-gatekeeper-for-policy-enforcement","description":"Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper policy library.","domain":"cybersecurity","path":"skills/implementing-opa-gatekeeper-for-policy-enforcement"},{"name":"implementing-ot-incident-response-playbook","description":">","domain":"cybersecurity","path":"skills/implementing-ot-incident-response-playbook"},{"name":"implementing-ot-network-traffic-analysis-with-nozomi","description":"'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset","domain":"cybersecurity","path":"skills/implementing-ot-network-traffic-analysis-with-nozomi"},{"name":"implementing-pam-for-database-access","description":"Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia","domain":"cybersecurity","path":"skills/implementing-pam-for-database-access"},{"name":"implementing-passwordless-auth-with-microsoft-entra","description":">","domain":"cybersecurity","path":"skills/implementing-passwordless-auth-with-microsoft-entra"},{"name":"implementing-passwordless-authentication-with-fido2","description":"Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn","domain":"cybersecurity","path":"skills/implementing-passwordless-authentication-with-fido2"},{"name":"implementing-patch-management-for-ot-systems","description":">","domain":"cybersecurity","path":"skills/implementing-patch-management-for-ot-systems"},{"name":"implementing-patch-management-workflow","description":"Patch management is the systematic process of identifying, testing, deploying, and verifying software updates to remediate vulnerabilities across an organization's IT infrastructure. An effective patc","domain":"cybersecurity","path":"skills/implementing-patch-management-workflow"},{"name":"implementing-pci-dss-compliance-controls","description":"PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements","domain":"cybersecurity","path":"skills/implementing-pci-dss-compliance-controls"},{"name":"implementing-pod-security-admission-controller","description":"Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace level using built-in admission controller.","domain":"cybersecurity","path":"skills/implementing-pod-security-admission-controller"},{"name":"implementing-policy-as-code-with-open-policy-agent","description":"'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes","domain":"cybersecurity","path":"skills/implementing-policy-as-code-with-open-policy-agent"},{"name":"implementing-privileged-access-management-with-cyberark","description":"Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enterprise infrastructure. This skill covers vault architecture, session isolation, c","domain":"cybersecurity","path":"skills/implementing-privileged-access-management-with-cyberark"},{"name":"implementing-privileged-access-workstation","description":"Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration with CyberArk or BeyondTrust for secure administrative operations.","domain":"cybersecurity","path":"skills/implementing-privileged-access-workstation"},{"name":"implementing-privileged-session-monitoring","description":">","domain":"cybersecurity","path":"skills/implementing-privileged-session-monitoring"},{"name":"implementing-proofpoint-email-security-gateway","description":"Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware, BEC, and spam before messages reach user inboxes.","domain":"cybersecurity","path":"skills/implementing-proofpoint-email-security-gateway"},{"name":"implementing-purdue-model-network-segmentation","description":">","domain":"cybersecurity","path":"skills/implementing-purdue-model-network-segmentation"},{"name":"implementing-ransomware-backup-strategy","description":"'Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,","domain":"cybersecurity","path":"skills/implementing-ransomware-backup-strategy"},{"name":"implementing-ransomware-kill-switch-detection","description":">","domain":"cybersecurity","path":"skills/implementing-ransomware-kill-switch-detection"},{"name":"implementing-rapid7-insightvm-for-scanning","description":"Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.","domain":"cybersecurity","path":"skills/implementing-rapid7-insightvm-for-scanning"},{"name":"implementing-rbac-hardening-for-kubernetes","description":"Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings, eliminating cluster-admin sprawl, and integrating external identity providers.","domain":"cybersecurity","path":"skills/implementing-rbac-hardening-for-kubernetes"},{"name":"implementing-rsa-key-pair-management","description":"RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating,","domain":"cybersecurity","path":"skills/implementing-rsa-key-pair-management"},{"name":"implementing-runtime-application-self-protection","description":"Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application","domain":"cybersecurity","path":"skills/implementing-runtime-application-self-protection"},{"name":"implementing-runtime-security-with-tetragon","description":"Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon","domain":"cybersecurity","path":"skills/implementing-runtime-security-with-tetragon"},{"name":"implementing-saml-sso-with-okta","description":"Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end configuration of SAML authentication flows, attribute mapping, certificate management, a","domain":"cybersecurity","path":"skills/implementing-saml-sso-with-okta"},{"name":"implementing-scim-provisioning-with-okta","description":"Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.","domain":"cybersecurity","path":"skills/implementing-scim-provisioning-with-okta"},{"name":"implementing-secret-scanning-with-gitleaks","description":">","domain":"cybersecurity","path":"skills/implementing-secret-scanning-with-gitleaks"},{"name":"implementing-secrets-management-with-vault","description":">","domain":"cybersecurity","path":"skills/implementing-secrets-management-with-vault"},{"name":"implementing-secrets-scanning-in-ci-cd","description":"Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment","domain":"cybersecurity","path":"skills/implementing-secrets-scanning-in-ci-cd"},{"name":"implementing-security-chaos-engineering","description":"'Implements security chaos engineering experiments that deliberately disable or degrade security controls to","domain":"cybersecurity","path":"skills/implementing-security-chaos-engineering"},{"name":"implementing-security-information-sharing-with-stix2","description":"'Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,","domain":"cybersecurity","path":"skills/implementing-security-information-sharing-with-stix2"},{"name":"implementing-security-monitoring-with-datadog","description":"'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection","domain":"cybersecurity","path":"skills/implementing-security-monitoring-with-datadog"},{"name":"implementing-semgrep-for-custom-sast-rules","description":"Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.","domain":"cybersecurity","path":"skills/implementing-semgrep-for-custom-sast-rules"},{"name":"implementing-siem-correlation-rules-for-apt","description":">-","domain":"cybersecurity","path":"skills/implementing-siem-correlation-rules-for-apt"},{"name":"implementing-siem-use-case-tuning","description":"Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic","domain":"cybersecurity","path":"skills/implementing-siem-use-case-tuning"},{"name":"implementing-siem-use-cases-for-detection","description":"'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics","domain":"cybersecurity","path":"skills/implementing-siem-use-cases-for-detection"},{"name":"implementing-sigstore-for-software-signing","description":">","domain":"cybersecurity","path":"skills/implementing-sigstore-for-software-signing"},{"name":"implementing-soar-automation-with-phantom","description":">","domain":"cybersecurity","path":"skills/implementing-soar-automation-with-phantom"},{"name":"implementing-soar-playbook-for-phishing","description":"Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger playbooks","domain":"cybersecurity","path":"skills/implementing-soar-playbook-for-phishing"},{"name":"implementing-soar-playbook-with-palo-alto-xsoar","description":"Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC tools and reduce manual response time.","domain":"cybersecurity","path":"skills/implementing-soar-playbook-with-palo-alto-xsoar"},{"name":"implementing-stix-taxii-feed-integration","description":"STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.","domain":"cybersecurity","path":"skills/implementing-stix-taxii-feed-integration"},{"name":"implementing-supply-chain-security-with-in-toto","description":"Implement software supply chain integrity verification for container builds using the in-toto framework to create cryptographically signed attestations across CI/CD pipeline steps.","domain":"cybersecurity","path":"skills/implementing-supply-chain-security-with-in-toto"},{"name":"implementing-syslog-centralization-with-rsyslog","description":">-","domain":"cybersecurity","path":"skills/implementing-syslog-centralization-with-rsyslog"},{"name":"implementing-taxii-server-with-opentaxii","description":"Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using the TAXII 2.1 protocol for automated indicator exchange between organizations.","domain":"cybersecurity","path":"skills/implementing-taxii-server-with-opentaxii"},{"name":"implementing-threat-intelligence-lifecycle-management","description":"Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis, dissemination, and feedback stages to produce actionable intelligence for organizational decision-making.","domain":"cybersecurity","path":"skills/implementing-threat-intelligence-lifecycle-management"},{"name":"implementing-threat-modeling-with-mitre-attack","description":"'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,","domain":"cybersecurity","path":"skills/implementing-threat-modeling-with-mitre-attack"},{"name":"implementing-ticketing-system-for-incidents","description":">","domain":"cybersecurity","path":"skills/implementing-ticketing-system-for-incidents"},{"name":"implementing-usb-device-control-policy","description":">","domain":"cybersecurity","path":"skills/implementing-usb-device-control-policy"},{"name":"implementing-velociraptor-for-ir-collection","description":"","domain":"cybersecurity","path":"skills/implementing-velociraptor-for-ir-collection"},{"name":"implementing-vulnerability-management-with-greenbone","description":"Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.","domain":"cybersecurity","path":"skills/implementing-vulnerability-management-with-greenbone"},{"name":"implementing-vulnerability-remediation-sla","description":"Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs","domain":"cybersecurity","path":"skills/implementing-vulnerability-remediation-sla"},{"name":"implementing-vulnerability-sla-breach-alerting","description":"Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards.","domain":"cybersecurity","path":"skills/implementing-vulnerability-sla-breach-alerting"},{"name":"implementing-web-application-logging-with-modsecurity","description":"'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false","domain":"cybersecurity","path":"skills/implementing-web-application-logging-with-modsecurity"},{"name":"implementing-zero-knowledge-proof-for-authentication","description":"Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati","domain":"cybersecurity","path":"skills/implementing-zero-knowledge-proof-for-authentication"},{"name":"implementing-zero-standing-privilege-with-cyberark","description":"Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.","domain":"cybersecurity","path":"skills/implementing-zero-standing-privilege-with-cyberark"},{"name":"implementing-zero-trust-dns-with-nextdns","description":"Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.","domain":"cybersecurity","path":"skills/implementing-zero-trust-dns-with-nextdns"},{"name":"implementing-zero-trust-for-saas-applications","description":">","domain":"cybersecurity","path":"skills/implementing-zero-trust-for-saas-applications"},{"name":"implementing-zero-trust-in-cloud","description":">","domain":"cybersecurity","path":"skills/implementing-zero-trust-in-cloud"},{"name":"implementing-zero-trust-network-access","description":">","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access"},{"name":"implementing-zero-trust-network-access-with-zscaler","description":"Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based, context-aware access to private applications through the Zscaler Zero Trust Exchange.","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access-with-zscaler"},{"name":"implementing-zero-trust-with-beyondcorp","description":"Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware access policies, device trust validation, and Access Context Manager to enforce identity and posture-based access to GCP resources and internal applications.","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-beyondcorp"},{"name":"implementing-zero-trust-with-hashicorp-boundary","description":"Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential brokering, session recording, and Vault integration.","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-hashicorp-boundary"},{"name":"integrating-dast-with-owasp-zap-in-pipeline","description":">","domain":"cybersecurity","path":"skills/integrating-dast-with-owasp-zap-in-pipeline"},{"name":"integrating-sast-into-github-actions-pipeline","description":">","domain":"cybersecurity","path":"skills/integrating-sast-into-github-actions-pipeline"},{"name":"intercepting-mobile-traffic-with-burpsuite","description":">","domain":"cybersecurity","path":"skills/intercepting-mobile-traffic-with-burpsuite"},{"name":"investigating-insider-threat-indicators","description":">","domain":"cybersecurity","path":"skills/investigating-insider-threat-indicators"},{"name":"investigating-phishing-email-incident","description":">","domain":"cybersecurity","path":"skills/investigating-phishing-email-incident"},{"name":"investigating-ransomware-attack-artifacts","description":"Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption scope, and recovery options.","domain":"cybersecurity","path":"skills/investigating-ransomware-attack-artifacts"},{"name":"managing-cloud-identity-with-okta","description":">","domain":"cybersecurity","path":"skills/managing-cloud-identity-with-okta"},{"name":"managing-intelligence-lifecycle","description":">","domain":"cybersecurity","path":"skills/managing-intelligence-lifecycle"},{"name":"mapping-mitre-attack-techniques","description":"'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques","domain":"cybersecurity","path":"skills/mapping-mitre-attack-techniques"},{"name":"monitoring-darkweb-sources","description":"'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational","domain":"cybersecurity","path":"skills/monitoring-darkweb-sources"},{"name":"monitoring-scada-modbus-traffic-anomalies","description":">","domain":"cybersecurity","path":"skills/monitoring-scada-modbus-traffic-anomalies"},{"name":"performing-access-recertification-with-saviynt","description":"Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user entitlements, revoke excessive access, and maintain compliance with SOX, SOC2, and HIPAA.","domain":"cybersecurity","path":"skills/performing-access-recertification-with-saviynt"},{"name":"performing-access-review-and-certification","description":"Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p","domain":"cybersecurity","path":"skills/performing-access-review-and-certification"},{"name":"performing-active-directory-bloodhound-analysis","description":"Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised","domain":"cybersecurity","path":"skills/performing-active-directory-bloodhound-analysis"},{"name":"performing-active-directory-compromise-investigation","description":"","domain":"cybersecurity","path":"skills/performing-active-directory-compromise-investigation"},{"name":"performing-active-directory-forest-trust-attack","description":"Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.","domain":"cybersecurity","path":"skills/performing-active-directory-forest-trust-attack"},{"name":"performing-active-directory-penetration-test","description":"Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.","domain":"cybersecurity","path":"skills/performing-active-directory-penetration-test"},{"name":"performing-active-directory-vulnerability-assessment","description":"Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,","domain":"cybersecurity","path":"skills/performing-active-directory-vulnerability-assessment"},{"name":"performing-adversary-in-the-middle-phishing-detection","description":"Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.","domain":"cybersecurity","path":"skills/performing-adversary-in-the-middle-phishing-detection"},{"name":"performing-agentless-vulnerability-scanning","description":"Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and","domain":"cybersecurity","path":"skills/performing-agentless-vulnerability-scanning"},{"name":"performing-ai-driven-osint-correlation","description":"Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources\u2014username enumeration, email","domain":"cybersecurity","path":"skills/performing-ai-driven-osint-correlation"},{"name":"performing-alert-triage-with-elastic-siem","description":"Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security","domain":"cybersecurity","path":"skills/performing-alert-triage-with-elastic-siem"},{"name":"performing-android-app-static-analysis-with-mobsf","description":">","domain":"cybersecurity","path":"skills/performing-android-app-static-analysis-with-mobsf"},{"name":"performing-api-fuzzing-with-restler","description":">","domain":"cybersecurity","path":"skills/performing-api-fuzzing-with-restler"},{"name":"performing-api-inventory-and-discovery","description":">","domain":"cybersecurity","path":"skills/performing-api-inventory-and-discovery"},{"name":"performing-api-rate-limiting-bypass","description":">","domain":"cybersecurity","path":"skills/performing-api-rate-limiting-bypass"},{"name":"performing-api-security-testing-with-postman","description":">","domain":"cybersecurity","path":"skills/performing-api-security-testing-with-postman"},{"name":"performing-arp-spoofing-attack-simulation","description":">","domain":"cybersecurity","path":"skills/performing-arp-spoofing-attack-simulation"},{"name":"performing-asset-criticality-scoring-for-vulns","description":"Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based on business impact, data sensitivity, and operational importance.","domain":"cybersecurity","path":"skills/performing-asset-criticality-scoring-for-vulns"},{"name":"performing-authenticated-scan-with-openvas","description":"Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.","domain":"cybersecurity","path":"skills/performing-authenticated-scan-with-openvas"},{"name":"performing-authenticated-vulnerability-scan","description":"Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett","domain":"cybersecurity","path":"skills/performing-authenticated-vulnerability-scan"},{"name":"performing-automated-malware-analysis-with-cape","description":"Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction, configuration parsing, and anti-evasion capabilities.","domain":"cybersecurity","path":"skills/performing-automated-malware-analysis-with-cape"},{"name":"performing-aws-account-enumeration-with-scout-suite","description":"Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify misconfigurations, and generate actionable security reports.","domain":"cybersecurity","path":"skills/performing-aws-account-enumeration-with-scout-suite"},{"name":"performing-aws-privilege-escalation-assessment","description":">","domain":"cybersecurity","path":"skills/performing-aws-privilege-escalation-assessment"},{"name":"performing-bandwidth-throttling-attack-simulation","description":">","domain":"cybersecurity","path":"skills/performing-bandwidth-throttling-attack-simulation"},{"name":"performing-binary-exploitation-analysis","description":">","domain":"cybersecurity","path":"skills/performing-binary-exploitation-analysis"},{"name":"performing-blind-ssrf-exploitation","description":"Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.","domain":"cybersecurity","path":"skills/performing-blind-ssrf-exploitation"},{"name":"performing-bluetooth-security-assessment","description":"Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities","domain":"cybersecurity","path":"skills/performing-bluetooth-security-assessment"},{"name":"performing-brand-monitoring-for-impersonation","description":"Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect phishing campaigns, fake sites, and unauthorized brand usage targeting your organization.","domain":"cybersecurity","path":"skills/performing-brand-monitoring-for-impersonation"},{"name":"performing-clickjacking-attack-test","description":"Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting","domain":"cybersecurity","path":"skills/performing-clickjacking-attack-test"},{"name":"performing-cloud-asset-inventory-with-cartography","description":"Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security graph of infrastructure assets, IAM permissions, and attack paths across AWS, GCP, and Azure.","domain":"cybersecurity","path":"skills/performing-cloud-asset-inventory-with-cartography"},{"name":"performing-cloud-forensics-investigation","description":"Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.","domain":"cybersecurity","path":"skills/performing-cloud-forensics-investigation"},{"name":"performing-cloud-forensics-with-aws-cloudtrail","description":"Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.","domain":"cybersecurity","path":"skills/performing-cloud-forensics-with-aws-cloudtrail"},{"name":"performing-cloud-incident-containment-procedures","description":"","domain":"cybersecurity","path":"skills/performing-cloud-incident-containment-procedures"},{"name":"performing-cloud-log-forensics-with-athena","description":">","domain":"cybersecurity","path":"skills/performing-cloud-log-forensics-with-athena"},{"name":"performing-cloud-native-forensics-with-falco","description":">","domain":"cybersecurity","path":"skills/performing-cloud-native-forensics-with-falco"},{"name":"performing-cloud-native-threat-hunting-with-aws-detective","description":"Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty finding correlation, and automated entity profiling across IAM users, EC2 instances, and IP addresses.","domain":"cybersecurity","path":"skills/performing-cloud-native-threat-hunting-with-aws-detective"},{"name":"performing-cloud-penetration-testing-with-pacu","description":">","domain":"cybersecurity","path":"skills/performing-cloud-penetration-testing-with-pacu"},{"name":"performing-cloud-storage-forensic-acquisition","description":"Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,","domain":"cybersecurity","path":"skills/performing-cloud-storage-forensic-acquisition"},{"name":"performing-container-escape-detection","description":">","domain":"cybersecurity","path":"skills/performing-container-escape-detection"},{"name":"performing-container-image-hardening","description":">","domain":"cybersecurity","path":"skills/performing-container-image-hardening"},{"name":"performing-container-security-scanning-with-trivy","description":"Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.","domain":"cybersecurity","path":"skills/performing-container-security-scanning-with-trivy"},{"name":"performing-content-security-policy-bypass","description":"Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations, JSONP endpoints, unsafe directives, and policy injection techniques.","domain":"cybersecurity","path":"skills/performing-content-security-policy-bypass"},{"name":"performing-credential-access-with-lazagne","description":"Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords","domain":"cybersecurity","path":"skills/performing-credential-access-with-lazagne"},{"name":"performing-cryptographic-audit-of-application","description":"A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco","domain":"cybersecurity","path":"skills/performing-cryptographic-audit-of-application"},{"name":"performing-csrf-attack-simulation","description":"Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.","domain":"cybersecurity","path":"skills/performing-csrf-attack-simulation"},{"name":"performing-cve-prioritization-with-kev-catalog","description":"Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation","domain":"cybersecurity","path":"skills/performing-cve-prioritization-with-kev-catalog"},{"name":"performing-dark-web-monitoring-for-threats","description":"Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre","domain":"cybersecurity","path":"skills/performing-dark-web-monitoring-for-threats"},{"name":"performing-deception-technology-deployment","description":">","domain":"cybersecurity","path":"skills/performing-deception-technology-deployment"},{"name":"performing-directory-traversal-testing","description":"Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on the server by manipulating file path parameters.","domain":"cybersecurity","path":"skills/performing-directory-traversal-testing"},{"name":"performing-disk-forensics-investigation","description":">","domain":"cybersecurity","path":"skills/performing-disk-forensics-investigation"},{"name":"performing-dmarc-policy-enforcement-rollout","description":"Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.","domain":"cybersecurity","path":"skills/performing-dmarc-policy-enforcement-rollout"},{"name":"performing-dns-enumeration-and-zone-transfer","description":">","domain":"cybersecurity","path":"skills/performing-dns-enumeration-and-zone-transfer"},{"name":"performing-dns-tunneling-detection","description":">","domain":"cybersecurity","path":"skills/performing-dns-tunneling-detection"},{"name":"performing-docker-bench-security-assessment","description":"Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi","domain":"cybersecurity","path":"skills/performing-docker-bench-security-assessment"},{"name":"performing-dynamic-analysis-of-android-app","description":">","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-of-android-app"},{"name":"performing-dynamic-analysis-with-any-run","description":"'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-with-any-run"},{"name":"performing-endpoint-forensics-investigation","description":">","domain":"cybersecurity","path":"skills/performing-endpoint-forensics-investigation"},{"name":"performing-endpoint-vulnerability-remediation","description":">","domain":"cybersecurity","path":"skills/performing-endpoint-vulnerability-remediation"},{"name":"performing-entitlement-review-with-sailpoint-iiq","description":">","domain":"cybersecurity","path":"skills/performing-entitlement-review-with-sailpoint-iiq"},{"name":"performing-external-network-penetration-test","description":"Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure using PTES methodology, reconnaissance, scanning, exploitation, and