Anthropic-Cybersecurity-Skills/index.json

{"version":"1.1.0","generated_at":"2026-06-01T10:15:47Z","repository":"https://github.com/mukul975/Anthropic-Cybersecurity-Skills","domain":"cybersecurity","total_skills":754,"skills":[{"name":"acquiring-disk-image-with-dd-and-dcfldd","description":"Create forensically sound bit-for-bit disk images using dd and dcfldd","domain":"cybersecurity","path":"skills/acquiring-disk-image-with-dd-and-dcfldd"},{"name":"analyzing-active-directory-acl-abuse","description":"Detect dangerous ACL misconfigurations in Active Directory using ldap3","domain":"cybersecurity","path":"skills/analyzing-active-directory-acl-abuse"},{"name":"analyzing-android-malware-with-apktool","description":"Perform static analysis of Android APK malware samples using apktool","domain":"cybersecurity","path":"skills/analyzing-android-malware-with-apktool"},{"name":"analyzing-api-gateway-access-logs","description":"'Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect","domain":"cybersecurity","path":"skills/analyzing-api-gateway-access-logs"},{"name":"analyzing-apt-group-with-mitre-navigator","description":"Analyze advanced persistent threat (APT) group techniques using MITRE","domain":"cybersecurity","path":"skills/analyzing-apt-group-with-mitre-navigator"},{"name":"analyzing-azure-activity-logs-for-threats","description":"'Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query","domain":"cybersecurity","path":"skills/analyzing-azure-activity-logs-for-threats"},{"name":"analyzing-bootkit-and-rootkit-samples","description":"'Analyzes bootkit and advanced rootkit malware that infects the Master","domain":"cybersecurity","path":"skills/analyzing-bootkit-and-rootkit-samples"},{"name":"analyzing-browser-forensics-with-hindsight","description":"Analyze Chromium-based browser artifacts using Hindsight to extract browsing","domain":"cybersecurity","path":"skills/analyzing-browser-forensics-with-hindsight"},{"name":"analyzing-campaign-attribution-evidence","description":"Campaign attribution analysis involves systematically evaluating evidence","domain":"cybersecurity","path":"skills/analyzing-campaign-attribution-evidence"},{"name":"analyzing-certificate-transparency-for-phishing","description":"Monitor Certificate Transparency logs using crt.sh and Certstream to","domain":"cybersecurity","path":"skills/analyzing-certificate-transparency-for-phishing"},{"name":"analyzing-cloud-storage-access-patterns","description":"Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage","domain":"cybersecurity","path":"skills/analyzing-cloud-storage-access-patterns"},{"name":"analyzing-cobalt-strike-beacon-configuration","description":"Extract and analyze Cobalt Strike beacon configuration from PE files","domain":"cybersecurity","path":"skills/analyzing-cobalt-strike-beacon-configuration"},{"name":"analyzing-cobaltstrike-malleable-c2-profiles","description":"Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike","domain":"cybersecurity","path":"skills/analyzing-cobaltstrike-malleable-c2-profiles"},{"name":"analyzing-command-and-control-communication","description":"'Analyzes malware command-and-control (C2) communication protocols to","domain":"cybersecurity","path":"skills/analyzing-command-and-control-communication"},{"name":"analyzing-cyber-kill-chain","description":"'Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain","domain":"cybersecurity","path":"skills/analyzing-cyber-kill-chain"},{"name":"analyzing-disk-image-with-autopsy","description":"Perform comprehensive forensic analysis of disk images using Autopsy","domain":"cybersecurity","path":"skills/analyzing-disk-image-with-autopsy"},{"name":"analyzing-dns-logs-for-exfiltration","description":"'Analyzes DNS query logs to detect data exfiltration via DNS tunneling,","domain":"cybersecurity","path":"skills/analyzing-dns-logs-for-exfiltration"},{"name":"analyzing-docker-container-forensics","description":"Investigate compromised Docker containers by analyzing images, layers,","domain":"cybersecurity","path":"skills/analyzing-docker-container-forensics"},{"name":"analyzing-email-headers-for-phishing-investigation","description":"Parse and analyze email headers to trace the origin of phishing emails,","domain":"cybersecurity","path":"skills/analyzing-email-headers-for-phishing-investigation"},{"name":"analyzing-ethereum-smart-contract-vulnerabilities","description":"Perform static and symbolic analysis of Solidity smart contracts using","domain":"cybersecurity","path":"skills/analyzing-ethereum-smart-contract-vulnerabilities"},{"name":"analyzing-golang-malware-with-ghidra","description":"Reverse engineer Go-compiled malware using Ghidra with specialized scripts","domain":"cybersecurity","path":"skills/analyzing-golang-malware-with-ghidra"},{"name":"analyzing-heap-spray-exploitation","description":"Detect and analyze heap spray attacks in memory dumps using Volatility3","domain":"cybersecurity","path":"skills/analyzing-heap-spray-exploitation"},{"name":"analyzing-indicators-of-compromise","description":"'Analyzes indicators of compromise (IOCs) including IP addresses, domains,","domain":"cybersecurity","path":"skills/analyzing-indicators-of-compromise"},{"name":"analyzing-ios-app-security-with-objection","description":">-","domain":"cybersecurity","path":"skills/analyzing-ios-app-security-with-objection"},{"name":"analyzing-kubernetes-audit-logs","description":"'Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod,","domain":"cybersecurity","path":"skills/analyzing-kubernetes-audit-logs"},{"name":"analyzing-linux-audit-logs-for-intrusion","description":"'Uses the Linux Audit framework (auditd) with ausearch and aureport