reporting.","domain":"cybersecurity","path":"skills/performing-external-network-penetration-test"},{"name":"performing-false-positive-reduction-in-siem","description":"Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,","domain":"cybersecurity","path":"skills/performing-false-positive-reduction-in-siem"},{"name":"performing-file-carving-with-foremost","description":"Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.","domain":"cybersecurity","path":"skills/performing-file-carving-with-foremost"},{"name":"performing-firmware-extraction-with-binwalk","description":">","domain":"cybersecurity","path":"skills/performing-firmware-extraction-with-binwalk"},{"name":"performing-firmware-malware-analysis","description":">","domain":"cybersecurity","path":"skills/performing-firmware-malware-analysis"},{"name":"performing-fuzzing-with-aflplusplus","description":"'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover","domain":"cybersecurity","path":"skills/performing-fuzzing-with-aflplusplus"},{"name":"performing-gcp-penetration-testing-with-gcpbucketbrute","description":"Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation","domain":"cybersecurity","path":"skills/performing-gcp-penetration-testing-with-gcpbucketbrute"},{"name":"performing-gcp-security-assessment-with-forseti","description":"'Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,","domain":"cybersecurity","path":"skills/performing-gcp-security-assessment-with-forseti"},{"name":"performing-graphql-depth-limit-attack","description":"Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service vulnerabilities in GraphQL APIs.","domain":"cybersecurity","path":"skills/performing-graphql-depth-limit-attack"},{"name":"performing-graphql-introspection-attack","description":">","domain":"cybersecurity","path":"skills/performing-graphql-introspection-attack"},{"name":"performing-graphql-security-assessment","description":"Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.","domain":"cybersecurity","path":"skills/performing-graphql-security-assessment"},{"name":"performing-hardware-security-module-integration","description":"Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing","domain":"cybersecurity","path":"skills/performing-hardware-security-module-integration"},{"name":"performing-hash-cracking-with-hashcat","description":"Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w","domain":"cybersecurity","path":"skills/performing-hash-cracking-with-hashcat"},{"name":"performing-http-parameter-pollution-attack","description":"Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting duplicate parameters that are processed differently by front-end and back-end systems.","domain":"cybersecurity","path":"skills/performing-http-parameter-pollution-attack"},{"name":"performing-ics-asset-discovery-with-claroty","description":"'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty","domain":"cybersecurity","path":"skills/performing-ics-asset-discovery-with-claroty"},{"name":"performing-indicator-lifecycle-management","description":"Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f","domain":"cybersecurity","path":"skills/performing-indicator-lifecycle-management"},{"name":"performing-initial-access-with-evilginx3","description":"Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session","domain":"cybersecurity","path":"skills/performing-initial-access-with-evilginx3"},{"name":"performing-insider-threat-investigation","description":">","domain":"cybersecurity","path":"skills/performing-insider-threat-investigation"},{"name":"performing-ioc-enrichment-automation","description":">","domain":"cybersecurity","path":"skills/performing-ioc-enrichment-automation"},{"name":"performing-ios-app-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-ios-app-security-assessment"},{"name":"performing-iot-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-iot-security-assessment"},{"name":"performing-ip-reputation-analysis-with-shodan","description":"Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.","domain":"cybersecurity","path":"skills/performing-ip-reputation-analysis-with-shodan"},{"name":"performing-jwt-none-algorithm-attack","description":"Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.","domain":"cybersecurity","path":"skills/performing-jwt-none-algorithm-attack"},{"name":"performing-kerberoasting-attack","description":"Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting","domain":"cybersecurity","path":"skills/performing-kerberoasting-attack"},{"name":"performing-kubernetes-cis-benchmark-with-kube-bench","description":"Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.","domain":"cybersecurity","path":"skills/performing-kubernetes-cis-benchmark-with-kube-bench"},{"name":"performing-kubernetes-etcd-security-assessment","description":"Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.","domain":"cybersecurity","path":"skills/performing-kubernetes-etcd-security-assessment"},{"name":"performing-kubernetes-penetration-testing","description":"Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools","domain":"cybersecurity","path":"skills/performing-kubernetes-penetration-testing"},{"name":"performing-lateral-movement-detection","description":"'Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based","domain":"cybersecurity","path":"skills/performing-lateral-movement-detection"},{"name":"performing-lateral-movement-with-wmiexec","description":"Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket","domain":"cybersecurity","path":"skills/performing-lateral-movement-with-wmiexec"},{"name":"performing-linux-log-forensics-investigation","description":"Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.","domain":"cybersecurity","path":"skills/performing-linux-log-forensics-investigation"},{"name":"performing-log-analysis-for-forensic-investigation","description":"Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.","domain":"cybersecurity","path":"skills/performing-log-analysis-for-forensic-investigation"},{"name":"performing-log-source-onboarding-in-siem","description":"Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.","domain":"cybersecurity","path":"skills/performing-log-source-onboarding-in-siem"},{"name":"performing-malware-hash-enrichment-with-virustotal","description":"Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.","domain":"cybersecurity","path":"skills/performing-malware-hash-enrichment-with-virustotal"},{"name":"performing-malware-ioc-extraction","description":"Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist","domain":"cybersecurity","path":"skills/performing-malware-ioc-extraction"},{"name":"performing-malware-persistence-investigation","description":"Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.","domain":"cybersecurity","path":"skills/performing-malware-persistence-investigation"},{"name":"performing-malware-triage-with-yara","description":">","domain":"cybersecurity","path":"skills/performing-malware-triage-with-yara"},{"name":"performing-memory-forensics-with-volatility3","description":"Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3"},{"name":"performing-memory-forensics-with-volatility3-plugins","description":"Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3-plugins"},{"name":"performing-mobile-app-certificate-pinning-bypass","description":">","domain":"cybersecurity","path":"skills/performing-mobile-app-certificate-pinning-bypass"},{"name":"performing-mobile-device-forensics-with-cellebrite","description":"Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.","domain":"cybersecurity","path":"skills/performing-mobile-device-forensics-with-cellebrite"},{"name":"performing-network-forensics-with-wireshark","description":"Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.","domain":"cybersecurity","path":"skills/performing-network-forensics-with-wireshark"},{"name":"performing-network-packet-capture-analysis","description":"Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.","domain":"cybersecurity","path":"skills/performing-network-packet-capture-analysis"},{"name":"performing-network-traffic-analysis-with-tshark","description":"Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-tshark"},{"name":"performing-network-traffic-analysis-with-zeek","description":"Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-zeek"},{"name":"performing-nist-csf-maturity-assessment","description":">-","domain":"cybersecurity","path":"skills/performing-nist-csf-maturity-assessment"},{"name":"performing-oauth-scope-minimization-review","description":">","domain":"cybersecurity","path":"skills/performing-oauth-scope-minimization-review"},{"name":"performing-oil-gas-cybersecurity-assessment","description":">","domain":"cybersecurity","path":"skills/performing-oil-gas-cybersecurity-assessment"},{"name":"performing-open-source-intelligence-gathering","description":"Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s","domain":"cybersecurity","path":"skills/performing-open-source-intelligence-gathering"},{"name":"performing-osint-with-spiderfoot","description":"Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance, and structured result analysis across 200+ data sources","domain":"cybersecurity","path":"skills/performing-osint-with-spiderfoot"},{"name":"performing-ot-network-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-ot-network-security-assessment"},{"name":"performing-ot-vulnerability-assessment-with-claroty","description":">","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-assessment-with-claroty"},{"name":"performing-ot-vulnerability-scanning-safely","description":">","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-scanning-safely"},{"name":"performing-packet-injection-attack","description":">","domain":"cybersecurity","path":"skills/performing-packet-injection-attack"},{"name":"performing-paste-site-monitoring-for-credentials","description":"Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps using automated scraping and keyword matching to detect breaches early.","domain":"cybersecurity","path":"skills/performing-paste-site-monitoring-for-credentials"},{"name":"performing-phishing-simulation-with-gophish","description":"GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing pag","domain":"cybersecurity","path":"skills/performing-phishing-simulation-with-gophish"},{"name":"performing-physical-intrusion-assessment","description":"Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device","domain":"cybersecurity","path":"skills/performing-physical-intrusion-assessment"},{"name":"performing-plc-firmware-security-analysis","description":">","domain":"cybersecurity","path":"skills/performing-plc-firmware-security-analysis"},{"name":"performing-post-quantum-cryptography-migration","description":">","domain":"cybersecurity","path":"skills/performing-post-quantum-cryptography-migration"},{"name":"performing-power-grid-cybersecurity-assessment","description":">","domain":"cybersecurity","path":"skills/performing-power-grid-cybersecurity-assessment"},{"name":"performing-privacy-impact-assessment","description":">","domain":"cybersecurity","path":"skills/performing-privacy-impact-assessment"},{"name":"performing-privilege-escalation-assessment","description":"'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege","domain":"cybersecurity","path":"skills/performing-privilege-escalation-assessment"},{"name":"performing-privilege-escalation-on-linux","description":"Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised","domain":"cybersecurity","path":"skills/performing-privilege-escalation-on-linux"},{"name":"performing-privileged-account-access-review","description":"Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.","domain":"cybersecurity","path":"skills/performing-privileged-account-access-review"},{"name":"performing-privileged-account-discovery","description":"Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local admins, service accounts, database admins, cloud IAM roles, and application admin account","domain":"cybersecurity","path":"skills/performing-privileged-account-discovery"},{"name":"performing-purple-team-atomic-testing","description":"'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the","domain":"cybersecurity","path":"skills/performing-purple-team-atomic-testing"},{"name":"performing-purple-team-exercise","description":"'Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation","domain":"cybersecurity","path":"skills/performing-purple-team-exercise"},{"name":"performing-ransomware-response","description":">","domain":"cybersecurity","path":"skills/performing-ransomware-response"},{"name":"performing-ransomware-tabletop-exercise","description":">","domain":"cybersecurity","path":"skills/performing-ransomware-tabletop-exercise"},{"name":"performing-red-team-phishing-with-gophish","description":">-","domain":"cybersecurity","path":"skills/performing-red-team-phishing-with-gophish"},{"name":"performing-red-team-with-covenant","description":"Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener setup, grunt deployment, task execution, and lateral movement tracking.","domain":"cybersecurity","path":"skills/performing-red-team-with-covenant"},{"name":"performing-s7comm-protocol-security-analysis","description":">","domain":"cybersecurity","path":"skills/performing-s7comm-protocol-security-analysis"},{"name":"performing-sca-dependency-scanning-with-snyk","description":">","domain":"cybersecurity","path":"skills/performing-sca-dependency-scanning-with-snyk"},{"name":"performing-scada-hmi-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-scada-hmi-security-assessment"},{"name":"performing-second-order-sql-injection","description":"Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.","domain":"cybersecurity","path":"skills/performing-second-order-sql-injection"},{"name":"performing-security-headers-audit","description":"Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.","domain":"cybersecurity","path":"skills/performing-security-headers-audit"},{"name":"performing-serverless-function-security-review","description":">","domain":"cybersecurity","path":"skills/performing-serverless-function-security-review"},{"name":"performing-service-account-audit","description":"Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl","domain":"cybersecurity","path":"skills/performing-service-account-audit"},{"name":"performing-service-account-credential-rotation","description":"Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases to eliminate stale secrets and reduce compromise risk.","domain":"cybersecurity","path":"skills/performing-service-account-credential-rotation"},{"name":"performing-soap-web-service-security-testing","description":"Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE, WS-Security bypass, and SOAPAction spoofing.","domain":"cybersecurity","path":"skills/performing-soap-web-service-security-testing"},{"name":"performing-soc-tabletop-exercise","description":">","domain":"cybersecurity","path":"skills/performing-soc-tabletop-exercise"},{"name":"performing-soc2-type2-audit-preparation","description":">","domain":"cybersecurity","path":"skills/performing-soc2-type2-audit-preparation"},{"name":"performing-sqlite-database-forensics","description":"Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.","domain":"cybersecurity","path":"skills/performing-sqlite-database-forensics"},{"name":"performing-ssl-certificate-lifecycle-management","description":"SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring, renewing, and revoking X.509 certificates. Poor certificate management is a leading","domain":"cybersecurity","path":"skills/performing-ssl-certificate-lifecycle-management"},{"name":"performing-ssl-stripping-attack","description":">","domain":"cybersecurity","path":"skills/performing-ssl-stripping-attack"},{"name":"performing-ssl-tls-inspection-configuration","description":"Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.","domain":"cybersecurity","path":"skills/performing-ssl-tls-inspection-configuration"},{"name":"performing-ssl-tls-security-assessment","description":"Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains, protocol versions, HSTS headers, and known vulnerabilities like Heartbleed and ROBOT.","domain":"cybersecurity","path":"skills/performing-ssl-tls-security-assessment"},{"name":"performing-ssrf-vulnerability-exploitation","description":">-","domain":"cybersecurity","path":"skills/performing-ssrf-vulnerability-exploitation"},{"name":"performing-static-malware-analysis-with-pe-studio","description":">","domain":"cybersecurity","path":"skills/performing-static-malware-analysis-with-pe-studio"},{"name":"performing-steganography-detection","description":"Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover covert communication channels.","domain":"cybersecurity","path":"skills/performing-steganography-detection"},{"name":"performing-subdomain-enumeration-with-subfinder","description":"Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.","domain":"cybersecurity","path":"skills/performing-subdomain-enumeration-with-subfinder"},{"name":"performing-supply-chain-attack-simulation","description":"Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.","domain":"cybersecurity","path":"skills/performing-supply-chain-attack-simulation"},{"name":"performing-thick-client-application-penetration-test","description":"Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,","domain":"cybersecurity","path":"skills/performing-thick-client-application-penetration-test"},{"name":"performing-threat-emulation-with-atomic-red-team","description":"'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.","domain":"cybersecurity","path":"skills/performing-threat-emulation-with-atomic-red-team"},{"name":"performing-threat-hunting-with-elastic-siem","description":"'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-elastic-siem"},{"name":"performing-threat-hunting-with-yara-rules","description":"'Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-yara-rules"},{"name":"performing-threat-intelligence-sharing-with-misp","description":"Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.","domain":"cybersecurity","path":"skills/performing-threat-intelligence-sharing-with-misp"},{"name":"performing-threat-landscape-assessment-for-sector","description":"Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack","domain":"cybersecurity","path":"skills/performing-threat-landscape-assessment-for-sector"},{"name":"performing-threat-modeling-with-owasp-threat-dragon","description":"Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,","domain":"cybersecurity","path":"skills/performing-threat-modeling-with-owasp-threat-dragon"},{"name":"performing-timeline-reconstruction-with-plaso","description":"Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems, logs, and artifacts into a unified chronological view.","domain":"cybersecurity","path":"skills/performing-timeline-reconstruction-with-plaso"},{"name":"performing-user-behavior-analytics","description":">","domain":"cybersecurity","path":"skills/performing-user-behavior-analytics"},{"name":"performing-vlan-hopping-attack","description":">","domain":"cybersecurity","path":"skills/performing-vlan-hopping-attack"},{"name":"performing-vulnerability-scanning-with-nessus","description":">","domain":"cybersecurity","path":"skills/performing-vulnerability-scanning-with-nessus"},{"name":"performing-web-application-firewall-bypass","description":"Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution, and payload obfuscation to deliver SQL injection, XSS, and other attack payloads past WAF detection rules.","domain":"cybersecurity","path":"skills/performing-web-application-firewall-bypass"},{"name":"performing-web-application-penetration-test","description":">","domain":"cybersecurity","path":"skills/performing-web-application-penetration-test"},{"name":"performing-web-application-scanning-with-nikto","description":"Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies ve","domain":"cybersecurity","path":"skills/performing-web-application-scanning-with-nikto"},{"name":"performing-web-application-vulnerability-triage","description":"Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.","domain":"cybersecurity","path":"skills/performing-web-application-vulnerability-triage"},{"name":"performing-web-cache-deception-attack","description":"Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers and origin servers to cache and retrieve sensitive authenticated content.","domain":"cybersecurity","path":"skills/performing-web-cache-deception-attack"},{"name":"performing-web-cache-poisoning-attack","description":"Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through unkeyed headers and parameters during authorized security tests.","domain":"cybersecurity","path":"skills/performing-web-cache-poisoning-attack"},{"name":"performing-wifi-password-cracking-with-aircrack","description":">","domain":"cybersecurity","path":"skills/performing-wifi-password-cracking-with-aircrack"},{"name":"performing-windows-artifact-analysis-with-eric-zimmerman-tools","description":"Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including KAPE, MFTECmd, PECmd, LECmd, JLECmd, and Timeline Explorer for parsing registry hives, prefetch files, event logs, and file system metadata.","domain":"cybersecurity","path":"skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools"},{"name":"performing-wireless-network-penetration-test","description":"Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3 keys, detecting rogue access points, and testing wireless segmentation using Aircrack-ng and related tools.","domain":"cybersecurity","path":"skills/performing-wireless-network-penetration-test"},{"name":"performing-wireless-security-assessment-with-kismet","description":"Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak encryption, and unauthorized clients through passive RF monitoring.","domain":"cybersecurity","path":"skills/performing-wireless-security-assessment-with-kismet"},{"name":"performing-yara-rule-development-for-detection","description":"Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.","domain":"cybersecurity","path":"skills/performing-yara-rule-development-for-detection"},{"name":"prioritizing-vulnerabilities-with-cvss-scoring","description":"The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident Response and Security Teams) for assessing vulnerability severity. CVSS v4.0 (r","domain":"cybersecurity","path":"skills/prioritizing-vulnerabilities-with-cvss-scoring"},{"name":"processing-stix-taxii-feeds","description":">","domain":"cybersecurity","path":"skills/processing-stix-taxii-feeds"},{"name":"profiling-threat-actor-groups","description":">","domain":"cybersecurity","path":"skills/profiling-threat-actor-groups"},{"name":"recovering-deleted-files-with-photorec","description":"Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine","domain":"cybersecurity","path":"skills/recovering-deleted-files-with-photorec"},{"name":"recovering-from-ransomware-attack","description":">","domain":"cybersecurity","path":"skills/recovering-from-ransomware-attack"},{"name":"remediating-s3-bucket-misconfiguration","description":">","domain":"cybersecurity","path":"skills/remediating-s3-bucket-misconfiguration"},{"name":"reverse-engineering-android-malware-with-jadx","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-android-malware-with-jadx"},{"name":"reverse-engineering-dotnet-malware-with-dnspy","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-dotnet-malware-with-dnspy"},{"name":"reverse-engineering-ios-app-with-frida","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-ios-app-with-frida"},{"name":"reverse-engineering-malware-with-ghidra","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-malware-with-ghidra"},{"name":"reverse-engineering-ransomware-encryption-routine","description":"Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and","domain":"cybersecurity","path":"skills/reverse-engineering-ransomware-encryption-routine"},{"name":"reverse-engineering-rust-malware","description":"Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated strings, crate dependency extraction, and Rust-specific control flow analysis.","domain":"cybersecurity","path":"skills/reverse-engineering-rust-malware"},{"name":"scanning-container-images-with-grype","description":"Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.","domain":"cybersecurity","path":"skills/scanning-container-images-with-grype"},{"name":"scanning-containers-with-trivy-in-cicd","description":">","domain":"cybersecurity","path":"skills/scanning-containers-with-trivy-in-cicd"},{"name":"scanning-docker-images-with-trivy","description":"Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati","domain":"cybersecurity","path":"skills/scanning-docker-images-with-trivy"},{"name":"scanning-infrastructure-with-nessus","description":"Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrastructure including servers, workstations, network devices, and operating systems.","domain":"cybersecurity","path":"skills/scanning-infrastructure-with-nessus"},{"name":"scanning-kubernetes-manifests-with-kubesec","description":"Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.","domain":"cybersecurity","path":"skills/scanning-kubernetes-manifests-with-kubesec"},{"name":"scanning-network-with-nmap-advanced","description":">","domain":"cybersecurity","path":"skills/scanning-network-with-nmap-advanced"},{"name":"securing-api-gateway-with-aws-waf","description":">","domain":"cybersecurity","path":"skills/securing-api-gateway-with-aws-waf"},{"name":"securing-aws-iam-permissions","description":">","domain":"cybersecurity","path":"skills/securing-aws-iam-permissions"},{"name":"securing-aws-lambda-execution-roles","description":">","domain":"cybersecurity","path":"skills/securing-aws-lambda-execution-roles"},{"name":"securing-azure-with-microsoft-defender","description":"'This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application","domain":"cybersecurity","path":"skills/securing-azure-with-microsoft-defender"},{"name":"securing-container-registry-images","description":">","domain":"cybersecurity","path":"skills/securing-container-registry-images"},{"name":"securing-container-registry-with-harbor","description":"Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated Trivy), image signing (Notary/Cosign), RBAC, content trust policies, replicatio","domain":"cybersecurity","path":"skills/securing-container-registry-with-harbor"},{"name":"securing-github-actions-workflows","description":">","domain":"cybersecurity","path":"skills/securing-github-actions-workflows"},{"name":"securing-helm-chart-deployments","description":"Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing security contexts in Kubernetes releases.","domain":"cybersecurity","path":"skills/securing-helm-chart-deployments"},{"name":"securing-historian-server-in-ot-environment","description":">","domain":"cybersecurity","path":"skills/securing-historian-server-in-ot-environment"},{"name":"securing-kubernetes-on-cloud","description":">","domain":"cybersecurity","path":"skills/securing-kubernetes-on-cloud"},{"name":"securing-remote-access-to-ot-environment","description":">","domain":"cybersecurity","path":"skills/securing-remote-access-to-ot-environment"},{"name":"securing-serverless-functions","description":">","domain":"cybersecurity","path":"skills/securing-serverless-functions"},{"name":"testing-android-intents-for-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/testing-android-intents-for-vulnerabilities"},{"name":"testing-api-authentication-weaknesses","description":">","domain":"cybersecurity","path":"skills/testing-api-authentication-weaknesses"},{"name":"testing-api-for-broken-object-level-authorization","description":">","domain":"cybersecurity","path":"skills/testing-api-for-broken-object-level-authorization"},{"name":"testing-api-for-mass-assignment-vulnerability","description":">","domain":"cybersecurity","path":"skills/testing-api-for-mass-assignment-vulnerability"},{"name":"testing-api-security-with-owasp-top-10","description":"Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.","domain":"cybersecurity","path":"skills/testing-api-security-with-owasp-top-10"},{"name":"testing-cors-misconfiguration","description":"Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.","domain":"cybersecurity","path":"skills/testing-cors-misconfiguration"},{"name":"testing-for-broken-access-control","description":"Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.","domain":"cybersecurity","path":"skills/testing-for-broken-access-control"},{"name":"testing-for-business-logic-vulnerabilities","description":"Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.","domain":"cybersecurity","path":"skills/testing-for-business-logic-vulnerabilities"},{"name":"testing-for-email-header-injection","description":"Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject additional email headers, modify recipients, and abuse contact forms for spam relay.","domain":"cybersecurity","path":"skills/testing-for-email-header-injection"},{"name":"testing-for-host-header-injection","description":"Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.","domain":"cybersecurity","path":"skills/testing-for-host-header-injection"},{"name":"testing-for-json-web-token-vulnerabilities","description":"Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.","domain":"cybersecurity","path":"skills/testing-for-json-web-token-vulnerabilities"},{"name":"testing-for-open-redirect-vulnerabilities","description":"Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.","domain":"cybersecurity","path":"skills/testing-for-open-redirect-vulnerabilities"},{"name":"testing-for-sensitive-data-exposure","description":"Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,","domain":"cybersecurity","path":"skills/testing-for-sensitive-data-exposure"},{"name":"testing-for-xml-injection-vulnerabilities","description":"Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.","domain":"cybersecurity","path":"skills/testing-for-xml-injection-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities-with-burpsuite","description":"Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities-with-burpsuite"},{"name":"testing-for-xxe-injection-vulnerabilities","description":"Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.","domain":"cybersecurity","path":"skills/testing-for-xxe-injection-vulnerabilities"},{"name":"testing-jwt-token-security","description":"Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.","domain":"cybersecurity","path":"skills/testing-jwt-token-security"},{"name":"testing-mobile-api-authentication","description":">","domain":"cybersecurity","path":"skills/testing-mobile-api-authentication"},{"name":"testing-oauth2-implementation-flaws","description":">","domain":"cybersecurity","path":"skills/testing-oauth2-implementation-flaws"},{"name":"testing-ransomware-recovery-procedures","description":">-","domain":"cybersecurity","path":"skills/testing-ransomware-recovery-procedures"},{"name":"testing-websocket-api-security","description":">","domain":"cybersecurity","path":"skills/testing-websocket-api-security"},{"name":"tracking-threat-actor-infrastructure","description":"Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a","domain":"cybersecurity","path":"skills/tracking-threat-actor-infrastructure"},{"name":"triaging-security-alerts-in-splunk","description":">","domain":"cybersecurity","path":"skills/triaging-security-alerts-in-splunk"},{"name":"triaging-security-incident","description":"","domain":"cybersecurity","path":"skills/triaging-security-incident"},{"name":"triaging-security-incident-with-ir-playbook","description":"Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response teams, and initiate appropriate response procedures.","domain":"cybersecurity","path":"skills/triaging-security-incident-with-ir-playbook"},{"name":"triaging-vulnerabilities-with-ssvc-framework","description":"Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree framework to produce actionable remediation priorities.","domain":"cybersecurity","path":"skills/triaging-vulnerabilities-with-ssvc-framework"},{"name":"validating-backup-integrity-for-recovery","description":">-","domain":"cybersecurity","path":"skills/validating-backup-integrity-for-recovery"}]}
\ No newline at end of file
+{"version":"1.1.0","generated_at":"2026-04-06T09:17:51Z","repository":"https://github.com/mukul975/Anthropic-Cybersecurity-Skills","domain":"cybersecurity","total_skills":754,"skills":[{"name":"acquiring-disk-image-with-dd-and-dcfldd","description":"Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through","domain":"cybersecurity","path":"skills/acquiring-disk-image-with-dd-and-dcfldd"},{"name":"analyzing-active-directory-acl-abuse","description":"Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and","domain":"cybersecurity","path":"skills/analyzing-active-directory-acl-abuse"},{"name":"analyzing-android-malware-with-apktool","description":"Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source","domain":"cybersecurity","path":"skills/analyzing-android-malware-with-apktool"},{"name":"analyzing-api-gateway-access-logs","description":"'Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,","domain":"cybersecurity","path":"skills/analyzing-api-gateway-access-logs"},{"name":"analyzing-apt-group-with-mitre-navigator","description":"Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps","domain":"cybersecurity","path":"skills/analyzing-apt-group-with-mitre-navigator"},{"name":"analyzing-azure-activity-logs-for-threats","description":"'Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative","domain":"cybersecurity","path":"skills/analyzing-azure-activity-logs-for-threats"},{"name":"analyzing-bootkit-and-rootkit-samples","description":"'Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record","domain":"cybersecurity","path":"skills/analyzing-bootkit-and-rootkit-samples"},{"name":"analyzing-browser-forensics-with-hindsight","description":"Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached","domain":"cybersecurity","path":"skills/analyzing-browser-forensics-with-hindsight"},{"name":"analyzing-campaign-attribution-evidence","description":"Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or","domain":"cybersecurity","path":"skills/analyzing-campaign-attribution-evidence"},{"name":"analyzing-certificate-transparency-for-phishing","description":"Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,","domain":"cybersecurity","path":"skills/analyzing-certificate-transparency-for-phishing"},{"name":"analyzing-cloud-storage-access-patterns","description":"Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS","domain":"cybersecurity","path":"skills/analyzing-cloud-storage-access-patterns"},{"name":"analyzing-cobalt-strike-beacon-configuration","description":"Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure,","domain":"cybersecurity","path":"skills/analyzing-cobalt-strike-beacon-configuration"},{"name":"analyzing-cobaltstrike-malleable-c2-profiles","description":"Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract","domain":"cybersecurity","path":"skills/analyzing-cobaltstrike-malleable-c2-profiles"},{"name":"analyzing-command-and-control-communication","description":"'Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures,","domain":"cybersecurity","path":"skills/analyzing-command-and-control-communication"},{"name":"analyzing-cyber-kill-chain","description":"'Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases","domain":"cybersecurity","path":"skills/analyzing-cyber-kill-chain"},{"name":"analyzing-disk-image-with-autopsy","description":"Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and","domain":"cybersecurity","path":"skills/analyzing-disk-image-with-autopsy"},{"name":"analyzing-dns-logs-for-exfiltration","description":"'Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert","domain":"cybersecurity","path":"skills/analyzing-dns-logs-for-exfiltration"},{"name":"analyzing-docker-container-forensics","description":"Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to","domain":"cybersecurity","path":"skills/analyzing-docker-container-forensics"},{"name":"analyzing-email-headers-for-phishing-investigation","description":"Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify","domain":"cybersecurity","path":"skills/analyzing-email-headers-for-phishing-investigation"},{"name":"analyzing-ethereum-smart-contract-vulnerabilities","description":"Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,","domain":"cybersecurity","path":"skills/analyzing-ethereum-smart-contract-vulnerabilities"},{"name":"analyzing-golang-malware-with-ghidra","description":"Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction,","domain":"cybersecurity","path":"skills/analyzing-golang-malware-with-ghidra"},{"name":"analyzing-heap-spray-exploitation","description":"Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,","domain":"cybersecurity","path":"skills/analyzing-heap-spray-exploitation"},{"name":"analyzing-indicators-of-compromise","description":"'Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts","domain":"cybersecurity","path":"skills/analyzing-indicators-of-compromise"},{"name":"analyzing-ios-app-security-with-objection","description":"'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that","domain":"cybersecurity","path":"skills/analyzing-ios-app-security-with-objection"},{"name":"analyzing-kubernetes-audit-logs","description":"'Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications,","domain":"cybersecurity","path":"skills/analyzing-kubernetes-audit-logs"},{"name":"analyzing-linux-audit-logs-for-intrusion","description":"'Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized","domain":"cybersecurity","path":"skills/analyzing-linux-audit-logs-for-intrusion"},{"name":"analyzing-linux-elf-malware","description":"'Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,","domain":"cybersecurity","path":"skills/analyzing-linux-elf-malware"},{"name":"analyzing-linux-kernel-rootkits","description":"Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules),","domain":"cybersecurity","path":"skills/analyzing-linux-kernel-rootkits"},{"name":"analyzing-linux-system-artifacts","description":"Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover","domain":"cybersecurity","path":"skills/analyzing-linux-system-artifacts"},{"name":"analyzing-lnk-file-and-jump-list-artifacts","description":"Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution,","domain":"cybersecurity","path":"skills/analyzing-lnk-file-and-jump-list-artifacts"},{"name":"analyzing-macro-malware-in-office-documents","description":"'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download","domain":"cybersecurity","path":"skills/analyzing-macro-malware-in-office-documents"},{"name":"analyzing-malicious-pdf-with-peepdf","description":"Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript,","domain":"cybersecurity","path":"skills/analyzing-malicious-pdf-with-peepdf"},{"name":"analyzing-malicious-url-with-urlscan","description":"URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,","domain":"cybersecurity","path":"skills/analyzing-malicious-url-with-urlscan"},{"name":"analyzing-malware-behavior-with-cuckoo-sandbox","description":"'Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system","domain":"cybersecurity","path":"skills/analyzing-malware-behavior-with-cuckoo-sandbox"},{"name":"analyzing-malware-family-relationships-with-malpedia","description":"Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families","domain":"cybersecurity","path":"skills/analyzing-malware-family-relationships-with-malpedia"},{"name":"analyzing-malware-persistence-with-autoruns","description":"Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry","domain":"cybersecurity","path":"skills/analyzing-malware-persistence-with-autoruns"},{"name":"analyzing-malware-sandbox-evasion-techniques","description":"Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction","domain":"cybersecurity","path":"skills/analyzing-malware-sandbox-evasion-techniques"},{"name":"analyzing-memory-dumps-with-volatility","description":"'Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes,","domain":"cybersecurity","path":"skills/analyzing-memory-dumps-with-volatility"},{"name":"analyzing-memory-forensics-with-lime-and-volatility","description":"'Performs Linux memory acquisition using LiME (Linux Memory Extractor) kernel module and analysis with Volatility","domain":"cybersecurity","path":"skills/analyzing-memory-forensics-with-lime-and-volatility"},{"name":"analyzing-mft-for-deleted-file-recovery","description":"Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record","domain":"cybersecurity","path":"skills/analyzing-mft-for-deleted-file-recovery"},{"name":"analyzing-network-covert-channels-in-malware","description":"Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,","domain":"cybersecurity","path":"skills/analyzing-network-covert-channels-in-malware"},{"name":"analyzing-network-flow-data-with-netflow","description":"Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing","domain":"cybersecurity","path":"skills/analyzing-network-flow-data-with-netflow"},{"name":"analyzing-network-packets-with-scapy","description":"Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and","domain":"cybersecurity","path":"skills/analyzing-network-packets-with-scapy"},{"name":"analyzing-network-traffic-for-incidents","description":"'Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including","domain":"cybersecurity","path":"skills/analyzing-network-traffic-for-incidents"},{"name":"analyzing-network-traffic-of-malware","description":"'Analyzes network traffic generated by malware during sandbox execution or live incident response to identify","domain":"cybersecurity","path":"skills/analyzing-network-traffic-of-malware"},{"name":"analyzing-network-traffic-with-wireshark","description":"'Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,","domain":"cybersecurity","path":"skills/analyzing-network-traffic-with-wireshark"},{"name":"analyzing-office365-audit-logs-for-compromise","description":"Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation,","domain":"cybersecurity","path":"skills/analyzing-office365-audit-logs-for-compromise"},{"name":"analyzing-outlook-pst-for-email-forensics","description":"Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,","domain":"cybersecurity","path":"skills/analyzing-outlook-pst-for-email-forensics"},{"name":"analyzing-packed-malware-with-upx-unpacker","description":"'Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for","domain":"cybersecurity","path":"skills/analyzing-packed-malware-with-upx-unpacker"},{"name":"analyzing-pdf-malware-with-pdfid","description":"'Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,","domain":"cybersecurity","path":"skills/analyzing-pdf-malware-with-pdfid"},{"name":"analyzing-persistence-mechanisms-in-linux","description":"Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD","domain":"cybersecurity","path":"skills/analyzing-persistence-mechanisms-in-linux"},{"name":"analyzing-powershell-empire-artifacts","description":"Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns,","domain":"cybersecurity","path":"skills/analyzing-powershell-empire-artifacts"},{"name":"analyzing-powershell-script-block-logging","description":"Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files to detect obfuscated commands, encoded","domain":"cybersecurity","path":"skills/analyzing-powershell-script-block-logging"},{"name":"analyzing-prefetch-files-for-execution-history","description":"Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced","domain":"cybersecurity","path":"skills/analyzing-prefetch-files-for-execution-history"},{"name":"analyzing-ransomware-encryption-mechanisms","description":"'Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to","domain":"cybersecurity","path":"skills/analyzing-ransomware-encryption-mechanisms"},{"name":"analyzing-ransomware-leak-site-intelligence","description":"Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence","domain":"cybersecurity","path":"skills/analyzing-ransomware-leak-site-intelligence"},{"name":"analyzing-ransomware-network-indicators","description":"Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration","domain":"cybersecurity","path":"skills/analyzing-ransomware-network-indicators"},{"name":"analyzing-ransomware-payment-wallets","description":"'Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor,","domain":"cybersecurity","path":"skills/analyzing-ransomware-payment-wallets"},{"name":"analyzing-sbom-for-supply-chain-vulnerabilities","description":"'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities","domain":"cybersecurity","path":"skills/analyzing-sbom-for-supply-chain-vulnerabilities"},{"name":"analyzing-security-logs-with-splunk","description":"'Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents","domain":"cybersecurity","path":"skills/analyzing-security-logs-with-splunk"},{"name":"analyzing-slack-space-and-file-system-artifacts","description":"Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data","domain":"cybersecurity","path":"skills/analyzing-slack-space-and-file-system-artifacts"},{"name":"analyzing-supply-chain-malware-artifacts","description":"Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,","domain":"cybersecurity","path":"skills/analyzing-supply-chain-malware-artifacts"},{"name":"analyzing-threat-actor-ttps-with-mitre-attack","description":"MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-attack"},{"name":"analyzing-threat-actor-ttps-with-mitre-navigator","description":"'Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-navigator"},{"name":"analyzing-threat-intelligence-feeds","description":"'Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics,","domain":"cybersecurity","path":"skills/analyzing-threat-intelligence-feeds"},{"name":"analyzing-threat-landscape-with-misp","description":"Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,","domain":"cybersecurity","path":"skills/analyzing-threat-landscape-with-misp"},{"name":"analyzing-tls-certificate-transparency-logs","description":"'Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate","domain":"cybersecurity","path":"skills/analyzing-tls-certificate-transparency-logs"},{"name":"analyzing-typosquatting-domains-with-dnstwist","description":"Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations","domain":"cybersecurity","path":"skills/analyzing-typosquatting-domains-with-dnstwist"},{"name":"analyzing-uefi-bootkit-persistence","description":"'Analyzes UEFI bootkit persistence mechanisms including firmware implants in SPI flash, EFI System Partition","domain":"cybersecurity","path":"skills/analyzing-uefi-bootkit-persistence"},{"name":"analyzing-usb-device-connection-history","description":"Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable","domain":"cybersecurity","path":"skills/analyzing-usb-device-connection-history"},{"name":"analyzing-web-server-logs-for-intrusion","description":"Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal,","domain":"cybersecurity","path":"skills/analyzing-web-server-logs-for-intrusion"},{"name":"analyzing-windows-amcache-artifacts","description":"'Parses and analyzes the Windows Amcache.hve registry hive to extract evidence of program execution, application","domain":"cybersecurity","path":"skills/analyzing-windows-amcache-artifacts"},{"name":"analyzing-windows-event-logs-in-splunk","description":"'Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege","domain":"cybersecurity","path":"skills/analyzing-windows-event-logs-in-splunk"},{"name":"analyzing-windows-lnk-files-for-artifacts","description":"Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers","domain":"cybersecurity","path":"skills/analyzing-windows-lnk-files-for-artifacts"},{"name":"analyzing-windows-prefetch-with-python","description":"Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history,","domain":"cybersecurity","path":"skills/analyzing-windows-prefetch-with-python"},{"name":"analyzing-windows-registry-for-artifacts","description":"Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and","domain":"cybersecurity","path":"skills/analyzing-windows-registry-for-artifacts"},{"name":"analyzing-windows-shellbag-artifacts","description":"Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable","domain":"cybersecurity","path":"skills/analyzing-windows-shellbag-artifacts"},{"name":"auditing-aws-s3-bucket-permissions","description":"'Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs,","domain":"cybersecurity","path":"skills/auditing-aws-s3-bucket-permissions"},{"name":"auditing-azure-active-directory-configuration","description":"'Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies,","domain":"cybersecurity","path":"skills/auditing-azure-active-directory-configuration"},{"name":"auditing-cloud-with-cis-benchmarks","description":"'This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS,","domain":"cybersecurity","path":"skills/auditing-cloud-with-cis-benchmarks"},{"name":"auditing-gcp-iam-permissions","description":"'Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage,","domain":"cybersecurity","path":"skills/auditing-gcp-iam-permissions"},{"name":"auditing-kubernetes-cluster-rbac","description":"'Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous","domain":"cybersecurity","path":"skills/auditing-kubernetes-cluster-rbac"},{"name":"auditing-terraform-infrastructure-for-security","description":"'Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and","domain":"cybersecurity","path":"skills/auditing-terraform-infrastructure-for-security"},{"name":"auditing-tls-certificate-transparency-logs","description":"'Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains","domain":"cybersecurity","path":"skills/auditing-tls-certificate-transparency-logs"},{"name":"automating-ioc-enrichment","description":"'Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using","domain":"cybersecurity","path":"skills/automating-ioc-enrichment"},{"name":"building-adversary-infrastructure-tracking-system","description":"Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS","domain":"cybersecurity","path":"skills/building-adversary-infrastructure-tracking-system"},{"name":"building-attack-pattern-library-from-cti-reports","description":"Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library","domain":"cybersecurity","path":"skills/building-attack-pattern-library-from-cti-reports"},{"name":"building-automated-malware-submission-pipeline","description":"'Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and","domain":"cybersecurity","path":"skills/building-automated-malware-submission-pipeline"},{"name":"building-c2-infrastructure-with-sliver-framework","description":"Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with","domain":"cybersecurity","path":"skills/building-c2-infrastructure-with-sliver-framework"},{"name":"building-cloud-siem-with-sentinel","description":"'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security","domain":"cybersecurity","path":"skills/building-cloud-siem-with-sentinel"},{"name":"building-detection-rule-with-splunk-spl","description":"Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify","domain":"cybersecurity","path":"skills/building-detection-rule-with-splunk-spl"},{"name":"building-detection-rules-with-sigma","description":"'Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms","domain":"cybersecurity","path":"skills/building-detection-rules-with-sigma"},{"name":"building-devsecops-pipeline-with-gitlab-ci","description":"Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,","domain":"cybersecurity","path":"skills/building-devsecops-pipeline-with-gitlab-ci"},{"name":"building-identity-federation-with-saml-azure-ad","description":"Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID)","domain":"cybersecurity","path":"skills/building-identity-federation-with-saml-azure-ad"},{"name":"building-identity-governance-lifecycle-process","description":"'Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,","domain":"cybersecurity","path":"skills/building-identity-governance-lifecycle-process"},{"name":"building-incident-response-dashboard","description":"'Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership","domain":"cybersecurity","path":"skills/building-incident-response-dashboard"},{"name":"building-incident-response-playbook","description":"'Designs and documents structured incident response playbooks that define step-by-step procedures for specific","domain":"cybersecurity","path":"skills/building-incident-response-playbook"},{"name":"building-incident-timeline-with-timesketch","description":"Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source","domain":"cybersecurity","path":"skills/building-incident-timeline-with-timesketch"},{"name":"building-ioc-defanging-and-sharing-pipeline","description":"Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing","domain":"cybersecurity","path":"skills/building-ioc-defanging-and-sharing-pipeline"},{"name":"building-ioc-enrichment-pipeline-with-opencti","description":"OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its","domain":"cybersecurity","path":"skills/building-ioc-enrichment-pipeline-with-opencti"},{"name":"building-malware-incident-communication-template","description":"Build structured communication templates for malware incidents including stakeholder