utilities","domain":"cybersecurity","path":"skills/analyzing-linux-audit-logs-for-intrusion"},{"name":"analyzing-linux-elf-malware","description":"'Analyzes malicious Linux ELF (Executable and Linkable Format) binaries","domain":"cybersecurity","path":"skills/analyzing-linux-elf-malware"},{"name":"analyzing-linux-kernel-rootkits","description":"Detect kernel-level rootkits in Linux memory dumps using Volatility3","domain":"cybersecurity","path":"skills/analyzing-linux-kernel-rootkits"},{"name":"analyzing-linux-system-artifacts","description":"Examine Linux system artifacts including auth logs, cron jobs, shell","domain":"cybersecurity","path":"skills/analyzing-linux-system-artifacts"},{"name":"analyzing-lnk-file-and-jump-list-artifacts","description":"Analyze Windows LNK shortcut files and Jump List artifacts to establish","domain":"cybersecurity","path":"skills/analyzing-lnk-file-and-jump-list-artifacts"},{"name":"analyzing-macro-malware-in-office-documents","description":"'Analyzes malicious VBA macros embedded in Microsoft Office documents","domain":"cybersecurity","path":"skills/analyzing-macro-malware-in-office-documents"},{"name":"analyzing-malicious-pdf-with-peepdf","description":"Perform static analysis of malicious PDF documents using peepdf, pdfid,","domain":"cybersecurity","path":"skills/analyzing-malicious-pdf-with-peepdf"},{"name":"analyzing-malicious-url-with-urlscan","description":"URLScan.io is a free service for scanning and analyzing suspicious URLs.","domain":"cybersecurity","path":"skills/analyzing-malicious-url-with-urlscan"},{"name":"analyzing-malware-behavior-with-cuckoo-sandbox","description":"'Executes malware samples in Cuckoo Sandbox to observe runtime behavior","domain":"cybersecurity","path":"skills/analyzing-malware-behavior-with-cuckoo-sandbox"},{"name":"analyzing-malware-family-relationships-with-malpedia","description":"Use the Malpedia platform and API to research malware family relationships,","domain":"cybersecurity","path":"skills/analyzing-malware-family-relationships-with-malpedia"},{"name":"analyzing-malware-persistence-with-autoruns","description":"Use Sysinternals Autoruns to systematically identify and analyze malware","domain":"cybersecurity","path":"skills/analyzing-malware-persistence-with-autoruns"},{"name":"analyzing-malware-sandbox-evasion-techniques","description":"Detect sandbox evasion techniques in malware samples by analyzing timing","domain":"cybersecurity","path":"skills/analyzing-malware-sandbox-evasion-techniques"},{"name":"analyzing-memory-dumps-with-volatility","description":"'Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes,","domain":"cybersecurity","path":"skills/analyzing-memory-dumps-with-volatility"},{"name":"analyzing-memory-forensics-with-lime-and-volatility","description":"'Performs Linux memory acquisition using LiME (Linux Memory Extractor)","domain":"cybersecurity","path":"skills/analyzing-memory-forensics-with-lime-and-volatility"},{"name":"analyzing-mft-for-deleted-file-recovery","description":"Analyze the NTFS Master File Table ($MFT) to recover metadata and content","domain":"cybersecurity","path":"skills/analyzing-mft-for-deleted-file-recovery"},{"name":"analyzing-network-covert-channels-in-malware","description":"Detect and analyze covert communication channels used by malware including","domain":"cybersecurity","path":"skills/analyzing-network-covert-channels-in-malware"},{"name":"analyzing-network-flow-data-with-netflow","description":"Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port","domain":"cybersecurity","path":"skills/analyzing-network-flow-data-with-netflow"},{"name":"analyzing-network-packets-with-scapy","description":"Craft, send, sniff, and dissect network packets using Scapy for protocol","domain":"cybersecurity","path":"skills/analyzing-network-packets-with-scapy"},{"name":"analyzing-network-traffic-for-incidents","description":"'Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including","domain":"cybersecurity","path":"skills/analyzing-network-traffic-for-incidents"},{"name":"analyzing-network-traffic-of-malware","description":"'Analyzes network traffic generated by malware during sandbox execution","domain":"cybersecurity","path":"skills/analyzing-network-traffic-of-malware"},{"name":"analyzing-network-traffic-with-wireshark","description":"'Captures and analyzes network packet data using Wireshark and tshark","domain":"cybersecurity","path":"skills/analyzing-network-traffic-with-wireshark"},{"name":"analyzing-office365-audit-logs-for-compromise","description":"Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect","domain":"cybersecurity","path":"skills/analyzing-office365-audit-logs-for-compromise"},{"name":"analyzing-outlook-pst-for-email-forensics","description":"Analyze Microsoft Outlook PST and OST files for email forensic evidence","domain":"cybersecurity","path":"skills/analyzing-outlook-pst-for-email-forensics"},{"name":"analyzing-packed-malware-with-upx-unpacker","description":"'Identifies and unpacks UPX-packed and other packed malware samples to","domain":"cybersecurity","path":"skills/analyzing-packed-malware-with-upx-unpacker"},{"name":"analyzing-pdf-malware-with-pdfid","description":"'Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to","domain":"cybersecurity","path":"skills/analyzing-pdf-malware-with-pdfid"},{"name":"analyzing-persistence-mechanisms-in-linux","description":"Detect and analyze Linux persistence mechanisms including crontab entries,","domain":"cybersecurity","path":"skills/analyzing-persistence-mechanisms-in-linux"},{"name":"analyzing-powershell-empire-artifacts","description":"Detect PowerShell Empire framework artifacts in Windows event logs