notifications, executive","domain":"cybersecurity","path":"skills/building-malware-incident-communication-template"},{"name":"building-patch-tuesday-response-process","description":"Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates","domain":"cybersecurity","path":"skills/building-patch-tuesday-response-process"},{"name":"building-phishing-reporting-button-workflow","description":"Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported","domain":"cybersecurity","path":"skills/building-phishing-reporting-button-workflow"},{"name":"building-ransomware-playbook-with-cisa-framework","description":"'Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST","domain":"cybersecurity","path":"skills/building-ransomware-playbook-with-cisa-framework"},{"name":"building-red-team-c2-infrastructure-with-havoc","description":"Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for","domain":"cybersecurity","path":"skills/building-red-team-c2-infrastructure-with-havoc"},{"name":"building-role-mining-for-rbac-optimization","description":"Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission","domain":"cybersecurity","path":"skills/building-role-mining-for-rbac-optimization"},{"name":"building-soc-escalation-matrix","description":"Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification","domain":"cybersecurity","path":"skills/building-soc-escalation-matrix"},{"name":"building-soc-metrics-and-kpi-tracking","description":"'Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to","domain":"cybersecurity","path":"skills/building-soc-metrics-and-kpi-tracking"},{"name":"building-soc-playbook-for-ransomware","description":"'Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,","domain":"cybersecurity","path":"skills/building-soc-playbook-for-ransomware"},{"name":"building-threat-actor-profile-from-osint","description":"Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary","domain":"cybersecurity","path":"skills/building-threat-actor-profile-from-osint"},{"name":"building-threat-feed-aggregation-with-misp","description":"Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence","domain":"cybersecurity","path":"skills/building-threat-feed-aggregation-with-misp"},{"name":"building-threat-hunt-hypothesis-framework","description":"Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and","domain":"cybersecurity","path":"skills/building-threat-hunt-hypothesis-framework"},{"name":"building-threat-intelligence-enrichment-in-splunk","description":"Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular","domain":"cybersecurity","path":"skills/building-threat-intelligence-enrichment-in-splunk"},{"name":"building-threat-intelligence-feed-integration","description":"'Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat","domain":"cybersecurity","path":"skills/building-threat-intelligence-feed-integration"},{"name":"building-threat-intelligence-platform","description":"Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified","domain":"cybersecurity","path":"skills/building-threat-intelligence-platform"},{"name":"building-vulnerability-aging-and-sla-tracking","description":"Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against","domain":"cybersecurity","path":"skills/building-vulnerability-aging-and-sla-tracking"},{"name":"building-vulnerability-dashboard-with-defectdojo","description":"Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,","domain":"cybersecurity","path":"skills/building-vulnerability-dashboard-with-defectdojo"},{"name":"building-vulnerability-exception-tracking-system","description":"Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls","domain":"cybersecurity","path":"skills/building-vulnerability-exception-tracking-system"},{"name":"building-vulnerability-scanning-workflow","description":"'Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,","domain":"cybersecurity","path":"skills/building-vulnerability-scanning-workflow"},{"name":"bypassing-authentication-with-forced-browsing","description":"Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing","domain":"cybersecurity","path":"skills/bypassing-authentication-with-forced-browsing"},{"name":"collecting-indicators-of-compromise","description":"'Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security","domain":"cybersecurity","path":"skills/collecting-indicators-of-compromise"},{"name":"collecting-open-source-intelligence","description":"'Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and","domain":"cybersecurity","path":"skills/collecting-open-source-intelligence"},{"name":"collecting-threat-intelligence-with-misp","description":"MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,","domain":"cybersecurity","path":"skills/collecting-threat-intelligence-with-misp"},{"name":"collecting-volatile-evidence-from-compromised-host","description":"Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory,","domain":"cybersecurity","path":"skills/collecting-volatile-evidence-from-compromised-host"},{"name":"conducting-api-security-testing","description":"'Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,","domain":"cybersecurity","path":"skills/conducting-api-security-testing"},{"name":"conducting-cloud-incident-response","description":"'Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,","domain":"cybersecurity","path":"skills/conducting-cloud-incident-response"},{"name":"conducting-cloud-penetration-testing","description":"'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP","domain":"cybersecurity","path":"skills/conducting-cloud-penetration-testing"},{"name":"conducting-domain-persistence-with-dcsync","description":"Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting","domain":"cybersecurity","path":"skills/conducting-domain-persistence-with-dcsync"},{"name":"conducting-external-reconnaissance-with-osint","description":"'Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s","domain":"cybersecurity","path":"skills/conducting-external-reconnaissance-with-osint"},{"name":"conducting-full-scope-red-team-engagement","description":"Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using","domain":"cybersecurity","path":"skills/conducting-full-scope-red-team-engagement"},{"name":"conducting-internal-network-penetration-test","description":"Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify","domain":"cybersecurity","path":"skills/conducting-internal-network-penetration-test"},{"name":"conducting-internal-reconnaissance-with-bloodhound-ce","description":"Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify","domain":"cybersecurity","path":"skills/conducting-internal-reconnaissance-with-bloodhound-ce"},{"name":"conducting-malware-incident-response","description":"'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection","domain":"cybersecurity","path":"skills/conducting-malware-incident-response"},{"name":"conducting-man-in-the-middle-attack-simulation","description":"'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,","domain":"cybersecurity","path":"skills/conducting-man-in-the-middle-attack-simulation"},{"name":"conducting-memory-forensics-with-volatility","description":"'Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,","domain":"cybersecurity","path":"skills/conducting-memory-forensics-with-volatility"},{"name":"conducting-mobile-app-penetration-test","description":"'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security","domain":"cybersecurity","path":"skills/conducting-mobile-app-penetration-test"},{"name":"conducting-network-penetration-test","description":"'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,","domain":"cybersecurity","path":"skills/conducting-network-penetration-test"},{"name":"conducting-pass-the-ticket-attack","description":"Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate","domain":"cybersecurity","path":"skills/conducting-pass-the-ticket-attack"},{"name":"conducting-phishing-incident-response","description":"'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,","domain":"cybersecurity","path":"skills/conducting-phishing-incident-response"},{"name":"conducting-post-incident-lessons-learned","description":"Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce","domain":"cybersecurity","path":"skills/conducting-post-incident-lessons-learned"},{"name":"conducting-social-engineering-penetration-test","description":"Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical","domain":"cybersecurity","path":"skills/conducting-social-engineering-penetration-test"},{"name":"conducting-social-engineering-pretext-call","description":"Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social","domain":"cybersecurity","path":"skills/conducting-social-engineering-pretext-call"},{"name":"conducting-spearphishing-simulation-campaign","description":"Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.","domain":"cybersecurity","path":"skills/conducting-spearphishing-simulation-campaign"},{"name":"conducting-wireless-network-penetration-test","description":"'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing","domain":"cybersecurity","path":"skills/conducting-wireless-network-penetration-test"},{"name":"configuring-active-directory-tiered-model","description":"Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.","domain":"cybersecurity","path":"skills/configuring-active-directory-tiered-model"},{"name":"configuring-aws-verified-access-for-ztna","description":"Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity","domain":"cybersecurity","path":"skills/configuring-aws-verified-access-for-ztna"},{"name":"configuring-certificate-authority-with-openssl","description":"A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking","domain":"cybersecurity","path":"skills/configuring-certificate-authority-with-openssl"},{"name":"configuring-host-based-intrusion-detection","description":"'Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and","domain":"cybersecurity","path":"skills/configuring-host-based-intrusion-detection"},{"name":"configuring-hsm-for-key-storage","description":"Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and","domain":"cybersecurity","path":"skills/configuring-hsm-for-key-storage"},{"name":"configuring-identity-aware-proxy-with-google-iap","description":"'Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute","domain":"cybersecurity","path":"skills/configuring-identity-aware-proxy-with-google-iap"},{"name":"configuring-ldap-security-hardening","description":"Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous","domain":"cybersecurity","path":"skills/configuring-ldap-security-hardening"},{"name":"configuring-microsegmentation-for-zero-trust","description":"Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like","domain":"cybersecurity","path":"skills/configuring-microsegmentation-for-zero-trust"},{"name":"configuring-multi-factor-authentication-with-duo","description":"Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points.","domain":"cybersecurity","path":"skills/configuring-multi-factor-authentication-with-duo"},{"name":"configuring-network-segmentation-with-vlans","description":"'Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce","domain":"cybersecurity","path":"skills/configuring-network-segmentation-with-vlans"},{"name":"configuring-oauth2-authorization-flow","description":"Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and","domain":"cybersecurity","path":"skills/configuring-oauth2-authorization-flow"},{"name":"configuring-pfsense-firewall-rules","description":"'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,","domain":"cybersecurity","path":"skills/configuring-pfsense-firewall-rules"},{"name":"configuring-snort-ids-for-intrusion-detection","description":"'Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious","domain":"cybersecurity","path":"skills/configuring-snort-ids-for-intrusion-detection"},{"name":"configuring-suricata-for-network-monitoring","description":"'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for","domain":"cybersecurity","path":"skills/configuring-suricata-for-network-monitoring"},{"name":"configuring-tls-1-3-for-secure-communications","description":"TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements","domain":"cybersecurity","path":"skills/configuring-tls-1-3-for-secure-communications"},{"name":"configuring-windows-defender-advanced-settings","description":"'Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction","domain":"cybersecurity","path":"skills/configuring-windows-defender-advanced-settings"},{"name":"configuring-windows-event-logging-for-detection","description":"'Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for","domain":"cybersecurity","path":"skills/configuring-windows-event-logging-for-detection"},{"name":"configuring-zscaler-private-access-for-ztna","description":"'Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying","domain":"cybersecurity","path":"skills/configuring-zscaler-private-access-for-ztna"},{"name":"containing-active-breach","description":"'Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed","domain":"cybersecurity","path":"skills/containing-active-breach"},{"name":"correlating-security-events-in-qradar","description":"'Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,","domain":"cybersecurity","path":"skills/correlating-security-events-in-qradar"},{"name":"correlating-threat-campaigns","description":"'Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify","domain":"cybersecurity","path":"skills/correlating-threat-campaigns"},{"name":"deobfuscating-javascript-malware","description":"'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing","domain":"cybersecurity","path":"skills/deobfuscating-javascript-malware"},{"name":"deobfuscating-powershell-obfuscated-malware","description":"Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like","domain":"cybersecurity","path":"skills/deobfuscating-powershell-obfuscated-malware"},{"name":"deploying-active-directory-honeytokens","description":"'Deploys deception-based honeytokens in Active Directory including fake privileged accounts with AdminCount=1,","domain":"cybersecurity","path":"skills/deploying-active-directory-honeytokens"},{"name":"deploying-cloudflare-access-for-zero-trust","description":"'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,","domain":"cybersecurity","path":"skills/deploying-cloudflare-access-for-zero-trust"},{"name":"deploying-decoy-files-for-ransomware-detection","description":"'Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time.","domain":"cybersecurity","path":"skills/deploying-decoy-files-for-ransomware-detection"},{"name":"deploying-edr-agent-with-crowdstrike","description":"'Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat","domain":"cybersecurity","path":"skills/deploying-edr-agent-with-crowdstrike"},{"name":"deploying-osquery-for-endpoint-monitoring","description":"'Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running","domain":"cybersecurity","path":"skills/deploying-osquery-for-endpoint-monitoring"},{"name":"deploying-palo-alto-prisma-access-zero-trust","description":"'Deploying Palo Alto Networks Prisma Access for SASE-based zero trust network access using GlobalProtect agents,","domain":"cybersecurity","path":"skills/deploying-palo-alto-prisma-access-zero-trust"},{"name":"deploying-ransomware-canary-files","description":"'Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for","domain":"cybersecurity","path":"skills/deploying-ransomware-canary-files"},{"name":"deploying-software-defined-perimeter","description":"Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual","domain":"cybersecurity","path":"skills/deploying-software-defined-perimeter"},{"name":"deploying-tailscale-for-zero-trust-vpn","description":"Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,","domain":"cybersecurity","path":"skills/deploying-tailscale-for-zero-trust-vpn"},{"name":"detecting-ai-model-prompt-injection-attacks","description":"'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex","domain":"cybersecurity","path":"skills/detecting-ai-model-prompt-injection-attacks"},{"name":"detecting-anomalies-in-industrial-control-systems","description":"'This skill covers deploying anomaly detection systems for industrial control environments using machine learning","domain":"cybersecurity","path":"skills/detecting-anomalies-in-industrial-control-systems"},{"name":"detecting-anomalous-authentication-patterns","description":"'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning","domain":"cybersecurity","path":"skills/detecting-anomalous-authentication-patterns"},{"name":"detecting-api-enumeration-attacks","description":"Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier","domain":"cybersecurity","path":"skills/detecting-api-enumeration-attacks"},{"name":"detecting-arp-poisoning-in-network-traffic","description":"Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom","domain":"cybersecurity","path":"skills/detecting-arp-poisoning-in-network-traffic"},{"name":"detecting-attacks-on-historian-servers","description":"'Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition, Wonderware) that sit at the IT/OT","domain":"cybersecurity","path":"skills/detecting-attacks-on-historian-servers"},{"name":"detecting-attacks-on-scada-systems","description":"'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems","domain":"cybersecurity","path":"skills/detecting-attacks-on-scada-systems"},{"name":"detecting-aws-cloudtrail-anomalies","description":"Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis","domain":"cybersecurity","path":"skills/detecting-aws-cloudtrail-anomalies"},{"name":"detecting-aws-credential-exposure-with-trufflehog","description":"'Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using","domain":"cybersecurity","path":"skills/detecting-aws-credential-exposure-with-trufflehog"},{"name":"detecting-aws-guardduty-findings-automation","description":"Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time","domain":"cybersecurity","path":"skills/detecting-aws-guardduty-findings-automation"},{"name":"detecting-aws-iam-privilege-escalation","description":"Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive","domain":"cybersecurity","path":"skills/detecting-aws-iam-privilege-escalation"},{"name":"detecting-azure-lateral-movement","description":"Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel","domain":"cybersecurity","path":"skills/detecting-azure-lateral-movement"},{"name":"detecting-azure-service-principal-abuse","description":"Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin","domain":"cybersecurity","path":"skills/detecting-azure-service-principal-abuse"},{"name":"detecting-azure-storage-account-misconfigurations","description":"Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing","domain":"cybersecurity","path":"skills/detecting-azure-storage-account-misconfigurations"},{"name":"detecting-beaconing-patterns-with-zeek","description":"'Performs statistical analysis of Zeek conn.log connection intervals to detect C2 beaconing patterns. Uses the","domain":"cybersecurity","path":"skills/detecting-beaconing-patterns-with-zeek"},{"name":"detecting-bluetooth-low-energy-attacks","description":"'Detects and analyzes Bluetooth Low Energy (BLE) security attacks including sniffing, replay attacks, GATT enumeration","domain":"cybersecurity","path":"skills/detecting-bluetooth-low-energy-attacks"},{"name":"detecting-broken-object-property-level-authorization","description":"Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive","domain":"cybersecurity","path":"skills/detecting-broken-object-property-level-authorization"},{"name":"detecting-business-email-compromise","description":"Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors,","domain":"cybersecurity","path":"skills/detecting-business-email-compromise"},{"name":"detecting-business-email-compromise-with-ai","description":"Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing","domain":"cybersecurity","path":"skills/detecting-business-email-compromise-with-ai"},{"name":"detecting-cloud-threats-with-guardduty","description":"'This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection","domain":"cybersecurity","path":"skills/detecting-cloud-threats-with-guardduty"},{"name":"detecting-command-and-control-over-dns","description":"'Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools","domain":"cybersecurity","path":"skills/detecting-command-and-control-over-dns"},{"name":"detecting-compromised-cloud-credentials","description":"'Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible","domain":"cybersecurity","path":"skills/detecting-compromised-cloud-credentials"},{"name":"detecting-container-drift-at-runtime","description":"Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system","domain":"cybersecurity","path":"skills/detecting-container-drift-at-runtime"},{"name":"detecting-container-escape-attempts","description":"Container escape is a critical attack technique where an adversary breaks out of container isolation to access","domain":"cybersecurity","path":"skills/detecting-container-escape-attempts"},{"name":"detecting-container-escape-with-falco-rules","description":"Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file","domain":"cybersecurity","path":"skills/detecting-container-escape-with-falco-rules"},{"name":"detecting-credential-dumping-techniques","description":"Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows","domain":"cybersecurity","path":"skills/detecting-credential-dumping-techniques"},{"name":"detecting-cryptomining-in-cloud","description":"'This skill teaches security teams how to detect and respond to unauthorized cryptocurrency mining operations","domain":"cybersecurity","path":"skills/detecting-cryptomining-in-cloud"},{"name":"detecting-dcsync-attack-in-active-directory","description":"Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes","domain":"cybersecurity","path":"skills/detecting-dcsync-attack-in-active-directory"},{"name":"detecting-deepfake-audio-in-vishing-attacks","description":"'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features","domain":"cybersecurity","path":"skills/detecting-deepfake-audio-in-vishing-attacks"},{"name":"detecting-dll-sideloading-attacks","description":"Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack","domain":"cybersecurity","path":"skills/detecting-dll-sideloading-attacks"},{"name":"detecting-dnp3-protocol-anomalies","description":"'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring","domain":"cybersecurity","path":"skills/detecting-dnp3-protocol-anomalies"},{"name":"detecting-dns-exfiltration-with-dns-query-analysis","description":"Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT","domain":"cybersecurity","path":"skills/detecting-dns-exfiltration-with-dns-query-analysis"},{"name":"detecting-email-account-compromise","description":"Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in","domain":"cybersecurity","path":"skills/detecting-email-account-compromise"},{"name":"detecting-email-forwarding-rules-attack","description":"Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications","domain":"cybersecurity","path":"skills/detecting-email-forwarding-rules-attack"},{"name":"detecting-evasion-techniques-in-endpoint-logs","description":"'Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,","domain":"cybersecurity","path":"skills/detecting-evasion-techniques-in-endpoint-logs"},{"name":"detecting-exfiltration-over-dns-with-zeek","description":"Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query","domain":"cybersecurity","path":"skills/detecting-exfiltration-over-dns-with-zeek"},{"name":"detecting-fileless-attacks-on-endpoints","description":"'Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files","domain":"cybersecurity","path":"skills/detecting-fileless-attacks-on-endpoints"},{"name":"detecting-fileless-malware-techniques","description":"'Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,","domain":"cybersecurity","path":"skills/detecting-fileless-malware-techniques"},{"name":"detecting-golden-ticket-attacks-in-kerberos-logs","description":"Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption","domain":"cybersecurity","path":"skills/detecting-golden-ticket-attacks-in-kerberos-logs"},{"name":"detecting-golden-ticket-forgery","description":"Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17),","domain":"cybersecurity","path":"skills/detecting-golden-ticket-forgery"},{"name":"detecting-insider-data-exfiltration-via-dlp","description":"'Detects insider data exfiltration by analyzing DLP policy violations, file access patterns, upload volume anomalies,","domain":"cybersecurity","path":"skills/detecting-insider-data-exfiltration-via-dlp"},{"name":"detecting-insider-threat-behaviors","description":"Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,","domain":"cybersecurity","path":"skills/detecting-insider-threat-behaviors"},{"name":"detecting-insider-threat-with-ueba","description":"Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate","domain":"cybersecurity","path":"skills/detecting-insider-threat-with-ueba"},{"name":"detecting-kerberoasting-attacks","description":"Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with","domain":"cybersecurity","path":"skills/detecting-kerberoasting-attacks"},{"name":"detecting-lateral-movement-in-network","description":"'Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-in-network"},{"name":"detecting-lateral-movement-with-splunk","description":"Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-splunk"},{"name":"detecting-lateral-movement-with-zeek","description":"'Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-zeek"},{"name":"detecting-living-off-the-land-attacks","description":"'Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-attacks"},{"name":"detecting-living-off-the-land-with-lolbas","description":"Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-with-lolbas"},{"name":"detecting-malicious-scheduled-tasks-with-sysmon","description":"'Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe),","domain":"cybersecurity","path":"skills/detecting-malicious-scheduled-tasks-with-sysmon"},{"name":"detecting-mimikatz-execution-patterns","description":"Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory","domain":"cybersecurity","path":"skills/detecting-mimikatz-execution-patterns"},{"name":"detecting-misconfigured-azure-storage","description":"'Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption","domain":"cybersecurity","path":"skills/detecting-misconfigured-azure-storage"},{"name":"detecting-mobile-malware-behavior","description":"'Detects and analyzes malicious behavior in mobile applications through behavioral analysis, permission abuse","domain":"cybersecurity","path":"skills/detecting-mobile-malware-behavior"},{"name":"detecting-modbus-command-injection-attacks","description":"'Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized","domain":"cybersecurity","path":"skills/detecting-modbus-command-injection-attacks"},{"name":"detecting-modbus-protocol-anomalies","description":"'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.","domain":"cybersecurity","path":"skills/detecting-modbus-protocol-anomalies"},{"name":"detecting-network-anomalies-with-zeek","description":"'Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate","domain":"cybersecurity","path":"skills/detecting-network-anomalies-with-zeek"},{"name":"detecting-network-scanning-with-ids-signatures","description":"Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection","domain":"cybersecurity","path":"skills/detecting-network-scanning-with-ids-signatures"},{"name":"detecting-ntlm-relay-with-event-correlation","description":"'Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for","domain":"cybersecurity","path":"skills/detecting-ntlm-relay-with-event-correlation"},{"name":"detecting-oauth-token-theft","description":"'Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra","domain":"cybersecurity","path":"skills/detecting-oauth-token-theft"},{"name":"detecting-pass-the-hash-attacks","description":"Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where","domain":"cybersecurity","path":"skills/detecting-pass-the-hash-attacks"},{"name":"detecting-pass-the-ticket-attacks","description":"Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous","domain":"cybersecurity","path":"skills/detecting-pass-the-ticket-attacks"},{"name":"detecting-port-scanning-with-fail2ban","description":"'Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,","domain":"cybersecurity","path":"skills/detecting-port-scanning-with-fail2ban"},{"name":"detecting-privilege-escalation-attempts","description":"Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-attempts"},{"name":"detecting-privilege-escalation-in-kubernetes-pods","description":"Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-in-kubernetes-pods"},{"name":"detecting-process-hollowing-technique","description":"Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child","domain":"cybersecurity","path":"skills/detecting-process-hollowing-technique"},{"name":"detecting-process-injection-techniques","description":"'Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,","domain":"cybersecurity","path":"skills/detecting-process-injection-techniques"},{"name":"detecting-qr-code-phishing-with-email-security","description":"Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious","domain":"cybersecurity","path":"skills/detecting-qr-code-phishing-with-email-security"},{"name":"detecting-ransomware-encryption-behavior","description":"'Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and","domain":"cybersecurity","path":"skills/detecting-ransomware-encryption-behavior"},{"name":"detecting-ransomware-precursors-in-network","description":"'Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access","domain":"cybersecurity","path":"skills/detecting-ransomware-precursors-in-network"},{"name":"detecting-rdp-brute-force-attacks","description":"Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event","domain":"cybersecurity","path":"skills/detecting-rdp-brute-force-attacks"},{"name":"detecting-rootkit-activity","description":"'Detects rootkit presence on compromised systems by identifying hidden processes, hooked system calls, modified","domain":"cybersecurity","path":"skills/detecting-rootkit-activity"},{"name":"detecting-s3-data-exfiltration-attempts","description":"'Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs,","domain":"cybersecurity","path":"skills/detecting-s3-data-exfiltration-attempts"},{"name":"detecting-serverless-function-injection","description":"'Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google","domain":"cybersecurity","path":"skills/detecting-serverless-function-injection"},{"name":"detecting-service-account-abuse","description":"Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement,","domain":"cybersecurity","path":"skills/detecting-service-account-abuse"},{"name":"detecting-shadow-api-endpoints","description":"Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis,","domain":"cybersecurity","path":"skills/detecting-shadow-api-endpoints"},{"name":"detecting-shadow-it-cloud-usage","description":"Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow","domain":"cybersecurity","path":"skills/detecting-shadow-it-cloud-usage"},{"name":"detecting-spearphishing-with-email-gateway","description":"Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam","domain":"cybersecurity","path":"skills/detecting-spearphishing-with-email-gateway"},{"name":"detecting-sql-injection-via-waf-logs","description":"Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity","domain":"cybersecurity","path":"skills/detecting-sql-injection-via-waf-logs"},{"name":"detecting-stuxnet-style-attacks","description":"'This skill covers detecting sophisticated cyber-physical attacks that follow the Stuxnet attack pattern of modifying","domain":"cybersecurity","path":"skills/detecting-stuxnet-style-attacks"},{"name":"detecting-supply-chain-attacks-in-ci-cd","description":"'Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned","domain":"cybersecurity","path":"skills/detecting-supply-chain-attacks-in-ci-cd"},{"name":"detecting-suspicious-oauth-application-consent","description":"Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit","domain":"cybersecurity","path":"skills/detecting-suspicious-oauth-application-consent"},{"name":"detecting-suspicious-powershell-execution","description":"Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,","domain":"cybersecurity","path":"skills/detecting-suspicious-powershell-execution"},{"name":"detecting-t1003-credential-dumping-with-edr","description":"Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials","domain":"cybersecurity","path":"skills/detecting-t1003-credential-dumping-with-edr"},{"name":"detecting-t1055-process-injection-with-sysmon","description":"Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection","domain":"cybersecurity","path":"skills/detecting-t1055-process-injection-with-sysmon"},{"name":"detecting-t1548-abuse-elevation-control-mechanism","description":"Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation","domain":"cybersecurity","path":"skills/detecting-t1548-abuse-elevation-control-mechanism"},{"name":"detecting-typosquatting-packages-in-npm-pypi","description":"'Detects typosquatting attacks in npm and PyPI package registries by analyzing package name similarity using","domain":"cybersecurity","path":"skills/detecting-typosquatting-packages-in-npm-pypi"},{"name":"detecting-wmi-persistence","description":"Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,","domain":"cybersecurity","path":"skills/detecting-wmi-persistence"},{"name":"eradicating-malware-from-infected-systems","description":"Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring","domain":"cybersecurity","path":"skills/eradicating-malware-from-infected-systems"},{"name":"evaluating-threat-intelligence-platforms","description":"'Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including","domain":"cybersecurity","path":"skills/evaluating-threat-intelligence-platforms"},{"name":"executing-active-directory-attack-simulation","description":"'Executes authorized attack simulations against Active Directory environments to identify misconfigurations,","domain":"cybersecurity","path":"skills/executing-active-directory-attack-simulation"},{"name":"executing-phishing-simulation-campaign","description":"'Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based","domain":"cybersecurity","path":"skills/executing-phishing-simulation-campaign"},{"name":"executing-red-team-engagement-planning","description":"Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),","domain":"cybersecurity","path":"skills/executing-red-team-engagement-planning"},{"name":"executing-red-team-exercise","description":"'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s","domain":"cybersecurity","path":"skills/executing-red-team-exercise"},{"name":"exploiting-active-directory-certificate-services-esc1","description":"Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates","domain":"cybersecurity","path":"skills/exploiting-active-directory-certificate-services-esc1"},{"name":"exploiting-active-directory-with-bloodhound","description":"BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and","domain":"cybersecurity","path":"skills/exploiting-active-directory-with-bloodhound"},{"name":"exploiting-api-injection-vulnerabilities","description":"'Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP","domain":"cybersecurity","path":"skills/exploiting-api-injection-vulnerabilities"},{"name":"exploiting-bgp-hijacking-vulnerabilities","description":"'Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,","domain":"cybersecurity","path":"skills/exploiting-bgp-hijacking-vulnerabilities"},{"name":"exploiting-broken-function-level-authorization","description":"'Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative","domain":"cybersecurity","path":"skills/exploiting-broken-function-level-authorization"},{"name":"exploiting-broken-link-hijacking","description":"Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned","domain":"cybersecurity","path":"skills/exploiting-broken-link-hijacking"},{"name":"exploiting-constrained-delegation-abuse","description":"Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users","domain":"cybersecurity","path":"skills/exploiting-constrained-delegation-abuse"},{"name":"exploiting-deeplink-vulnerabilities","description":"'Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications","domain":"cybersecurity","path":"skills/exploiting-deeplink-vulnerabilities"},{"name":"exploiting-excessive-data-exposure-in-api","description":"'Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying","domain":"cybersecurity","path":"skills/exploiting-excessive-data-exposure-in-api"},{"name":"exploiting-http-request-smuggling","description":"Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding","domain":"cybersecurity","path":"skills/exploiting-http-request-smuggling"},{"name":"exploiting-idor-vulnerabilities","description":"Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources","domain":"cybersecurity","path":"skills/exploiting-idor-vulnerabilities"},{"name":"exploiting-insecure-data-storage-in-mobile","description":"'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including","domain":"cybersecurity","path":"skills/exploiting-insecure-data-storage-in-mobile"},{"name":"exploiting-insecure-deserialization","description":"Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications","domain":"cybersecurity","path":"skills/exploiting-insecure-deserialization"},{"name":"exploiting-ipv6-vulnerabilities","description":"'Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,","domain":"cybersecurity","path":"skills/exploiting-ipv6-vulnerabilities"},{"name":"exploiting-jwt-algorithm-confusion-attack","description":"'Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the","domain":"cybersecurity","path":"skills/exploiting-jwt-algorithm-confusion-attack"},{"name":"exploiting-kerberoasting-with-impacket","description":"Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active","domain":"cybersecurity","path":"skills/exploiting-kerberoasting-with-impacket"},{"name":"exploiting-mass-assignment-in-rest-apis","description":"Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,","domain":"cybersecurity","path":"skills/exploiting-mass-assignment-in-rest-apis"},{"name":"exploiting-ms17-010-eternalblue-vulnerability","description":"MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code","domain":"cybersecurity","path":"skills/exploiting-ms17-010-eternalblue-vulnerability"},{"name":"exploiting-nopac-cve-2021-42278-42287","description":"Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)","domain":"cybersecurity","path":"skills/exploiting-nopac-cve-2021-42278-42287"},{"name":"exploiting-nosql-injection-vulnerabilities","description":"Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate","domain":"cybersecurity","path":"skills/exploiting-nosql-injection-vulnerabilities"},{"name":"exploiting-oauth-misconfiguration","description":"Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation,","domain":"cybersecurity","path":"skills/exploiting-oauth-misconfiguration"},{"name":"exploiting-prototype-pollution-in-javascript","description":"Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications","domain":"cybersecurity","path":"skills/exploiting-prototype-pollution-in-javascript"},{"name":"exploiting-race-condition-vulnerabilities","description":"Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack","domain":"cybersecurity","path":"skills/exploiting-race-condition-vulnerabilities"},{"name":"exploiting-server-side-request-forgery","description":"Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network","domain":"cybersecurity","path":"skills/exploiting-server-side-request-forgery"},{"name":"exploiting-smb-vulnerabilities-with-metasploit","description":"'Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration","domain":"cybersecurity","path":"skills/exploiting-smb-vulnerabilities-with-metasploit"},{"name":"exploiting-sql-injection-vulnerabilities","description":"'Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests","domain":"cybersecurity","path":"skills/exploiting-sql-injection-vulnerabilities"},{"name":"exploiting-sql-injection-with-sqlmap","description":"Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized","domain":"cybersecurity","path":"skills/exploiting-sql-injection-with-sqlmap"},{"name":"exploiting-template-injection-vulnerabilities","description":"Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker,","domain":"cybersecurity","path":"skills/exploiting-template-injection-vulnerabilities"},{"name":"exploiting-type-juggling-vulnerabilities","description":"Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent","domain":"cybersecurity","path":"skills/exploiting-type-juggling-vulnerabilities"},{"name":"exploiting-vulnerabilities-with-metasploit-framework","description":"The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.","domain":"cybersecurity","path":"skills/exploiting-vulnerabilities-with-metasploit-framework"},{"name":"exploiting-websocket-vulnerabilities","description":"Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure","domain":"cybersecurity","path":"skills/exploiting-websocket-vulnerabilities"},{"name":"exploiting-zerologon-vulnerability-cve-2020-1472","description":"Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller","domain":"cybersecurity","path":"skills/exploiting-zerologon-vulnerability-cve-2020-1472"},{"name":"extracting-browser-history-artifacts","description":"Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge","domain":"cybersecurity","path":"skills/extracting-browser-history-artifacts"},{"name":"extracting-config-from-agent-tesla-rat","description":"Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,","domain":"cybersecurity","path":"skills/extracting-config-from-agent-tesla-rat"},{"name":"extracting-credentials-from-memory-dump","description":"Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using","domain":"cybersecurity","path":"skills/extracting-credentials-from-memory-dump"},{"name":"extracting-iocs-from-malware-samples","description":"'Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs,","domain":"cybersecurity","path":"skills/extracting-iocs-from-malware-samples"},{"name":"extracting-memory-artifacts-with-rekall","description":"'Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD","domain":"cybersecurity","path":"skills/extracting-memory-artifacts-with-rekall"},{"name":"extracting-windows-event-logs-artifacts","description":"Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral","domain":"cybersecurity","path":"skills/extracting-windows-event-logs-artifacts"},{"name":"generating-threat-intelligence-reports","description":"'Generates structured cyber threat intelligence reports at strategic, operational, and tactical levels tailored","domain":"cybersecurity","path":"skills/generating-threat-intelligence-reports"},{"name":"hardening-docker-containers-for-production","description":"Hardening Docker containers for production involves applying security best practices aligned with CIS Docker","domain":"cybersecurity","path":"skills/hardening-docker-containers-for-production"},{"name":"hardening-docker-daemon-configuration","description":"Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless","domain":"cybersecurity","path":"skills/hardening-docker-daemon-configuration"},{"name":"hardening-linux-endpoint-with-cis-benchmark","description":"'Hardens Linux endpoints using CIS Benchmark recommendations for Ubuntu, RHEL, and CentOS to reduce attack surface,","domain":"cybersecurity","path":"skills/hardening-linux-endpoint-with-cis-benchmark"},{"name":"hardening-windows-endpoint-with-cis-benchmark","description":"'Hardens Windows endpoints using CIS (Center for Internet Security) Benchmark recommendations to reduce attack","domain":"cybersecurity","path":"skills/hardening-windows-endpoint-with-cis-benchmark"},{"name":"hunting-advanced-persistent-threats","description":"'Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven","domain":"cybersecurity","path":"skills/hunting-advanced-persistent-threats"},{"name":"hunting-credential-stuffing-attacks","description":"'Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity,","domain":"cybersecurity","path":"skills/hunting-credential-stuffing-attacks"},{"name":"hunting-for-anomalous-powershell-execution","description":"'Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event","domain":"cybersecurity","path":"skills/hunting-for-anomalous-powershell-execution"},{"name":"hunting-for-beaconing-with-frequency-analysis","description":"Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis,","domain":"cybersecurity","path":"skills/hunting-for-beaconing-with-frequency-analysis"},{"name":"hunting-for-cobalt-strike-beacons","description":"Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM","domain":"cybersecurity","path":"skills/hunting-for-cobalt-strike-beacons"},{"name":"hunting-for-command-and-control-beaconing","description":"Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation","domain":"cybersecurity","path":"skills/hunting-for-command-and-control-beaconing"},{"name":"hunting-for-data-exfiltration-indicators","description":"Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud","domain":"cybersecurity","path":"skills/hunting-for-data-exfiltration-indicators"},{"name":"hunting-for-data-staging-before-exfiltration","description":"Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp","domain":"cybersecurity","path":"skills/hunting-for-data-staging-before-exfiltration"},{"name":"hunting-for-dcom-lateral-movement","description":"'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows","domain":"cybersecurity","path":"skills/hunting-for-dcom-lateral-movement"},{"name":"hunting-for-dcsync-attacks","description":"Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests","domain":"cybersecurity","path":"skills/hunting-for-dcsync-attacks"},{"name":"hunting-for-defense-evasion-via-timestomping","description":"'Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps","domain":"cybersecurity","path":"skills/hunting-for-defense-evasion-via-timestomping"},{"name":"hunting-for-dns-based-persistence","description":"Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse,","domain":"cybersecurity","path":"skills/hunting-for-dns-based-persistence"},{"name":"hunting-for-dns-tunneling-with-zeek","description":"Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive","domain":"cybersecurity","path":"skills/hunting-for-dns-tunneling-with-zeek"},{"name":"hunting-for-domain-fronting-c2-traffic","description":"Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate","domain":"cybersecurity","path":"skills/hunting-for-domain-fronting-c2-traffic"},{"name":"hunting-for-lateral-movement-via-wmi","description":"Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for","domain":"cybersecurity","path":"skills/hunting-for-lateral-movement-via-wmi"},{"name":"hunting-for-living-off-the-cloud-techniques","description":"Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-cloud-techniques"},{"name":"hunting-for-living-off-the-land-binaries","description":"Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-land-binaries"},{"name":"hunting-for-lolbins-execution-in-endpoint-logs","description":"Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs","domain":"cybersecurity","path":"skills/hunting-for-lolbins-execution-in-endpoint-logs"},{"name":"hunting-for-ntlm-relay-attacks","description":"Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying","domain":"cybersecurity","path":"skills/hunting-for-ntlm-relay-attacks"},{"name":"hunting-for-persistence-mechanisms-in-windows","description":"Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,","domain":"cybersecurity","path":"skills/hunting-for-persistence-mechanisms-in-windows"},{"name":"hunting-for-persistence-via-wmi-subscriptions","description":"Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI","domain":"cybersecurity","path":"skills/hunting-for-persistence-via-wmi-subscriptions"},{"name":"hunting-for-process-injection-techniques","description":"Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection","domain":"cybersecurity","path":"skills/hunting-for-process-injection-techniques"},{"name":"hunting-for-registry-persistence-mechanisms","description":"Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and","domain":"cybersecurity","path":"skills/hunting-for-registry-persistence-mechanisms"},{"name":"hunting-for-registry-run-key-persistence","description":"Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry","domain":"cybersecurity","path":"skills/hunting-for-registry-run-key-persistence"},{"name":"hunting-for-scheduled-task-persistence","description":"Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task","domain":"cybersecurity","path":"skills/hunting-for-scheduled-task-persistence"},{"name":"hunting-for-shadow-copy-deletion","description":"Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring","domain":"cybersecurity","path":"skills/hunting-for-shadow-copy-deletion"},{"name":"hunting-for-spearphishing-indicators","description":"Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect","domain":"cybersecurity","path":"skills/hunting-for-spearphishing-indicators"},{"name":"hunting-for-startup-folder-persistence","description":"Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation,","domain":"cybersecurity","path":"skills/hunting-for-startup-folder-persistence"},{"name":"hunting-for-supply-chain-compromise","description":"Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,","domain":"cybersecurity","path":"skills/hunting-for-supply-chain-compromise"},{"name":"hunting-for-suspicious-scheduled-tasks","description":"Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious","domain":"cybersecurity","path":"skills/hunting-for-suspicious-scheduled-tasks"},{"name":"hunting-for-t1098-account-manipulation","description":"Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group","domain":"cybersecurity","path":"skills/hunting-for-t1098-account-manipulation"},{"name":"hunting-for-unusual-network-connections","description":"Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard","domain":"cybersecurity","path":"skills/hunting-for-unusual-network-connections"},{"name":"hunting-for-unusual-service-installations","description":"Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event","domain":"cybersecurity","path":"skills/hunting-for-unusual-service-installations"},{"name":"hunting-for-webshell-activity","description":"Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious","domain":"cybersecurity","path":"skills/hunting-for-webshell-activity"},{"name":"implementing-aes-encryption-for-data-at-rest","description":"AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect","domain":"cybersecurity","path":"skills/implementing-aes-encryption-for-data-at-rest"},{"name":"implementing-alert-fatigue-reduction","description":"'Implements strategies to reduce SOC alert fatigue by tuning detection rules, consolidating duplicate alerts,","domain":"cybersecurity","path":"skills/implementing-alert-fatigue-reduction"},{"name":"implementing-anti-phishing-training-program","description":"Security awareness training is the human layer of phishing defense. An effective anti-phishing training program","domain":"cybersecurity","path":"skills/implementing-anti-phishing-training-program"},{"name":"implementing-anti-ransomware-group-policy","description":"'Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements","domain":"cybersecurity","path":"skills/implementing-anti-ransomware-group-policy"},{"name":"implementing-api-abuse-detection-with-rate-limiting","description":"Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent","domain":"cybersecurity","path":"skills/implementing-api-abuse-detection-with-rate-limiting"},{"name":"implementing-api-gateway-security-controls","description":"'Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request","domain":"cybersecurity","path":"skills/implementing-api-gateway-security-controls"},{"name":"implementing-api-key-security-controls","description":"'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication","domain":"cybersecurity","path":"skills/implementing-api-key-security-controls"},{"name":"implementing-api-rate-limiting-and-throttling","description":"'Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms","domain":"cybersecurity","path":"skills/implementing-api-rate-limiting-and-throttling"},{"name":"implementing-api-schema-validation-security","description":"Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts","domain":"cybersecurity","path":"skills/implementing-api-schema-validation-security"},{"name":"implementing-api-security-posture-management","description":"Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while","domain":"cybersecurity","path":"skills/implementing-api-security-posture-management"},{"name":"implementing-api-security-testing-with-42crunch","description":"Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic","domain":"cybersecurity","path":"skills/implementing-api-security-testing-with-42crunch"},{"name":"implementing-api-threat-protection-with-apigee","description":"Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,","domain":"cybersecurity","path":"skills/implementing-api-threat-protection-with-apigee"},{"name":"implementing-application-whitelisting-with-applocker","description":"'Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints,","domain":"cybersecurity","path":"skills/implementing-application-whitelisting-with-applocker"},{"name":"implementing-aqua-security-for-container-scanning","description":"Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues","domain":"cybersecurity","path":"skills/implementing-aqua-security-for-container-scanning"},{"name":"implementing-attack-path-analysis-with-xm-cyber","description":"Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize","domain":"cybersecurity","path":"skills/implementing-attack-path-analysis-with-xm-cyber"},{"name":"implementing-attack-surface-management","description":"'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder,","domain":"cybersecurity","path":"skills/implementing-attack-surface-management"},{"name":"implementing-aws-config-rules-for-compliance","description":"'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom","domain":"cybersecurity","path":"skills/implementing-aws-config-rules-for-compliance"},{"name":"implementing-aws-iam-permission-boundaries","description":"Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege","domain":"cybersecurity","path":"skills/implementing-aws-iam-permission-boundaries"},{"name":"implementing-aws-macie-for-data-classification","description":"Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine","domain":"cybersecurity","path":"skills/implementing-aws-macie-for-data-classification"},{"name":"implementing-aws-nitro-enclave-security","description":"'Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy","domain":"cybersecurity","path":"skills/implementing-aws-nitro-enclave-security"},{"name":"implementing-aws-security-hub","description":"'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that","domain":"cybersecurity","path":"skills/implementing-aws-security-hub"},{"name":"implementing-aws-security-hub-compliance","description":"'Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards","domain":"cybersecurity","path":"skills/implementing-aws-security-hub-compliance"},{"name":"implementing-azure-ad-privileged-identity-management","description":"Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows,","domain":"cybersecurity","path":"skills/implementing-azure-ad-privileged-identity-management"},{"name":"implementing-azure-defender-for-cloud","description":"'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across","domain":"cybersecurity","path":"skills/implementing-azure-defender-for-cloud"},{"name":"implementing-beyondcorp-zero-trust-access-model","description":"'Implementing