by","domain":"cybersecurity","path":"skills/analyzing-powershell-empire-artifacts"},{"name":"analyzing-powershell-script-block-logging","description":"Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX","domain":"cybersecurity","path":"skills/analyzing-powershell-script-block-logging"},{"name":"analyzing-prefetch-files-for-execution-history","description":"Parse Windows Prefetch files to determine program execution history including","domain":"cybersecurity","path":"skills/analyzing-prefetch-files-for-execution-history"},{"name":"analyzing-ransomware-encryption-mechanisms","description":"'Analyzes encryption algorithms, key management, and file encryption","domain":"cybersecurity","path":"skills/analyzing-ransomware-encryption-mechanisms"},{"name":"analyzing-ransomware-leak-site-intelligence","description":"Monitor and analyze ransomware group data leak sites (DLS) to track victim","domain":"cybersecurity","path":"skills/analyzing-ransomware-leak-site-intelligence"},{"name":"analyzing-ransomware-network-indicators","description":"Identify ransomware network indicators including C2 beaconing patterns,","domain":"cybersecurity","path":"skills/analyzing-ransomware-network-indicators"},{"name":"analyzing-ransomware-payment-wallets","description":"'Traces ransomware cryptocurrency payment flows using blockchain analysis","domain":"cybersecurity","path":"skills/analyzing-ransomware-payment-wallets"},{"name":"analyzing-sbom-for-supply-chain-vulnerabilities","description":"'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON","domain":"cybersecurity","path":"skills/analyzing-sbom-for-supply-chain-vulnerabilities"},{"name":"analyzing-security-logs-with-splunk","description":"'Leverages Splunk Enterprise Security and SPL (Search Processing Language)","domain":"cybersecurity","path":"skills/analyzing-security-logs-with-splunk"},{"name":"analyzing-slack-space-and-file-system-artifacts","description":"Examine file system slack space, MFT entries, USN journal, and alternate","domain":"cybersecurity","path":"skills/analyzing-slack-space-and-file-system-artifacts"},{"name":"analyzing-supply-chain-malware-artifacts","description":"Investigate supply chain attack artifacts including trojanized software","domain":"cybersecurity","path":"skills/analyzing-supply-chain-malware-artifacts"},{"name":"analyzing-threat-actor-ttps-with-mitre-attack","description":"MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics,","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-attack"},{"name":"analyzing-threat-actor-ttps-with-mitre-navigator","description":"'Map advanced persistent threat (APT) group tactics, techniques, and","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-navigator"},{"name":"analyzing-threat-intelligence-feeds","description":"'Analyzes structured and unstructured threat intelligence feeds to extract","domain":"cybersecurity","path":"skills/analyzing-threat-intelligence-feeds"},{"name":"analyzing-threat-landscape-with-misp","description":"Analyze the threat landscape using MISP (Malware Information Sharing","domain":"cybersecurity","path":"skills/analyzing-threat-landscape-with-misp"},{"name":"analyzing-tls-certificate-transparency-logs","description":"'Queries Certificate Transparency logs via crt.sh and pycrtsh to detect","domain":"cybersecurity","path":"skills/analyzing-tls-certificate-transparency-logs"},{"name":"analyzing-typosquatting-domains-with-dnstwist","description":"Detect typosquatting, homograph phishing, and brand impersonation domains","domain":"cybersecurity","path":"skills/analyzing-typosquatting-domains-with-dnstwist"},{"name":"analyzing-uefi-bootkit-persistence","description":"'Analyzes UEFI bootkit persistence mechanisms including firmware implants","domain":"cybersecurity","path":"skills/analyzing-uefi-bootkit-persistence"},{"name":"analyzing-usb-device-connection-history","description":"Investigate USB device connection history from Windows registry, event","domain":"cybersecurity","path":"skills/analyzing-usb-device-connection-history"},{"name":"analyzing-web-server-logs-for-intrusion","description":"Parse Apache and Nginx access logs to detect SQL injection attempts,","domain":"cybersecurity","path":"skills/analyzing-web-server-logs-for-intrusion"},{"name":"analyzing-windows-amcache-artifacts","description":"'Parses and analyzes the Windows Amcache.hve registry hive to extract","domain":"cybersecurity","path":"skills/analyzing-windows-amcache-artifacts"},{"name":"analyzing-windows-event-logs-in-splunk","description":"'Analyzes Windows Security, System, and Sysmon event logs in Splunk to","domain":"cybersecurity","path":"skills/analyzing-windows-event-logs-in-splunk"},{"name":"analyzing-windows-lnk-files-for-artifacts","description":"Parse Windows LNK shortcut files to extract target paths, timestamps,","domain":"cybersecurity","path":"skills/analyzing-windows-lnk-files-for-artifacts"},{"name":"analyzing-windows-prefetch-with-python","description":"Parse Windows Prefetch files using the windowsprefetch Python library","domain":"cybersecurity","path":"skills/analyzing-windows-prefetch-with-python"},{"name":"analyzing-windows-registry-for-artifacts","description":"Extract and analyze Windows Registry hives to uncover user activity,","domain":"cybersecurity","path":"skills/analyzing-windows-registry-for-artifacts"},{"name":"analyzing-windows-shellbag-artifacts","description":"Analyze Windows Shellbag registry artifacts to reconstruct folder browsing","domain":"cybersecurity","path":"skills/analyzing-windows-shellbag-artifacts"},{"name":"auditing-aws-s3-bucket-permissions","description":"'Systematically audit AWS S3 bucket permissions to identify