Google''s BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter,","domain":"cybersecurity","path":"skills/implementing-beyondcorp-zero-trust-access-model"},{"name":"implementing-bgp-security-with-rpki","description":"Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and","domain":"cybersecurity","path":"skills/implementing-bgp-security-with-rpki"},{"name":"implementing-browser-isolation-for-zero-trust","description":"'Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation","domain":"cybersecurity","path":"skills/implementing-browser-isolation-for-zero-trust"},{"name":"implementing-canary-tokens-for-network-intrusion","description":"'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access","domain":"cybersecurity","path":"skills/implementing-canary-tokens-for-network-intrusion"},{"name":"implementing-cisa-zero-trust-maturity-model","description":"Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications,","domain":"cybersecurity","path":"skills/implementing-cisa-zero-trust-maturity-model"},{"name":"implementing-cloud-dlp-for-data-protection","description":"'Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud","domain":"cybersecurity","path":"skills/implementing-cloud-dlp-for-data-protection"},{"name":"implementing-cloud-security-posture-management","description":"'Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,","domain":"cybersecurity","path":"skills/implementing-cloud-security-posture-management"},{"name":"implementing-cloud-trail-log-analysis","description":"'Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation","domain":"cybersecurity","path":"skills/implementing-cloud-trail-log-analysis"},{"name":"implementing-cloud-vulnerability-posture-management","description":"Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source","domain":"cybersecurity","path":"skills/implementing-cloud-vulnerability-posture-management"},{"name":"implementing-cloud-waf-rules","description":"'This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare","domain":"cybersecurity","path":"skills/implementing-cloud-waf-rules"},{"name":"implementing-cloud-workload-protection","description":"'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process","domain":"cybersecurity","path":"skills/implementing-cloud-workload-protection"},{"name":"implementing-code-signing-for-artifacts","description":"'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout","domain":"cybersecurity","path":"skills/implementing-code-signing-for-artifacts"},{"name":"implementing-conditional-access-policies-azure-ad","description":"Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based","domain":"cybersecurity","path":"skills/implementing-conditional-access-policies-azure-ad"},{"name":"implementing-conduit-security-for-ot-remote-access","description":"'Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying","domain":"cybersecurity","path":"skills/implementing-conduit-security-for-ot-remote-access"},{"name":"implementing-container-image-minimal-base-with-distroless","description":"Reduce container attack surface by building application images on Google distroless base images that contain","domain":"cybersecurity","path":"skills/implementing-container-image-minimal-base-with-distroless"},{"name":"implementing-container-network-policies-with-calico","description":"Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control","domain":"cybersecurity","path":"skills/implementing-container-network-policies-with-calico"},{"name":"implementing-continuous-security-validation-with-bas","description":"Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating","domain":"cybersecurity","path":"skills/implementing-continuous-security-validation-with-bas"},{"name":"implementing-data-loss-prevention-with-microsoft-purview","description":"'Implements data loss prevention policies using Microsoft Purview to protect sensitive information across Exchange","domain":"cybersecurity","path":"skills/implementing-data-loss-prevention-with-microsoft-purview"},{"name":"implementing-ddos-mitigation-with-cloudflare","description":"Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin","domain":"cybersecurity","path":"skills/implementing-ddos-mitigation-with-cloudflare"},{"name":"implementing-deception-based-detection-with-canarytoken","description":"Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug","domain":"cybersecurity","path":"skills/implementing-deception-based-detection-with-canarytoken"},{"name":"implementing-delinea-secret-server-for-pam","description":"'Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration,","domain":"cybersecurity","path":"skills/implementing-delinea-secret-server-for-pam"},{"name":"implementing-device-posture-assessment-in-zero-trust","description":"'Implementing device posture assessment as a zero trust access control by integrating endpoint health signals","domain":"cybersecurity","path":"skills/implementing-device-posture-assessment-in-zero-trust"},{"name":"implementing-devsecops-security-scanning","description":"'Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software","domain":"cybersecurity","path":"skills/implementing-devsecops-security-scanning"},{"name":"implementing-diamond-model-analysis","description":"The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining","domain":"cybersecurity","path":"skills/implementing-diamond-model-analysis"},{"name":"implementing-digital-signatures-with-ed25519","description":"Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit","domain":"cybersecurity","path":"skills/implementing-digital-signatures-with-ed25519"},{"name":"implementing-disk-encryption-with-bitlocker","description":"'Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from","domain":"cybersecurity","path":"skills/implementing-disk-encryption-with-bitlocker"},{"name":"implementing-dmarc-dkim-spf-email-security","description":"SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate","domain":"cybersecurity","path":"skills/implementing-dmarc-dkim-spf-email-security"},{"name":"implementing-dragos-platform-for-ot-monitoring","description":"'Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol","domain":"cybersecurity","path":"skills/implementing-dragos-platform-for-ot-monitoring"},{"name":"implementing-ebpf-security-monitoring","description":"'Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network","domain":"cybersecurity","path":"skills/implementing-ebpf-security-monitoring"},{"name":"implementing-email-sandboxing-with-proofpoint","description":"Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware","domain":"cybersecurity","path":"skills/implementing-email-sandboxing-with-proofpoint"},{"name":"implementing-end-to-end-encryption-for-messaging","description":"End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary","domain":"cybersecurity","path":"skills/implementing-end-to-end-encryption-for-messaging"},{"name":"implementing-endpoint-detection-with-wazuh","description":"Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule","domain":"cybersecurity","path":"skills/implementing-endpoint-detection-with-wazuh"},{"name":"implementing-endpoint-dlp-controls","description":"'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through","domain":"cybersecurity","path":"skills/implementing-endpoint-dlp-controls"},{"name":"implementing-envelope-encryption-with-aws-kms","description":"Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself","domain":"cybersecurity","path":"skills/implementing-envelope-encryption-with-aws-kms"},{"name":"implementing-epss-score-for-vulnerability-prioritization","description":"Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based","domain":"cybersecurity","path":"skills/implementing-epss-score-for-vulnerability-prioritization"},{"name":"implementing-file-integrity-monitoring-with-aide","description":"Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation,","domain":"cybersecurity","path":"skills/implementing-file-integrity-monitoring-with-aide"},{"name":"implementing-fuzz-testing-in-cicd-with-aflplusplus","description":"Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,","domain":"cybersecurity","path":"skills/implementing-fuzz-testing-in-cicd-with-aflplusplus"},{"name":"implementing-gcp-binary-authorization","description":"Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested","domain":"cybersecurity","path":"skills/implementing-gcp-binary-authorization"},{"name":"implementing-gcp-organization-policy-constraints","description":"Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,","domain":"cybersecurity","path":"skills/implementing-gcp-organization-policy-constraints"},{"name":"implementing-gcp-vpc-firewall-rules","description":"'Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress","domain":"cybersecurity","path":"skills/implementing-gcp-vpc-firewall-rules"},{"name":"implementing-gdpr-data-protection-controls","description":"The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing","domain":"cybersecurity","path":"skills/implementing-gdpr-data-protection-controls"},{"name":"implementing-gdpr-data-subject-access-request","description":"'Automates GDPR Data Subject Access Request (DSAR) workflows including identity verification, PII discovery across","domain":"cybersecurity","path":"skills/implementing-gdpr-data-subject-access-request"},{"name":"implementing-github-advanced-security-for-code-scanning","description":"Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection","domain":"cybersecurity","path":"skills/implementing-github-advanced-security-for-code-scanning"},{"name":"implementing-google-workspace-admin-security","description":"'Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant","domain":"cybersecurity","path":"skills/implementing-google-workspace-admin-security"},{"name":"implementing-google-workspace-phishing-protection","description":"Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning,","domain":"cybersecurity","path":"skills/implementing-google-workspace-phishing-protection"},{"name":"implementing-google-workspace-sso-configuration","description":"Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized","domain":"cybersecurity","path":"skills/implementing-google-workspace-sso-configuration"},{"name":"implementing-hardware-security-key-authentication","description":"'Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication","domain":"cybersecurity","path":"skills/implementing-hardware-security-key-authentication"},{"name":"implementing-hashicorp-vault-dynamic-secrets","description":"'Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates","domain":"cybersecurity","path":"skills/implementing-hashicorp-vault-dynamic-secrets"},{"name":"implementing-honeypot-for-ransomware-detection","description":"'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible","domain":"cybersecurity","path":"skills/implementing-honeypot-for-ransomware-detection"},{"name":"implementing-honeytokens-for-breach-detection","description":"'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)","domain":"cybersecurity","path":"skills/implementing-honeytokens-for-breach-detection"},{"name":"implementing-ics-firewall-with-tofino","description":"'Deploy and configure Tofino industrial firewalls from Belden/Hirschmann to protect SCADA systems and PLCs using","domain":"cybersecurity","path":"skills/implementing-ics-firewall-with-tofino"},{"name":"implementing-identity-governance-with-sailpoint","description":"Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle","domain":"cybersecurity","path":"skills/implementing-identity-governance-with-sailpoint"},{"name":"implementing-identity-verification-for-zero-trust","description":"Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based","domain":"cybersecurity","path":"skills/implementing-identity-verification-for-zero-trust"},{"name":"implementing-iec-62443-security-zones","description":"'This skill covers designing and implementing security zones and conduits for industrial automation and control","domain":"cybersecurity","path":"skills/implementing-iec-62443-security-zones"},{"name":"implementing-image-provenance-verification-with-cosign","description":"Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations,","domain":"cybersecurity","path":"skills/implementing-image-provenance-verification-with-cosign"},{"name":"implementing-immutable-backup-with-restic","description":"'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant","domain":"cybersecurity","path":"skills/implementing-immutable-backup-with-restic"},{"name":"implementing-infrastructure-as-code-security-scanning","description":"'This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using","domain":"cybersecurity","path":"skills/implementing-infrastructure-as-code-security-scanning"},{"name":"implementing-iso-27001-information-security-management","description":"ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete","domain":"cybersecurity","path":"skills/implementing-iso-27001-information-security-management"},{"name":"implementing-just-in-time-access-provisioning","description":"Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound","domain":"cybersecurity","path":"skills/implementing-just-in-time-access-provisioning"},{"name":"implementing-jwt-signing-and-verification","description":"JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization","domain":"cybersecurity","path":"skills/implementing-jwt-signing-and-verification"},{"name":"implementing-kubernetes-network-policy-with-calico","description":"Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod","domain":"cybersecurity","path":"skills/implementing-kubernetes-network-policy-with-calico"},{"name":"implementing-kubernetes-pod-security-standards","description":"Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted","domain":"cybersecurity","path":"skills/implementing-kubernetes-pod-security-standards"},{"name":"implementing-llm-guardrails-for-security","description":"'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,","domain":"cybersecurity","path":"skills/implementing-llm-guardrails-for-security"},{"name":"implementing-log-forwarding-with-fluentd","description":"Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed","domain":"cybersecurity","path":"skills/implementing-log-forwarding-with-fluentd"},{"name":"implementing-log-integrity-with-blockchain","description":"Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is","domain":"cybersecurity","path":"skills/implementing-log-integrity-with-blockchain"},{"name":"implementing-memory-protection-with-dep-aslr","description":"'Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout","domain":"cybersecurity","path":"skills/implementing-memory-protection-with-dep-aslr"},{"name":"implementing-microsegmentation-with-guardicore","description":"'Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create","domain":"cybersecurity","path":"skills/implementing-microsegmentation-with-guardicore"},{"name":"implementing-mimecast-targeted-attack-protection","description":"Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,","domain":"cybersecurity","path":"skills/implementing-mimecast-targeted-attack-protection"},{"name":"implementing-mitre-attack-coverage-mapping","description":"Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure","domain":"cybersecurity","path":"skills/implementing-mitre-attack-coverage-mapping"},{"name":"implementing-mobile-application-management","description":"'Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged","domain":"cybersecurity","path":"skills/implementing-mobile-application-management"},{"name":"implementing-mtls-for-zero-trust-services","description":"'Configures mutual TLS (mTLS) authentication between microservices using Python cryptography library for certificate","domain":"cybersecurity","path":"skills/implementing-mtls-for-zero-trust-services"},{"name":"implementing-nerc-cip-compliance-controls","description":"'This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection","domain":"cybersecurity","path":"skills/implementing-nerc-cip-compliance-controls"},{"name":"implementing-network-access-control","description":"'Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch","domain":"cybersecurity","path":"skills/implementing-network-access-control"},{"name":"implementing-network-access-control-with-cisco-ise","description":"Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,","domain":"cybersecurity","path":"skills/implementing-network-access-control-with-cisco-ise"},{"name":"implementing-network-deception-with-honeypots","description":"Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral","domain":"cybersecurity","path":"skills/implementing-network-deception-with-honeypots"},{"name":"implementing-network-intrusion-prevention-with-suricata","description":"Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets,","domain":"cybersecurity","path":"skills/implementing-network-intrusion-prevention-with-suricata"},{"name":"implementing-network-policies-for-kubernetes","description":"Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control","domain":"cybersecurity","path":"skills/implementing-network-policies-for-kubernetes"},{"name":"implementing-network-segmentation-for-ot","description":"'This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial","domain":"cybersecurity","path":"skills/implementing-network-segmentation-for-ot"},{"name":"implementing-network-segmentation-with-firewall-zones","description":"Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies","domain":"cybersecurity","path":"skills/implementing-network-segmentation-with-firewall-zones"},{"name":"implementing-network-traffic-analysis-with-arkime","description":"Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API","domain":"cybersecurity","path":"skills/implementing-network-traffic-analysis-with-arkime"},{"name":"implementing-network-traffic-baselining","description":"Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score","domain":"cybersecurity","path":"skills/implementing-network-traffic-baselining"},{"name":"implementing-next-generation-firewall-with-palo-alto","description":"Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies,","domain":"cybersecurity","path":"skills/implementing-next-generation-firewall-with-palo-alto"},{"name":"implementing-opa-gatekeeper-for-policy-enforcement","description":"Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper","domain":"cybersecurity","path":"skills/implementing-opa-gatekeeper-for-policy-enforcement"},{"name":"implementing-ot-incident-response-playbook","description":"'Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,","domain":"cybersecurity","path":"skills/implementing-ot-incident-response-playbook"},{"name":"implementing-ot-network-traffic-analysis-with-nozomi","description":"'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset","domain":"cybersecurity","path":"skills/implementing-ot-network-traffic-analysis-with-nozomi"},{"name":"implementing-pam-for-database-access","description":"Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.","domain":"cybersecurity","path":"skills/implementing-pam-for-database-access"},{"name":"implementing-passwordless-auth-with-microsoft-entra","description":"'Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for","domain":"cybersecurity","path":"skills/implementing-passwordless-auth-with-microsoft-entra"},{"name":"implementing-passwordless-authentication-with-fido2","description":"Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn","domain":"cybersecurity","path":"skills/implementing-passwordless-authentication-with-fido2"},{"name":"implementing-patch-management-for-ot-systems","description":"'This skill covers implementing a structured patch management program for OT/ICS environments where traditional","domain":"cybersecurity","path":"skills/implementing-patch-management-for-ot-systems"},{"name":"implementing-patch-management-workflow","description":"Patch management is the systematic process of identifying, testing, deploying, and verifying software updates","domain":"cybersecurity","path":"skills/implementing-patch-management-workflow"},{"name":"implementing-pci-dss-compliance-controls","description":"PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements","domain":"cybersecurity","path":"skills/implementing-pci-dss-compliance-controls"},{"name":"implementing-pod-security-admission-controller","description":"Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace","domain":"cybersecurity","path":"skills/implementing-pod-security-admission-controller"},{"name":"implementing-policy-as-code-with-open-policy-agent","description":"'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes","domain":"cybersecurity","path":"skills/implementing-policy-as-code-with-open-policy-agent"},{"name":"implementing-privileged-access-management-with-cyberark","description":"Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across","domain":"cybersecurity","path":"skills/implementing-privileged-access-management-with-cyberark"},{"name":"implementing-privileged-access-workstation","description":"Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration","domain":"cybersecurity","path":"skills/implementing-privileged-access-workstation"},{"name":"implementing-privileged-session-monitoring","description":"'Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing","domain":"cybersecurity","path":"skills/implementing-privileged-session-monitoring"},{"name":"implementing-proofpoint-email-security-gateway","description":"Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,","domain":"cybersecurity","path":"skills/implementing-proofpoint-email-security-gateway"},{"name":"implementing-purdue-model-network-segmentation","description":"'Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate","domain":"cybersecurity","path":"skills/implementing-purdue-model-network-segmentation"},{"name":"implementing-ransomware-backup-strategy","description":"'Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,","domain":"cybersecurity","path":"skills/implementing-ransomware-backup-strategy"},{"name":"implementing-ransomware-kill-switch-detection","description":"'Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based","domain":"cybersecurity","path":"skills/implementing-ransomware-kill-switch-detection"},{"name":"implementing-rapid7-insightvm-for-scanning","description":"Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated","domain":"cybersecurity","path":"skills/implementing-rapid7-insightvm-for-scanning"},{"name":"implementing-rbac-hardening-for-kubernetes","description":"Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,","domain":"cybersecurity","path":"skills/implementing-rbac-hardening-for-kubernetes"},{"name":"implementing-rsa-key-pair-management","description":"RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital","domain":"cybersecurity","path":"skills/implementing-rsa-key-pair-management"},{"name":"implementing-runtime-application-self-protection","description":"Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application","domain":"cybersecurity","path":"skills/implementing-runtime-application-self-protection"},{"name":"implementing-runtime-security-with-tetragon","description":"Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon","domain":"cybersecurity","path":"skills/implementing-runtime-security-with-tetragon"},{"name":"implementing-saml-sso-with-okta","description":"Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end","domain":"cybersecurity","path":"skills/implementing-saml-sso-with-okta"},{"name":"implementing-scim-provisioning-with-okta","description":"Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.","domain":"cybersecurity","path":"skills/implementing-scim-provisioning-with-okta"},{"name":"implementing-secret-scanning-with-gitleaks","description":"'This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories.","domain":"cybersecurity","path":"skills/implementing-secret-scanning-with-gitleaks"},{"name":"implementing-secrets-management-with-vault","description":"'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including","domain":"cybersecurity","path":"skills/implementing-secrets-management-with-vault"},{"name":"implementing-secrets-scanning-in-ci-cd","description":"Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment","domain":"cybersecurity","path":"skills/implementing-secrets-scanning-in-ci-cd"},{"name":"implementing-security-chaos-engineering","description":"'Implements security chaos engineering experiments that deliberately disable or degrade security controls to","domain":"cybersecurity","path":"skills/implementing-security-chaos-engineering"},{"name":"implementing-security-information-sharing-with-stix2","description":"'Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,","domain":"cybersecurity","path":"skills/implementing-security-information-sharing-with-stix2"},{"name":"implementing-security-monitoring-with-datadog","description":"'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection","domain":"cybersecurity","path":"skills/implementing-security-monitoring-with-datadog"},{"name":"implementing-semgrep-for-custom-sast-rules","description":"Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards,","domain":"cybersecurity","path":"skills/implementing-semgrep-for-custom-sast-rules"},{"name":"implementing-siem-correlation-rules-for-apt","description":"Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events,","domain":"cybersecurity","path":"skills/implementing-siem-correlation-rules-for-apt"},{"name":"implementing-siem-use-case-tuning","description":"Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting","domain":"cybersecurity","path":"skills/implementing-siem-use-case-tuning"},{"name":"implementing-siem-use-cases-for-detection","description":"'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics","domain":"cybersecurity","path":"skills/implementing-siem-use-cases-for-detection"},{"name":"implementing-sigstore-for-software-signing","description":"'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency","domain":"cybersecurity","path":"skills/implementing-sigstore-for-software-signing"},{"name":"implementing-soar-automation-with-phantom","description":"'Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)","domain":"cybersecurity","path":"skills/implementing-soar-automation-with-phantom"},{"name":"implementing-soar-playbook-for-phishing","description":"Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger","domain":"cybersecurity","path":"skills/implementing-soar-playbook-for-phishing"},{"name":"implementing-soar-playbook-with-palo-alto-xsoar","description":"Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC","domain":"cybersecurity","path":"skills/implementing-soar-playbook-with-palo-alto-xsoar"},{"name":"implementing-stix-taxii-feed-integration","description":"STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information)","domain":"cybersecurity","path":"skills/implementing-stix-taxii-feed-integration"},{"name":"implementing-supply-chain-security-with-in-toto","description":"Implement software supply chain integrity verification for container builds using the in-toto framework to create","domain":"cybersecurity","path":"skills/implementing-supply-chain-security-with-in-toto"},{"name":"implementing-syslog-centralization-with-rsyslog","description":"Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates","domain":"cybersecurity","path":"skills/implementing-syslog-centralization-with-rsyslog"},{"name":"implementing-taxii-server-with-opentaxii","description":"Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using","domain":"cybersecurity","path":"skills/implementing-taxii-server-with-opentaxii"},{"name":"implementing-threat-intelligence-lifecycle-management","description":"Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,","domain":"cybersecurity","path":"skills/implementing-threat-intelligence-lifecycle-management"},{"name":"implementing-threat-modeling-with-mitre-attack","description":"'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,","domain":"cybersecurity","path":"skills/implementing-threat-modeling-with-mitre-attack"},{"name":"implementing-ticketing-system-for-incidents","description":"'Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for","domain":"cybersecurity","path":"skills/implementing-ticketing-system-for-incidents"},{"name":"implementing-usb-device-control-policy","description":"'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing","domain":"cybersecurity","path":"skills/implementing-usb-device-control-policy"},{"name":"implementing-velociraptor-for-ir-collection","description":"Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response","domain":"cybersecurity","path":"skills/implementing-velociraptor-for-ir-collection"},{"name":"implementing-vulnerability-management-with-greenbone","description":"Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,","domain":"cybersecurity","path":"skills/implementing-vulnerability-management-with-greenbone"},{"name":"implementing-vulnerability-remediation-sla","description":"Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities","domain":"cybersecurity","path":"skills/implementing-vulnerability-remediation-sla"},{"name":"implementing-vulnerability-sla-breach-alerting","description":"Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation","domain":"cybersecurity","path":"skills/implementing-vulnerability-sla-breach-alerting"},{"name":"implementing-web-application-logging-with-modsecurity","description":"'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false","domain":"cybersecurity","path":"skills/implementing-web-application-logging-with-modsecurity"},{"name":"implementing-zero-knowledge-proof-for-authentication","description":"Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private","domain":"cybersecurity","path":"skills/implementing-zero-knowledge-proof-for-authentication"},{"name":"implementing-zero-standing-privilege-with-cyberark","description":"Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using","domain":"cybersecurity","path":"skills/implementing-zero-standing-privilege-with-cyberark"},{"name":"implementing-zero-trust-dns-with-nextdns","description":"Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,","domain":"cybersecurity","path":"skills/implementing-zero-trust-dns-with-nextdns"},{"name":"implementing-zero-trust-for-saas-applications","description":"'Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies,","domain":"cybersecurity","path":"skills/implementing-zero-trust-for-saas-applications"},{"name":"implementing-zero-trust-in-cloud","description":"'This skill guides organizations through implementing zero trust architecture in cloud environments following","domain":"cybersecurity","path":"skills/implementing-zero-trust-in-cloud"},{"name":"implementing-zero-trust-network-access","description":"'Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access"},{"name":"implementing-zero-trust-network-access-with-zscaler","description":"Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based,","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access-with-zscaler"},{"name":"implementing-zero-trust-with-beyondcorp","description":"Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-beyondcorp"},{"name":"implementing-zero-trust-with-hashicorp-boundary","description":"Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-hashicorp-boundary"},{"name":"integrating-dast-with-owasp-zap-in-pipeline","description":"'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD","domain":"cybersecurity","path":"skills/integrating-dast-with-owasp-zap-in-pipeline"},{"name":"integrating-sast-into-github-actions-pipeline","description":"'This skill covers integrating Static Application Security Testing (SAST) tools\u2014CodeQL and Semgrep\u2014into GitHub","domain":"cybersecurity","path":"skills/integrating-sast-into-github-actions-pipeline"},{"name":"intercepting-mobile-traffic-with-burpsuite","description":"'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure","domain":"cybersecurity","path":"skills/intercepting-mobile-traffic-with-burpsuite"},{"name":"investigating-insider-threat-indicators","description":"'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy","domain":"cybersecurity","path":"skills/investigating-insider-threat-indicators"},{"name":"investigating-phishing-email-incident","description":"'Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,","domain":"cybersecurity","path":"skills/investigating-phishing-email-incident"},{"name":"investigating-ransomware-attack-artifacts","description":"Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption","domain":"cybersecurity","path":"skills/investigating-ransomware-attack-artifacts"},{"name":"managing-cloud-identity-with-okta","description":"'This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO","domain":"cybersecurity","path":"skills/managing-cloud-identity-with-okta"},{"name":"managing-intelligence-lifecycle","description":"'Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing,","domain":"cybersecurity","path":"skills/managing-intelligence-lifecycle"},{"name":"mapping-mitre-attack-techniques","description":"'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques","domain":"cybersecurity","path":"skills/mapping-mitre-attack-techniques"},{"name":"monitoring-darkweb-sources","description":"'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational","domain":"cybersecurity","path":"skills/monitoring-darkweb-sources"},{"name":"monitoring-scada-modbus-traffic-anomalies","description":"'Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous function code usage, unauthorized","domain":"cybersecurity","path":"skills/monitoring-scada-modbus-traffic-anomalies"},{"name":"performing-access-recertification-with-saviynt","description":"Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user","domain":"cybersecurity","path":"skills/performing-access-recertification-with-saviynt"},{"name":"performing-access-review-and-certification","description":"Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with","domain":"cybersecurity","path":"skills/performing-access-review-and-certification"},{"name":"performing-active-directory-bloodhound-analysis","description":"Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised","domain":"cybersecurity","path":"skills/performing-active-directory-bloodhound-analysis"},{"name":"performing-active-directory-compromise-investigation","description":"Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy","domain":"cybersecurity","path":"skills/performing-active-directory-compromise-investigation"},{"name":"performing-active-directory-forest-trust-attack","description":"Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust","domain":"cybersecurity","path":"skills/performing-active-directory-forest-trust-attack"},{"name":"performing-active-directory-penetration-test","description":"Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,","domain":"cybersecurity","path":"skills/performing-active-directory-penetration-test"},{"name":"performing-active-directory-vulnerability-assessment","description":"Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,","domain":"cybersecurity","path":"skills/performing-active-directory-vulnerability-assessment"},{"name":"performing-adversary-in-the-middle-phishing-detection","description":"Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,","domain":"cybersecurity","path":"skills/performing-adversary-in-the-middle-phishing-detection"},{"name":"performing-agentless-vulnerability-scanning","description":"Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and","domain":"cybersecurity","path":"skills/performing-agentless-vulnerability-scanning"},{"name":"performing-ai-driven-osint-correlation","description":"Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources\u2014username enumeration, email","domain":"cybersecurity","path":"skills/performing-ai-driven-osint-correlation"},{"name":"performing-alert-triage-with-elastic-siem","description":"Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security","domain":"cybersecurity","path":"skills/performing-alert-triage-with-elastic-siem"},{"name":"performing-android-app-static-analysis-with-mobsf","description":"'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify","domain":"cybersecurity","path":"skills/performing-android-app-static-analysis-with-mobsf"},{"name":"performing-api-fuzzing-with-restler","description":"'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences","domain":"cybersecurity","path":"skills/performing-api-fuzzing-with-restler"},{"name":"performing-api-inventory-and-discovery","description":"'Performs API inventory and discovery to identify all API endpoints in an organization''s environment including","domain":"cybersecurity","path":"skills/performing-api-inventory-and-discovery"},{"name":"performing-api-rate-limiting-bypass","description":"'Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses,","domain":"cybersecurity","path":"skills/performing-api-rate-limiting-bypass"},{"name":"performing-api-security-testing-with-postman","description":"'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security","domain":"cybersecurity","path":"skills/performing-api-security-testing-with-postman"},{"name":"performing-arp-spoofing-attack-simulation","description":"'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy","domain":"cybersecurity","path":"skills/performing-arp-spoofing-attack-simulation"},{"name":"performing-asset-criticality-scoring-for-vulns","description":"Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based","domain":"cybersecurity","path":"skills/performing-asset-criticality-scoring-for-vulns"},{"name":"performing-authenticated-scan-with-openvas","description":"Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with","domain":"cybersecurity","path":"skills/performing-authenticated-scan-with-openvas"},{"name":"performing-authenticated-vulnerability-scan","description":"Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and","domain":"cybersecurity","path":"skills/performing-authenticated-vulnerability-scan"},{"name":"performing-automated-malware-analysis-with-cape","description":"Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,","domain":"cybersecurity","path":"skills/performing-automated-malware-analysis-with-cape"},{"name":"performing-aws-account-enumeration-with-scout-suite","description":"Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify","domain":"cybersecurity","path":"skills/performing-aws-account-enumeration-with-scout-suite"},{"name":"performing-aws-privilege-escalation-assessment","description":"'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations","domain":"cybersecurity","path":"skills/performing-aws-privilege-escalation-assessment"},{"name":"performing-bandwidth-throttling-attack-simulation","description":"'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments","domain":"cybersecurity","path":"skills/performing-bandwidth-throttling-attack-simulation"},{"name":"performing-binary-exploitation-analysis","description":"'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.","domain":"cybersecurity","path":"skills/performing-binary-exploitation-analysis"},{"name":"performing-blind-ssrf-exploitation","description":"Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,","domain":"cybersecurity","path":"skills/performing-blind-ssrf-exploitation"},{"name":"performing-bluetooth-security-assessment","description":"Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities","domain":"cybersecurity","path":"skills/performing-bluetooth-security-assessment"},{"name":"performing-brand-monitoring-for-impersonation","description":"Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect","domain":"cybersecurity","path":"skills/performing-brand-monitoring-for-impersonation"},{"name":"performing-clickjacking-attack-test","description":"Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting","domain":"cybersecurity","path":"skills/performing-clickjacking-attack-test"},{"name":"performing-cloud-asset-inventory-with-cartography","description":"Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security","domain":"cybersecurity","path":"skills/performing-cloud-asset-inventory-with-cartography"},{"name":"performing-cloud-forensics-investigation","description":"Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata","domain":"cybersecurity","path":"skills/performing-cloud-forensics-investigation"},{"name":"performing-cloud-forensics-with-aws-cloudtrail","description":"Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify","domain":"cybersecurity","path":"skills/performing-cloud-forensics-with-aws-cloudtrail"},{"name":"performing-cloud-incident-containment-procedures","description":"Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking","domain":"cybersecurity","path":"skills/performing-cloud-incident-containment-procedures"},{"name":"performing-cloud-log-forensics-with-athena","description":"'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation.","domain":"cybersecurity","path":"skills/performing-cloud-log-forensics-with-athena"},{"name":"performing-cloud-native-forensics-with-falco","description":"'Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell","domain":"cybersecurity","path":"skills/performing-cloud-native-forensics-with-falco"},{"name":"performing-cloud-native-threat-hunting-with-aws-detective","description":"Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty","domain":"cybersecurity","path":"skills/performing-cloud-native-threat-hunting-with-aws-detective"},{"name":"performing-cloud-penetration-testing-with-pacu","description":"'Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate","domain":"cybersecurity","path":"skills/performing-cloud-penetration-testing-with-pacu"},{"name":"performing-cloud-storage-forensic-acquisition","description":"Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,","domain":"cybersecurity","path":"skills/performing-cloud-storage-forensic-acquisition"},{"name":"performing-container-escape-detection","description":"'Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous","domain":"cybersecurity","path":"skills/performing-container-escape-detection"},{"name":"performing-container-image-hardening","description":"'This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing","domain":"cybersecurity","path":"skills/performing-container-image-hardening"},{"name":"performing-container-security-scanning-with-trivy","description":"Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed","domain":"cybersecurity","path":"skills/performing-container-security-scanning-with-trivy"},{"name":"performing-content-security-policy-bypass","description":"Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,","domain":"cybersecurity","path":"skills/performing-content-security-policy-bypass"},{"name":"performing-credential-access-with-lazagne","description":"Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords","domain":"cybersecurity","path":"skills/performing-credential-access-with-lazagne"},{"name":"performing-cryptographic-audit-of-application","description":"A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and","domain":"cybersecurity","path":"skills/performing-cryptographic-audit-of-application"},{"name":"performing-csrf-attack-simulation","description":"Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit","domain":"cybersecurity","path":"skills/performing-csrf-attack-simulation"},{"name":"performing-cve-prioritization-with-kev-catalog","description":"Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation","domain":"cybersecurity","path":"skills/performing-cve-prioritization-with-kev-catalog"},{"name":"performing-dark-web-monitoring-for-threats","description":"Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and","domain":"cybersecurity","path":"skills/performing-dark-web-monitoring-for-threats"},{"name":"performing-deception-technology-deployment","description":"'Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have","domain":"cybersecurity","path":"skills/performing-deception-technology-deployment"},{"name":"performing-directory-traversal-testing","description":"Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on","domain":"cybersecurity","path":"skills/performing-directory-traversal-testing"},{"name":"performing-disk-forensics-investigation","description":"'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and","domain":"cybersecurity","path":"skills/performing-disk-forensics-investigation"},{"name":"performing-dmarc-policy-enforcement-rollout","description":"Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring","domain":"cybersecurity","path":"skills/performing-dmarc-policy-enforcement-rollout"},{"name":"performing-dns-enumeration-and-zone-transfer","description":"'Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during","domain":"cybersecurity","path":"skills/performing-dns-enumeration-and-zone-transfer"},{"name":"performing-dns-tunneling-detection","description":"'Detects DNS tunneling by computing Shannon entropy of DNS query names, analyzing query length distributions,","domain":"cybersecurity","path":"skills/performing-dns-tunneling-detection"},{"name":"performing-docker-bench-security-assessment","description":"Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying","domain":"cybersecurity","path":"skills/performing-docker-bench-security-assessment"},{"name":"performing-dynamic-analysis-of-android-app","description":"'Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-of-android-app"},{"name":"performing-dynamic-analysis-with-any-run","description":"'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-with-any-run"},{"name":"performing-endpoint-forensics-investigation","description":"'Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,","domain":"cybersecurity","path":"skills/performing-endpoint-forensics-investigation"},{"name":"performing-endpoint-vulnerability-remediation","description":"'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,","domain":"cybersecurity","path":"skills/performing-endpoint-vulnerability-remediation"},{"name":"performing-entitlement-review-with-sailpoint-iiq","description":"'Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager","domain":"cybersecurity","path":"skills/performing-entitlement-review-with-sailpoint-iiq"},{"name":"performing-external-network-penetration-test","description":"Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure","domain":"cybersecurity","path":"skills/performing-external-network-penetration-test"},{"name":"performing-false-positive-reduction-in-siem","description":"Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,","domain":"cybersecurity","path":"skills/performing-false-positive-reduction-in-siem"},{"name":"performing-file-carving-with-foremost","description":"Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract","domain":"cybersecurity","path":"skills/performing-file-carving-with-foremost"},{"name":"performing-firmware-extraction-with-binwalk","description":"'Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives,","domain":"cybersecurity","path":"skills/performing-firmware-extraction-with-binwalk"},{"name":"performing-firmware-malware-analysis","description":"'Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,","domain":"cybersecurity","path":"skills/performing-firmware-malware-analysis"},{"name":"performing-fuzzing-with-aflplusplus","description":"'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover","domain":"cybersecurity","path":"skills/performing-fuzzing-with-aflplusplus"},{"name":"performing-gcp-penetration-testing-with-gcpbucketbrute","description":"Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation","domain":"cybersecurity","path":"skills/performing-gcp-penetration-testing-with-gcpbucketbrute"},{"name":"performing-gcp-security-assessment-with-forseti","description":"'Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,","domain":"cybersecurity","path":"skills/performing-gcp-security-assessment-with-forseti"},{"name":"performing-graphql-depth-limit-attack","description":"Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service","domain":"cybersecurity","path":"skills/performing-graphql-depth-limit-attack"},{"name":"performing-graphql-introspection-attack","description":"'Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,","domain":"cybersecurity","path":"skills/performing-graphql-introspection-attack"},{"name":"performing-graphql-security-assessment","description":"Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service","domain":"cybersecurity","path":"skills/performing-graphql-security-assessment"},{"name":"performing-hardware-security-module-integration","description":"Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing","domain":"cybersecurity","path":"skills/performing-hardware-security-module-integration"},{"name":"performing-hash-cracking-with-hashcat","description":"Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.","domain":"cybersecurity","path":"skills/performing-hash-cracking-with-hashcat"},{"name":"performing-http-parameter-pollution-attack","description":"Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting","domain":"cybersecurity","path":"skills/performing-http-parameter-pollution-attack"},{"name":"performing-ics-asset-discovery-with-claroty","description":"'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty","domain":"cybersecurity","path":"skills/performing-ics-asset-discovery-with-claroty"},{"name":"performing-indicator-lifecycle-management","description":"Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,","domain":"cybersecurity","path":"skills/performing-indicator-lifecycle-management"},{"name":"performing-initial-access-with-evilginx3","description":"Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session","domain":"cybersecurity","path":"skills/performing-initial-access-with-evilginx3"},{"name":"performing-insider-threat-investigation","description":"'Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized","domain":"cybersecurity","path":"skills/performing-insider-threat-investigation"},{"name":"performing-ioc-enrichment-automation","description":"'Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,","domain":"cybersecurity","path":"skills/performing-ioc-enrichment-automation"},{"name":"performing-ios-app-security-assessment","description":"'Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection","domain":"cybersecurity","path":"skills/performing-ios-app-security-assessment"},{"name":"performing-iot-security-assessment","description":"'Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,","domain":"cybersecurity","path":"skills/performing-iot-security-assessment"},{"name":"performing-ip-reputation-analysis-with-shodan","description":"Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities,","domain":"cybersecurity","path":"skills/performing-ip-reputation-analysis-with-shodan"},{"name":"performing-jwt-none-algorithm-attack","description":"Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header","domain":"cybersecurity","path":"skills/performing-jwt-none-algorithm-attack"},{"name":"performing-kerberoasting-attack","description":"Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting","domain":"cybersecurity","path":"skills/performing-kerberoasting-attack"},{"name":"performing-kubernetes-cis-benchmark-with-kube-bench","description":"Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control","domain":"cybersecurity","path":"skills/performing-kubernetes-cis-benchmark-with-kube-bench"},{"name":"performing-kubernetes-etcd-security-assessment","description":"Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,","domain":"cybersecurity","path":"skills/performing-kubernetes-etcd-security-assessment"},{"name":"performing-kubernetes-penetration-testing","description":"Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against","domain":"cybersecurity","path":"skills/performing-kubernetes-penetration-testing"},{"name":"performing-lateral-movement-detection","description":"'Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based","domain":"cybersecurity","path":"skills/performing-lateral-movement-detection"},{"name":"performing-lateral-movement-with-wmiexec","description":"Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket","domain":"cybersecurity","path":"skills/performing-lateral-movement-with-wmiexec"},{"name":"performing-linux-log-forensics-investigation","description":"Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and","domain":"cybersecurity","path":"skills/performing-linux-log-forensics-investigation"},{"name":"performing-log-analysis-for-forensic-investigation","description":"Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines","domain":"cybersecurity","path":"skills/performing-log-analysis-for-forensic-investigation"},{"name":"performing-log-source-onboarding-in-siem","description":"Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,","domain":"cybersecurity","path":"skills/performing-log-source-onboarding-in-siem"},{"name":"performing-malware-hash-enrichment-with-virustotal","description":"Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,","domain":"cybersecurity","path":"skills/performing-malware-hash-enrichment-with-virustotal"},{"name":"performing-malware-ioc-extraction","description":"Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise","domain":"cybersecurity","path":"skills/performing-malware-ioc-extraction"},{"name":"performing-malware-persistence-investigation","description":"Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives","domain":"cybersecurity","path":"skills/performing-malware-persistence-investigation"},{"name":"performing-malware-triage-with-yara","description":"'Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,","domain":"cybersecurity","path":"skills/performing-malware-triage-with-yara"},{"name":"performing-memory-forensics-with-volatility3","description":"Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules,","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3"},{"name":"performing-memory-forensics-with-volatility3-plugins","description":"Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3-plugins"},{"name":"performing-mobile-app-certificate-pinning-bypass","description":"'Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception","domain":"cybersecurity","path":"skills/performing-mobile-app-certificate-pinning-bypass"},{"name":"performing-mobile-device-forensics-with-cellebrite","description":"Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,","domain":"cybersecurity","path":"skills/performing-mobile-device-forensics-with-cellebrite"},{"name":"performing-network-forensics-with-wireshark","description":"Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,","domain":"cybersecurity","path":"skills/performing-network-forensics-with-wireshark"},{"name":"performing-network-packet-capture-analysis","description":"Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct","domain":"cybersecurity","path":"skills/performing-network-packet-capture-analysis"},{"name":"performing-network-traffic-analysis-with-tshark","description":"Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection,","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-tshark"},{"name":"performing-network-traffic-analysis-with-zeek","description":"Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-zeek"},{"name":"performing-nist-csf-maturity-assessment","description":">-","domain":"cybersecurity","path":"skills/performing-nist-csf-maturity-assessment"},{"name":"performing-oauth-scope-minimization-review","description":"'Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,","domain":"cybersecurity","path":"skills/performing-oauth-scope-minimization-review"},{"name":"performing-oil-gas-cybersecurity-assessment","description":"'This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream","domain":"cybersecurity","path":"skills/performing-oil-gas-cybersecurity-assessment"},{"name":"performing-open-source-intelligence-gathering","description":"Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators","domain":"cybersecurity","path":"skills/performing-open-source-intelligence-gathering"},{"name":"performing-osint-with-spiderfoot","description":"Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance,","domain":"cybersecurity","path":"skills/performing-osint-with-spiderfoot"},{"name":"performing-ot-network-security-assessment","description":"'This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including","domain":"cybersecurity","path":"skills/performing-ot-network-security-assessment"},{"name":"performing-ot-vulnerability-assessment-with-claroty","description":"'This