publicly","domain":"cybersecurity","path":"skills/auditing-aws-s3-bucket-permissions"},{"name":"auditing-azure-active-directory-configuration","description":"'Auditing Microsoft Entra ID (Azure Active Directory) configuration to","domain":"cybersecurity","path":"skills/auditing-azure-active-directory-configuration"},{"name":"auditing-cloud-with-cis-benchmarks","description":"'This skill details how to conduct cloud security audits using Center","domain":"cybersecurity","path":"skills/auditing-cloud-with-cis-benchmarks"},{"name":"auditing-gcp-iam-permissions","description":"'Auditing Google Cloud Platform IAM permissions to identify overly permissive","domain":"cybersecurity","path":"skills/auditing-gcp-iam-permissions"},{"name":"auditing-kubernetes-cluster-rbac","description":"'Auditing Kubernetes cluster RBAC configurations to identify overly permissive","domain":"cybersecurity","path":"skills/auditing-kubernetes-cluster-rbac"},{"name":"auditing-terraform-infrastructure-for-security","description":"'Auditing Terraform infrastructure-as-code for security misconfigurations","domain":"cybersecurity","path":"skills/auditing-terraform-infrastructure-for-security"},{"name":"auditing-tls-certificate-transparency-logs","description":"'Monitors Certificate Transparency (CT) logs to detect unauthorized certificate","domain":"cybersecurity","path":"skills/auditing-tls-certificate-transparency-logs"},{"name":"automating-ioc-enrichment","description":"'Automates the enrichment of raw indicators of compromise with multi-source","domain":"cybersecurity","path":"skills/automating-ioc-enrichment"},{"name":"building-adversary-infrastructure-tracking-system","description":"Build an automated system to track adversary infrastructure using passive","domain":"cybersecurity","path":"skills/building-adversary-infrastructure-tracking-system"},{"name":"building-attack-pattern-library-from-cti-reports","description":"Extract and catalog attack patterns from cyber threat intelligence reports","domain":"cybersecurity","path":"skills/building-attack-pattern-library-from-cti-reports"},{"name":"building-automated-malware-submission-pipeline","description":"'Builds an automated malware submission and analysis pipeline that collects","domain":"cybersecurity","path":"skills/building-automated-malware-submission-pipeline"},{"name":"building-c2-infrastructure-with-sliver-framework","description":"Build and configure a resilient command-and-control infrastructure using","domain":"cybersecurity","path":"skills/building-c2-infrastructure-with-sliver-framework"},{"name":"building-cloud-siem-with-sentinel","description":"'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM","domain":"cybersecurity","path":"skills/building-cloud-siem-with-sentinel"},{"name":"building-detection-rule-with-splunk-spl","description":"Build effective detection rules using Splunk Search Processing Language","domain":"cybersecurity","path":"skills/building-detection-rule-with-splunk-spl"},{"name":"building-detection-rules-with-sigma","description":"'Builds vendor-agnostic detection rules using the Sigma rule format for","domain":"cybersecurity","path":"skills/building-detection-rules-with-sigma"},{"name":"building-devsecops-pipeline-with-gitlab-ci","description":"Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD","domain":"cybersecurity","path":"skills/building-devsecops-pipeline-with-gitlab-ci"},{"name":"building-identity-federation-with-saml-azure-ad","description":"Establish SAML 2.0 identity federation between on-premises Active Directory","domain":"cybersecurity","path":"skills/building-identity-federation-with-saml-azure-ad"},{"name":"building-identity-governance-lifecycle-process","description":"'Builds comprehensive identity governance and lifecycle management processes","domain":"cybersecurity","path":"skills/building-identity-governance-lifecycle-process"},{"name":"building-incident-response-dashboard","description":"'Builds real-time incident response dashboards in Splunk, Elastic, or","domain":"cybersecurity","path":"skills/building-incident-response-dashboard"},{"name":"building-incident-response-playbook","description":"'Designs and documents structured incident response playbooks that define","domain":"cybersecurity","path":"skills/building-incident-response-playbook"},{"name":"building-incident-timeline-with-timesketch","description":"Build collaborative forensic incident timelines using Timesketch to ingest,","domain":"cybersecurity","path":"skills/building-incident-timeline-with-timesketch"},{"name":"building-ioc-defanging-and-sharing-pipeline","description":"Build an automated pipeline to defang indicators of compromise (URLs,","domain":"cybersecurity","path":"skills/building-ioc-defanging-and-sharing-pipeline"},{"name":"building-ioc-enrichment-pipeline-with-opencti","description":"OpenCTI is an open-source platform for managing cyber threat intelligence","domain":"cybersecurity","path":"skills/building-ioc-enrichment-pipeline-with-opencti"},{"name":"building-malware-incident-communication-template","description":"Build structured communication templates for malware incidents including","domain":"cybersecurity","path":"skills/building-malware-incident-communication-template"},{"name":"building-patch-tuesday-response-process","description":"Establish a structured operational process to triage, test, and deploy","domain":"cybersecurity","path":"skills/building-patch-tuesday-response-process"},{"name":"building-phishing-reporting-button-workflow","description":"Implement a phishing report button in email clients with automated triage","domain":"cybersecurity","path":"skills/building-phishing-reporting-button-workflow"},{"name":"building-ransomware-playbook-with-cisa-framework","description":"'Builds a structured ransomware incident response playbook aligned with","domain":"cybersecurity","path":"skills/building-ransomware-playbook-with-cisa-framework"},{"name":"building-red-team-c2-infrastructure-with-havoc","description":"Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners,","domain":"cybersecurity","path":"skills/building-red-team-c2-infrastructure-with-havoc"},{"name":"building-role-mining-for-rbac-optimization","description":"Apply bottom-up and top-down role mining techniques to discover optimal","domain":"cybersecurity","path":"skills/building-role-mining-for-rbac-optimization"},{"name":"building-soc-escalation-matrix","description":"Build a structured SOC escalation matrix defining severity tiers, response","domain":"cybersecurity","path":"skills/building-soc-escalation-matrix"},{"name":"building-soc-metrics-and-kpi-tracking","description":"'Builds SOC performance metrics and KPI tracking dashboards measuring","domain":"cybersecurity","path":"skills/building-soc-metrics-and-kpi-tracking"},{"name":"building-soc-playbook-for-ransomware","description":"'Builds a structured SOC incident response playbook for ransomware attacks","domain":"cybersecurity","path":"skills/building-soc-playbook-for-ransomware"},{"name":"building-threat-actor-profile-from-osint","description":"Build comprehensive threat actor profiles using open-source intelligence","domain":"cybersecurity","path":"skills/building-threat-actor-profile-from-osint"},{"name":"building-threat-feed-aggregation-with-misp","description":"Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate,","domain":"cybersecurity","path":"skills/building-threat-feed-aggregation-with-misp"},{"name":"building-threat-hunt-hypothesis-framework","description":"Build a systematic threat hunt hypothesis framework that transforms threat","domain":"cybersecurity","path":"skills/building-threat-hunt-hypothesis-framework"},{"name":"building-threat-intelligence-enrichment-in-splunk","description":"Build automated threat intelligence enrichment pipelines in Splunk Enterprise","domain":"cybersecurity","path":"skills/building-threat-intelligence-enrichment-in-splunk"},{"name":"building-threat-intelligence-feed-integration","description":"'Builds automated threat intelligence feed integration pipelines connecting","domain":"cybersecurity","path":"skills/building-threat-intelligence-feed-integration"},{"name":"building-threat-intelligence-platform","description":"Building a Threat Intelligence Platform (TIP) involves deploying and","domain":"cybersecurity","path":"skills/building-threat-intelligence-platform"},{"name":"building-vulnerability-aging-and-sla-tracking","description":"Implement a vulnerability aging dashboard and SLA tracking system to","domain":"cybersecurity","path":"skills/building-vulnerability-aging-and-sla-tracking"},{"name":"building-vulnerability-dashboard-with-defectdojo","description":"Deploy DefectDojo as a centralized vulnerability management dashboard","domain":"cybersecurity","path":"skills/building-vulnerability-dashboard-with-defectdojo"},{"name":"building-vulnerability-exception-tracking-system","description":"Build a vulnerability exception and risk acceptance tracking system with","domain":"cybersecurity","path":"skills/building-vulnerability-exception-tracking-system"},{"name":"building-vulnerability-scanning-workflow","description":"'Builds a structured vulnerability scanning workflow using tools like","domain":"cybersecurity","path":"skills/building-vulnerability-scanning-workflow"},{"name":"bypassing-authentication-with-forced-browsing","description":"Discovering and accessing unprotected pages, APIs, and administrative","domain":"cybersecurity","path":"skills/bypassing-authentication-with-forced-browsing"},{"name":"collecting-indicators-of-compromise","description":"'Systematically collects, categorizes, and distributes indicators of","domain":"cybersecurity","path":"skills/collecting-indicators-of-compromise"},{"name":"collecting-open-source-intelligence","description":"'Collects and synthesizes open-source intelligence (OSINT) about threat","domain":"cybersecurity","path":"skills/collecting-open-source-intelligence"},{"name":"collecting-threat-intelligence-with-misp","description":"MISP (Malware Information Sharing Platform) is an open-source threat","domain":"cybersecurity","path":"skills/collecting-threat-intelligence-with-misp"},{"name":"collecting-volatile-evidence-from-compromised-host","description":"Collect volatile forensic evidence from a compromised system following","domain":"cybersecurity","path":"skills/collecting-volatile-evidence-from-compromised-host"},{"name":"conducting-api-security-testing","description":"'Conducts security testing of REST, GraphQL, and gRPC APIs to identify","domain":"cybersecurity","path":"skills/conducting-api-security-testing"},{"name":"conducting-cloud-incident-response","description":"'Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,","domain":"cybersecurity","path":"skills/conducting-cloud-incident-response"},{"name":"conducting-cloud-penetration-testing","description":"'This skill outlines methodologies for performing authorized penetration","domain":"cybersecurity","path":"skills/conducting-cloud-penetration-testing"},{"name":"conducting-domain-persistence-with-dcsync","description":"Perform DCSync attacks to replicate Active Directory credentials and","domain":"cybersecurity","path":"skills/conducting-domain-persistence-with-dcsync"},{"name":"conducting-external-reconnaissance-with-osint","description":"'Conducts external reconnaissance using Open Source Intelligence (OSINT)","domain":"cybersecurity","path":"skills/conducting-external-reconnaissance-with-osint"},{"name":"conducting-full-scope-red-team-engagement","description":"Plan