skill covers performing vulnerability assessments in OT environments using the Claroty xDome platform for","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-assessment-with-claroty"},{"name":"performing-ot-vulnerability-scanning-safely","description":"'Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-scanning-safely"},{"name":"performing-packet-injection-attack","description":"'Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments","domain":"cybersecurity","path":"skills/performing-packet-injection-attack"},{"name":"performing-paste-site-monitoring-for-credentials","description":"Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps","domain":"cybersecurity","path":"skills/performing-paste-site-monitoring-for-credentials"},{"name":"performing-phishing-simulation-with-gophish","description":"GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing","domain":"cybersecurity","path":"skills/performing-phishing-simulation-with-gophish"},{"name":"performing-physical-intrusion-assessment","description":"Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device","domain":"cybersecurity","path":"skills/performing-physical-intrusion-assessment"},{"name":"performing-plc-firmware-security-analysis","description":"'This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including","domain":"cybersecurity","path":"skills/performing-plc-firmware-security-analysis"},{"name":"performing-post-quantum-cryptography-migration","description":"'Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards.","domain":"cybersecurity","path":"skills/performing-post-quantum-cryptography-migration"},{"name":"performing-power-grid-cybersecurity-assessment","description":"'This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation","domain":"cybersecurity","path":"skills/performing-power-grid-cybersecurity-assessment"},{"name":"performing-privacy-impact-assessment","description":"'Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices,","domain":"cybersecurity","path":"skills/performing-privacy-impact-assessment"},{"name":"performing-privilege-escalation-assessment","description":"'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege","domain":"cybersecurity","path":"skills/performing-privilege-escalation-assessment"},{"name":"performing-privilege-escalation-on-linux","description":"Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised","domain":"cybersecurity","path":"skills/performing-privilege-escalation-on-linux"},{"name":"performing-privileged-account-access-review","description":"Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions,","domain":"cybersecurity","path":"skills/performing-privileged-account-access-review"},{"name":"performing-privileged-account-discovery","description":"Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local","domain":"cybersecurity","path":"skills/performing-privileged-account-discovery"},{"name":"performing-purple-team-atomic-testing","description":"'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the","domain":"cybersecurity","path":"skills/performing-purple-team-atomic-testing"},{"name":"performing-purple-team-exercise","description":"'Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation","domain":"cybersecurity","path":"skills/performing-purple-team-exercise"},{"name":"performing-ransomware-response","description":"'Executes a structured ransomware incident response from initial detection through containment, forensic analysis,","domain":"cybersecurity","path":"skills/performing-ransomware-response"},{"name":"performing-ransomware-tabletop-exercise","description":"'Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,","domain":"cybersecurity","path":"skills/performing-ransomware-tabletop-exercise"},{"name":"performing-red-team-phishing-with-gophish","description":"Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with","domain":"cybersecurity","path":"skills/performing-red-team-phishing-with-gophish"},{"name":"performing-red-team-with-covenant","description":"Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener","domain":"cybersecurity","path":"skills/performing-red-team-with-covenant"},{"name":"performing-s7comm-protocol-security-analysis","description":"'Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities","domain":"cybersecurity","path":"skills/performing-s7comm-protocol-security-analysis"},{"name":"performing-sca-dependency-scanning-with-snyk","description":"'This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source","domain":"cybersecurity","path":"skills/performing-sca-dependency-scanning-with-snyk"},{"name":"performing-scada-hmi-security-assessment","description":"'Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based","domain":"cybersecurity","path":"skills/performing-scada-hmi-security-assessment"},{"name":"performing-second-order-sql-injection","description":"Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and","domain":"cybersecurity","path":"skills/performing-second-order-sql-injection"},{"name":"performing-security-headers-audit","description":"Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing","domain":"cybersecurity","path":"skills/performing-security-headers-audit"},{"name":"performing-serverless-function-security-review","description":"'Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions","domain":"cybersecurity","path":"skills/performing-serverless-function-security-review"},{"name":"performing-service-account-audit","description":"Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant","domain":"cybersecurity","path":"skills/performing-service-account-audit"},{"name":"performing-service-account-credential-rotation","description":"Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases","domain":"cybersecurity","path":"skills/performing-service-account-credential-rotation"},{"name":"performing-soap-web-service-security-testing","description":"Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,","domain":"cybersecurity","path":"skills/performing-soap-web-service-security-testing"},{"name":"performing-soc-tabletop-exercise","description":"'Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to","domain":"cybersecurity","path":"skills/performing-soc-tabletop-exercise"},{"name":"performing-soc2-type2-audit-preparation","description":"'Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9),","domain":"cybersecurity","path":"skills/performing-soc2-type2-audit-preparation"},{"name":"performing-sqlite-database-forensics","description":"Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode","domain":"cybersecurity","path":"skills/performing-sqlite-database-forensics"},{"name":"performing-ssl-certificate-lifecycle-management","description":"SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,","domain":"cybersecurity","path":"skills/performing-ssl-certificate-lifecycle-management"},{"name":"performing-ssl-stripping-attack","description":"'Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test","domain":"cybersecurity","path":"skills/performing-ssl-stripping-attack"},{"name":"performing-ssl-tls-inspection-configuration","description":"Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for","domain":"cybersecurity","path":"skills/performing-ssl-tls-inspection-configuration"},{"name":"performing-ssl-tls-security-assessment","description":"Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains,","domain":"cybersecurity","path":"skills/performing-ssl-tls-security-assessment"},{"name":"performing-ssrf-vulnerability-exploitation","description":"Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,","domain":"cybersecurity","path":"skills/performing-ssrf-vulnerability-exploitation"},{"name":"performing-static-malware-analysis-with-pe-studio","description":"'Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file","domain":"cybersecurity","path":"skills/performing-static-malware-analysis-with-pe-studio"},{"name":"performing-steganography-detection","description":"Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover","domain":"cybersecurity","path":"skills/performing-steganography-detection"},{"name":"performing-subdomain-enumeration-with-subfinder","description":"Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map","domain":"cybersecurity","path":"skills/performing-subdomain-enumeration-with-subfinder"},{"name":"performing-supply-chain-attack-simulation","description":"Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance,","domain":"cybersecurity","path":"skills/performing-supply-chain-attack-simulation"},{"name":"performing-thick-client-application-penetration-test","description":"Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,","domain":"cybersecurity","path":"skills/performing-thick-client-application-penetration-test"},{"name":"performing-threat-emulation-with-atomic-red-team","description":"'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.","domain":"cybersecurity","path":"skills/performing-threat-emulation-with-atomic-red-team"},{"name":"performing-threat-hunting-with-elastic-siem","description":"'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-elastic-siem"},{"name":"performing-threat-hunting-with-yara-rules","description":"'Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-yara-rules"},{"name":"performing-threat-intelligence-sharing-with-misp","description":"Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management,","domain":"cybersecurity","path":"skills/performing-threat-intelligence-sharing-with-misp"},{"name":"performing-threat-landscape-assessment-for-sector","description":"Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack","domain":"cybersecurity","path":"skills/performing-threat-landscape-assessment-for-sector"},{"name":"performing-threat-modeling-with-owasp-threat-dragon","description":"Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,","domain":"cybersecurity","path":"skills/performing-threat-modeling-with-owasp-threat-dragon"},{"name":"performing-timeline-reconstruction-with-plaso","description":"Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,","domain":"cybersecurity","path":"skills/performing-timeline-reconstruction-with-plaso"},{"name":"performing-user-behavior-analytics","description":"'Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible","domain":"cybersecurity","path":"skills/performing-user-behavior-analytics"},{"name":"performing-vlan-hopping-attack","description":"'Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments","domain":"cybersecurity","path":"skills/performing-vlan-hopping-attack"},{"name":"performing-vulnerability-scanning-with-nessus","description":"'Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,","domain":"cybersecurity","path":"skills/performing-vulnerability-scanning-with-nessus"},{"name":"performing-web-application-firewall-bypass","description":"Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,","domain":"cybersecurity","path":"skills/performing-web-application-firewall-bypass"},{"name":"performing-web-application-penetration-test","description":"'Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)","domain":"cybersecurity","path":"skills/performing-web-application-penetration-test"},{"name":"performing-web-application-scanning-with-nikto","description":"Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous","domain":"cybersecurity","path":"skills/performing-web-application-scanning-with-nikto"},{"name":"performing-web-application-vulnerability-triage","description":"Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to","domain":"cybersecurity","path":"skills/performing-web-application-vulnerability-triage"},{"name":"performing-web-cache-deception-attack","description":"Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers","domain":"cybersecurity","path":"skills/performing-web-cache-deception-attack"},{"name":"performing-web-cache-poisoning-attack","description":"Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through","domain":"cybersecurity","path":"skills/performing-web-cache-poisoning-attack"},{"name":"performing-wifi-password-cracking-with-aircrack","description":"'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary","domain":"cybersecurity","path":"skills/performing-wifi-password-cracking-with-aircrack"},{"name":"performing-windows-artifact-analysis-with-eric-zimmerman-tools","description":"Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including","domain":"cybersecurity","path":"skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools"},{"name":"performing-wireless-network-penetration-test","description":"Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3","domain":"cybersecurity","path":"skills/performing-wireless-network-penetration-test"},{"name":"performing-wireless-security-assessment-with-kismet","description":"Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak","domain":"cybersecurity","path":"skills/performing-wireless-security-assessment-with-kismet"},{"name":"performing-yara-rule-development-for-detection","description":"Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral","domain":"cybersecurity","path":"skills/performing-yara-rule-development-for-detection"},{"name":"prioritizing-vulnerabilities-with-cvss-scoring","description":"The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum","domain":"cybersecurity","path":"skills/prioritizing-vulnerabilities-with-cvss-scoring"},{"name":"processing-stix-taxii-feeds","description":"'Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native","domain":"cybersecurity","path":"skills/processing-stix-taxii-feeds"},{"name":"profiling-threat-actor-groups","description":"'Develops comprehensive threat actor profiles for APT groups, criminal organizations, and hacktivist collectives","domain":"cybersecurity","path":"skills/profiling-threat-actor-groups"},{"name":"recovering-deleted-files-with-photorec","description":"Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine","domain":"cybersecurity","path":"skills/recovering-deleted-files-with-photorec"},{"name":"recovering-from-ransomware-attack","description":"'Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment","domain":"cybersecurity","path":"skills/recovering-from-ransomware-attack"},{"name":"remediating-s3-bucket-misconfiguration","description":"'This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations","domain":"cybersecurity","path":"skills/remediating-s3-bucket-misconfiguration"},{"name":"reverse-engineering-android-malware-with-jadx","description":"'Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify","domain":"cybersecurity","path":"skills/reverse-engineering-android-malware-with-jadx"},{"name":"reverse-engineering-dotnet-malware-with-dnspy","description":"'Reverse engineers .NET malware using dnSpy decompiler and debugger to analyze C#/VB.NET source code, identify","domain":"cybersecurity","path":"skills/reverse-engineering-dotnet-malware-with-dnspy"},{"name":"reverse-engineering-ios-app-with-frida","description":"'Reverse engineers iOS applications using Frida dynamic instrumentation to understand internal logic, extract","domain":"cybersecurity","path":"skills/reverse-engineering-ios-app-with-frida"},{"name":"reverse-engineering-malware-with-ghidra","description":"'Reverse engineers malware binaries using NSA''s Ghidra disassembler and decompiler to understand internal logic,","domain":"cybersecurity","path":"skills/reverse-engineering-malware-with-ghidra"},{"name":"reverse-engineering-ransomware-encryption-routine","description":"Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and","domain":"cybersecurity","path":"skills/reverse-engineering-ransomware-encryption-routine"},{"name":"reverse-engineering-rust-malware","description":"Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated","domain":"cybersecurity","path":"skills/reverse-engineering-rust-malware"},{"name":"scanning-container-images-with-grype","description":"Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable","domain":"cybersecurity","path":"skills/scanning-container-images-with-grype"},{"name":"scanning-containers-with-trivy-in-cicd","description":"'This skill covers integrating Aqua Security''s Trivy scanner into CI/CD pipelines for comprehensive container","domain":"cybersecurity","path":"skills/scanning-containers-with-trivy-in-cicd"},{"name":"scanning-docker-images-with-trivy","description":"Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS","domain":"cybersecurity","path":"skills/scanning-docker-images-with-trivy"},{"name":"scanning-infrastructure-with-nessus","description":"Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network","domain":"cybersecurity","path":"skills/scanning-infrastructure-with-nessus"},{"name":"scanning-kubernetes-manifests-with-kubesec","description":"Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,","domain":"cybersecurity","path":"skills/scanning-kubernetes-manifests-with-kubesec"},{"name":"scanning-network-with-nmap-advanced","description":"'Performs advanced network reconnaissance using Nmap''s scripting engine, timing controls, evasion techniques,","domain":"cybersecurity","path":"skills/scanning-network-with-nmap-advanced"},{"name":"securing-api-gateway-with-aws-waf","description":"'Securing API Gateway endpoints with AWS WAF by configuring managed rule groups for OWASP Top 10 protection,","domain":"cybersecurity","path":"skills/securing-api-gateway-with-aws-waf"},{"name":"securing-aws-iam-permissions","description":"'This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce","domain":"cybersecurity","path":"skills/securing-aws-iam-permissions"},{"name":"securing-aws-lambda-execution-roles","description":"'Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries,","domain":"cybersecurity","path":"skills/securing-aws-lambda-execution-roles"},{"name":"securing-azure-with-microsoft-defender","description":"'This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application","domain":"cybersecurity","path":"skills/securing-azure-with-microsoft-defender"},{"name":"securing-container-registry-images","description":"'Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image","domain":"cybersecurity","path":"skills/securing-container-registry-images"},{"name":"securing-container-registry-with-harbor","description":"Harbor is an open-source container registry that provides security features including vulnerability scanning","domain":"cybersecurity","path":"skills/securing-container-registry-with-harbor"},{"name":"securing-github-actions-workflows","description":"'This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege","domain":"cybersecurity","path":"skills/securing-github-actions-workflows"},{"name":"securing-helm-chart-deployments","description":"Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing","domain":"cybersecurity","path":"skills/securing-helm-chart-deployments"},{"name":"securing-historian-server-in-ot-environment","description":"'This skill covers hardening and securing process historian servers (OSIsoft PI, Honeywell PHD, GE Proficy, AVEVA","domain":"cybersecurity","path":"skills/securing-historian-server-in-ot-environment"},{"name":"securing-kubernetes-on-cloud","description":"'This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards,","domain":"cybersecurity","path":"skills/securing-kubernetes-on-cloud"},{"name":"securing-remote-access-to-ot-environment","description":"'This skill covers implementing secure remote access to OT/ICS environments for operators, engineers, and vendors","domain":"cybersecurity","path":"skills/securing-remote-access-to-ot-environment"},{"name":"securing-serverless-functions","description":"'This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions,","domain":"cybersecurity","path":"skills/securing-serverless-functions"},{"name":"testing-android-intents-for-vulnerabilities","description":"'Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,","domain":"cybersecurity","path":"skills/testing-android-intents-for-vulnerabilities"},{"name":"testing-api-authentication-weaknesses","description":"'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication","domain":"cybersecurity","path":"skills/testing-api-authentication-weaknesses"},{"name":"testing-api-for-broken-object-level-authorization","description":"'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated","domain":"cybersecurity","path":"skills/testing-api-for-broken-object-level-authorization"},{"name":"testing-api-for-mass-assignment-vulnerability","description":"'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they","domain":"cybersecurity","path":"skills/testing-api-for-mass-assignment-vulnerability"},{"name":"testing-api-security-with-owasp-top-10","description":"Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated","domain":"cybersecurity","path":"skills/testing-api-security-with-owasp-top-10"},{"name":"testing-cors-misconfiguration","description":"Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain","domain":"cybersecurity","path":"skills/testing-cors-misconfiguration"},{"name":"testing-for-broken-access-control","description":"Systematically testing web applications for broken access control vulnerabilities including privilege escalation,","domain":"cybersecurity","path":"skills/testing-for-broken-access-control"},{"name":"testing-for-business-logic-vulnerabilities","description":"Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege","domain":"cybersecurity","path":"skills/testing-for-business-logic-vulnerabilities"},{"name":"testing-for-email-header-injection","description":"Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject","domain":"cybersecurity","path":"skills/testing-for-email-header-injection"},{"name":"testing-for-host-header-injection","description":"Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web","domain":"cybersecurity","path":"skills/testing-for-host-header-injection"},{"name":"testing-for-json-web-token-vulnerabilities","description":"Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid","domain":"cybersecurity","path":"skills/testing-for-json-web-token-vulnerabilities"},{"name":"testing-for-open-redirect-vulnerabilities","description":"Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,","domain":"cybersecurity","path":"skills/testing-for-open-redirect-vulnerabilities"},{"name":"testing-for-sensitive-data-exposure","description":"Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,","domain":"cybersecurity","path":"skills/testing-for-sensitive-data-exposure"},{"name":"testing-for-xml-injection-vulnerabilities","description":"Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks","domain":"cybersecurity","path":"skills/testing-for-xml-injection-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities","description":"'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities-with-burpsuite","description":"Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities-with-burpsuite"},{"name":"testing-for-xxe-injection-vulnerabilities","description":"Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,","domain":"cybersecurity","path":"skills/testing-for-xxe-injection-vulnerabilities"},{"name":"testing-jwt-token-security","description":"Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization","domain":"cybersecurity","path":"skills/testing-jwt-token-security"},{"name":"testing-mobile-api-authentication","description":"'Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication,","domain":"cybersecurity","path":"skills/testing-mobile-api-authentication"},{"name":"testing-oauth2-implementation-flaws","description":"'Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception,","domain":"cybersecurity","path":"skills/testing-oauth2-implementation-flaws"},{"name":"testing-ransomware-recovery-procedures","description":"Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,","domain":"cybersecurity","path":"skills/testing-ransomware-recovery-procedures"},{"name":"testing-websocket-api-security","description":"'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket","domain":"cybersecurity","path":"skills/testing-websocket-api-security"},{"name":"tracking-threat-actor-infrastructure","description":"Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control","domain":"cybersecurity","path":"skills/tracking-threat-actor-infrastructure"},{"name":"triaging-security-alerts-in-splunk","description":"'Triages security alerts in Splunk Enterprise Security by classifying severity, investigating notable events,","domain":"cybersecurity","path":"skills/triaging-security-alerts-in-splunk"},{"name":"triaging-security-incident","description":"'Performs initial triage of security incidents to determine severity, scope, and required response actions using","domain":"cybersecurity","path":"skills/triaging-security-incident"},{"name":"triaging-security-incident-with-ir-playbook","description":"Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response","domain":"cybersecurity","path":"skills/triaging-security-incident-with-ir-playbook"},{"name":"triaging-vulnerabilities-with-ssvc-framework","description":"Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision","domain":"cybersecurity","path":"skills/triaging-vulnerabilities-with-ssvc-framework"},{"name":"validating-backup-integrity-for-recovery","description":"Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,","domain":"cybersecurity","path":"skills/validating-backup-integrity-for-recovery"}]}
\ No newline at end of file