and execute a comprehensive red team engagement covering reconnaissance","domain":"cybersecurity","path":"skills/conducting-full-scope-red-team-engagement"},{"name":"conducting-internal-network-penetration-test","description":"Execute an internal network penetration test simulating an insider threat","domain":"cybersecurity","path":"skills/conducting-internal-network-penetration-test"},{"name":"conducting-internal-reconnaissance-with-bloodhound-ce","description":"Conduct internal Active Directory reconnaissance using BloodHound Community","domain":"cybersecurity","path":"skills/conducting-internal-reconnaissance-with-bloodhound-ce"},{"name":"conducting-malware-incident-response","description":"'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection","domain":"cybersecurity","path":"skills/conducting-malware-incident-response"},{"name":"conducting-man-in-the-middle-attack-simulation","description":"'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap","domain":"cybersecurity","path":"skills/conducting-man-in-the-middle-attack-simulation"},{"name":"conducting-memory-forensics-with-volatility","description":"'Performs memory forensics analysis using Volatility 3 to extract evidence","domain":"cybersecurity","path":"skills/conducting-memory-forensics-with-volatility"},{"name":"conducting-mobile-app-penetration-test","description":"'Conducts penetration testing of iOS and Android mobile applications","domain":"cybersecurity","path":"skills/conducting-mobile-app-penetration-test"},{"name":"conducting-network-penetration-test","description":"'Conducts comprehensive network penetration tests against authorized","domain":"cybersecurity","path":"skills/conducting-network-penetration-test"},{"name":"conducting-pass-the-ticket-attack","description":"Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen","domain":"cybersecurity","path":"skills/conducting-pass-the-ticket-attack"},{"name":"conducting-phishing-incident-response","description":"'Responds to phishing incidents by analyzing reported emails, extracting","domain":"cybersecurity","path":"skills/conducting-phishing-incident-response"},{"name":"conducting-post-incident-lessons-learned","description":"Facilitate structured post-incident reviews to identify root causes,","domain":"cybersecurity","path":"skills/conducting-post-incident-lessons-learned"},{"name":"conducting-social-engineering-penetration-test","description":"Design and execute a social engineering penetration test including phishing,","domain":"cybersecurity","path":"skills/conducting-social-engineering-penetration-test"},{"name":"conducting-social-engineering-pretext-call","description":"Plan and execute authorized vishing (voice phishing) pretext calls to","domain":"cybersecurity","path":"skills/conducting-social-engineering-pretext-call"},{"name":"conducting-spearphishing-simulation-campaign","description":"Spearphishing simulation is a targeted social engineering attack vector","domain":"cybersecurity","path":"skills/conducting-spearphishing-simulation-campaign"},{"name":"conducting-wireless-network-penetration-test","description":"'Conducts authorized wireless network penetration tests to assess the","domain":"cybersecurity","path":"skills/conducting-wireless-network-penetration-test"},{"name":"configuring-active-directory-tiered-model","description":"Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered","domain":"cybersecurity","path":"skills/configuring-active-directory-tiered-model"},{"name":"configuring-aws-verified-access-for-ztna","description":"Configure AWS Verified Access to provide VPN-less zero trust network","domain":"cybersecurity","path":"skills/configuring-aws-verified-access-for-ztna"},{"name":"configuring-certificate-authority-with-openssl","description":"A Certificate Authority (CA) is the trust anchor in a PKI hierarchy,","domain":"cybersecurity","path":"skills/configuring-certificate-authority-with-openssl"},{"name":"configuring-host-based-intrusion-detection","description":"'Configures host-based intrusion detection systems (HIDS) to monitor","domain":"cybersecurity","path":"skills/configuring-host-based-intrusion-detection"},{"name":"configuring-hsm-for-key-storage","description":"Hardware Security Modules (HSMs) are tamper-resistant physical devices","domain":"cybersecurity","path":"skills/configuring-hsm-for-key-storage"},{"name":"configuring-identity-aware-proxy-with-google-iap","description":"'Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request","domain":"cybersecurity","path":"skills/configuring-identity-aware-proxy-with-google-iap"},{"name":"configuring-ldap-security-hardening","description":"Harden LDAP directory services against common attacks including credential","domain":"cybersecurity","path":"skills/configuring-ldap-security-hardening"},{"name":"configuring-microsegmentation-for-zero-trust","description":"Configure microsegmentation policies to enforce least-privilege workload-to-workload","domain":"cybersecurity","path":"skills/configuring-microsegmentation-for-zero-trust"},{"name":"configuring-multi-factor-authentication-with-duo","description":"Deploy Cisco Duo multi-factor authentication across enterprise applications,","domain":"cybersecurity","path":"skills/configuring-multi-factor-authentication-with-duo"},{"name":"configuring-network-segmentation-with-vlans","description":"'Designs and implements VLAN-based network segmentation on managed switches","domain":"cybersecurity","path":"skills/configuring-network-segmentation-with-vlans"},{"name":"configuring-oauth2-authorization-flow","description":"Configure secure OAuth 2.0 authorization flows including Authorization","domain":"cybersecurity","path":"skills/configuring-oauth2-authorization-flow"},{"name":"configuring-pfsense-firewall-rules","description":"'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic","domain":"cybersecurity","path":"skills/configuring-pfsense-firewall-rules"},{"name":"configuring-snort-ids-for-intrusion-detection","description":"'Installs, configures, and tunes Snort 3 intrusion detection system to","domain":"cybersecurity","path":"skills/configuring-snort-ids-for-intrusion-detection"},{"name":"configuring-suricata-for-network-monitoring","description":"'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets,","domain":"cybersecurity","path":"skills/configuring-suricata-for-network-monitoring"},{"name":"configuring-tls-1-3-for-secure-communications","description":"TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security","domain":"cybersecurity","path":"skills/configuring-tls-1-3-for-secure-communications"},{"name":"configuring-windows-defender-advanced-settings","description":"'Configures Microsoft Defender for Endpoint (MDE) advanced protection","domain":"cybersecurity","path":"skills/configuring-windows-defender-advanced-settings"},{"name":"configuring-windows-event-logging-for-detection","description":"'Configures Windows Event Logging with advanced audit policies to generate","domain":"cybersecurity","path":"skills/configuring-windows-event-logging-for-detection"},{"name":"configuring-zscaler-private-access-for-ztna","description":"'Configuring Zscaler Private Access (ZPA) to replace traditional VPN","domain":"cybersecurity","path":"skills/configuring-zscaler-private-access-for-ztna"},{"name":"containing-active-breach","description":"'Executes containment strategies to stop active adversary operations","domain":"cybersecurity","path":"skills/containing-active-breach"},{"name":"correlating-security-events-in-qradar","description":"'Correlates security events in IBM QRadar SIEM using AQL (Ariel Query","domain":"cybersecurity","path":"skills/correlating-security-events-in-qradar"},{"name":"correlating-threat-campaigns","description":"'Correlates disparate security incidents, IOCs, and adversary behaviors","domain":"cybersecurity","path":"skills/correlating-threat-campaigns"},{"name":"deobfuscating-javascript-malware","description":"'Deobfuscates malicious JavaScript code used in web-based attacks, phishing","domain":"cybersecurity","path":"skills/deobfuscating-javascript-malware"},{"name":"deobfuscating-powershell-obfuscated-malware","description":"Systematically deobfuscate multi-layer PowerShell malware using AST analysis,","domain":"cybersecurity","path":"skills/deobfuscating-powershell-obfuscated-malware"},{"name":"deploying-active-directory-honeytokens","description":"'Deploys deception-based honeytokens in Active Directory including fake","domain":"cybersecurity","path":"skills/deploying-active-directory-honeytokens"},{"name":"deploying-cloudflare-access-for-zero-trust","description":"'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust","domain":"cybersecurity","path":"skills/deploying-cloudflare-access-for-zero-trust"},{"name":"deploying-decoy-files-for-ransomware-detection","description":"'Deploys canary files (honeytokens) across file systems to detect ransomware","domain":"cybersecurity","path":"skills/deploying-decoy-files-for-ransomware-detection"},{"name":"deploying-edr-agent-with-crowdstrike","description":"'Deploys and configures CrowdStrike Falcon EDR agents across enterprise","domain":"cybersecurity","path":"skills/deploying-edr-agent-with-crowdstrike"},{"name":"deploying-osquery-for-endpoint-monitoring","description":"'Deploys and configures osquery for real-time endpoint monitoring using","domain":"cybersecurity","path":"skills/deploying-osquery-for-endpoint-monitoring"},{"name":"deploying-palo-alto-prisma-access-zero-trust","description":"'Deploying Palo Alto Networks Prisma Access for SASE-based zero trust","domain":"cybersecurity","path":"skills/deploying-palo-alto-prisma-access-zero-trust"},{"name":"deploying-ransomware-canary-files","description":"'Deploys and monitors ransomware canary files across critical directories","domain":"cybersecurity","path":"skills/deploying-ransomware-canary-files"},{"name":"deploying-software-defined-perimeter","description":"Deploy a Software-Defined Perimeter using the CSA v2.0 specification","domain":"cybersecurity","path":"skills/deploying-software-defined-perimeter"},{"name":"deploying-tailscale-for-zero-trust-vpn","description":"Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN","domain":"cybersecurity","path":"skills/deploying-tailscale-for-zero-trust-vpn"},{"name":"detecting-ai-model-prompt-injection-attacks","description":"'Detects prompt injection attacks targeting LLM-based applications using","domain":"cybersecurity","path":"skills/detecting-ai-model-prompt-injection-attacks"},{"name":"detecting-anomalies-in-industrial-control-systems","description":"'This skill covers deploying anomaly detection systems for industrial","domain":"cybersecurity","path":"skills/detecting-anomalies-in-industrial-control-systems"},{"name":"detecting-anomalous-authentication-patterns","description":"'Detects anomalous authentication patterns using UEBA analytics, statistical","domain":"cybersecurity","path":"skills/detecting-anomalous-authentication-patterns"},{"name":"detecting-api-enumeration-attacks","description":"Detect and prevent API enumeration attacks including BOLA and IDOR exploitation","domain":"cybersecurity","path":"skills/detecting-api-enumeration-attacks"},{"name":"detecting-arp-poisoning-in-network-traffic","description":"Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection,","domain":"cybersecurity","path":"skills/detecting-arp-poisoning-in-network-traffic"},{"name":"detecting-attacks-on-historian-servers","description":"'Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition,","domain":"cybersecurity","path":"skills/detecting-attacks-on-historian-servers"},{"name":"detecting-attacks-on-scada-systems","description":"'This skill covers detecting cyber attacks targeting Supervisory Control","domain":"cybersecurity","path":"skills/detecting-attacks-on-scada-systems"},{"name":"detecting-aws-cloudtrail-anomalies","description":"Detect unusual API call patterns in AWS CloudTrail logs using boto3,","domain":"cybersecurity","path":"skills/detecting-aws-cloudtrail-anomalies"},{"name":"detecting-aws-credential-exposure-with-trufflehog","description":"'Detecting exposed AWS credentials in source code repositories, CI/CD","domain":"cybersecurity","path":"skills/detecting-aws-credential-exposure-with-trufflehog"},{"name":"detecting-aws-guardduty-findings-automation","description":"Automate AWS GuardDuty threat detection findings processing using EventBridge","domain":"cybersecurity","path":"skills/detecting-aws-guardduty-findings-automation"},{"name":"detecting-aws-iam-privilege-escalation","description":"Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining","domain":"cybersecurity","path":"skills/detecting-aws-iam-privilege-escalation"},{"name":"detecting-azure-lateral-movement","description":"Detect lateral movement in Azure AD/Entra ID environments using Microsoft","domain":"cybersecurity","path":"skills/detecting-azure-lateral-movement"},{"name":"detecting-azure-service-principal-abuse","description":"Detect and investigate Azure service principal abuse including privilege","domain":"cybersecurity","path":"skills/detecting-azure-service-principal-abuse"},{"name":"detecting-azure-storage-account-misconfigurations","description":"Audit Azure Blob and ADLS storage accounts for public access exposure,","domain":"cybersecurity","path":"skills/detecting-azure-storage-account-misconfigurations"},{"name":"detecting-beaconing-patterns-with-zeek","description":"'Performs statistical analysis of Zeek conn.log connection intervals","domain":"cybersecurity","path":"skills/detecting-beaconing-patterns-with-zeek"},{"name":"detecting-bluetooth-low-energy-attacks","description":"'Detects and analyzes Bluetooth Low Energy (BLE) security attacks including","domain":"cybersecurity","path":"skills/detecting-bluetooth-low-energy-attacks"},{"name":"detecting-broken-object-property-level-authorization","description":"Detect and test for OWASP API3:2023 Broken Object Property Level Authorization","domain":"cybersecurity","path":"skills/detecting-broken-object-property-level-authorization"},{"name":"detecting-business-email-compromise","description":"Business Email Compromise (BEC) is a sophisticated fraud scheme where","domain":"cybersecurity","path":"skills/detecting-business-email-compromise"},{"name":"detecting-business-email-compromise-with-ai","description":"Deploy AI and NLP-powered detection systems to identify business email","domain":"cybersecurity","path":"skills/detecting-business-email-compromise-with-ai"},{"name":"detecting-cloud-threats-with-guardduty","description":"'This skill teaches security teams how to deploy and operationalize Amazon","domain":"cybersecurity","path":"skills/detecting-cloud-threats-with-guardduty"},{"name":"detecting-command-and-control-over-dns","description":"'Detects command-and-control (C2) communications tunneled through DNS","domain":"cybersecurity","path":"skills/detecting-command-and-control-over-dns"},{"name":"detecting-compromised-cloud-credentials","description":"'Detecting compromised cloud credentials across AWS, Azure, and GCP by","domain":"cybersecurity","path":"skills/detecting-compromised-cloud-credentials"},{"name":"detecting-container-drift-at-runtime","description":"Detect unauthorized modifications to running containers by monitoring","domain":"cybersecurity","path":"skills/detecting-container-drift-at-runtime"},{"name":"detecting-container-escape-attempts","description":"Container escape is a critical attack technique where an adversary breaks","domain":"cybersecurity","path":"skills/detecting-container-escape-attempts"},{"name":"detecting-container-escape-with-falco-rules","description":"Detect container escape attempts in real-time using Falco runtime security","domain":"cybersecurity","path":"skills/detecting-container-escape-with-falco-rules"},{"name":"detecting-credential-dumping-techniques","description":"Detect LSASS credential dumping, SAM database extraction, and NTDS.dit","domain":"cybersecurity","path":"skills/detecting-credential-dumping-techniques"},{"name":"detecting-cryptomining-in-cloud","description":"'This skill teaches security teams how to detect and respond to unauthorized","domain":"cybersecurity","path":"skills/detecting-cryptomining-in-cloud"},{"name":"detecting-dcsync-attack-in-active-directory","description":"Detect DCSync attacks where adversaries abuse Active Directory replication","domain":"cybersecurity","path":"skills/detecting-dcsync-attack-in-active-directory"},{"name":"detecting-deepfake-audio-in-vishing-attacks","description":"'Detects AI-generated deepfake audio used in voice phishing (vishing)","domain":"cybersecurity","path":"skills/detecting-deepfake-audio-in-vishing-attacks"},{"name":"detecting-dll-sideloading-attacks","description":"Detect DLL side-loading attacks where adversaries place malicious DLLs","domain":"cybersecurity","path":"skills/detecting-dll-sideloading-attacks"},{"name":"detecting-dnp3-protocol-anomalies","description":"'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications","domain":"cybersecurity","path":"skills/detecting-dnp3-protocol-anomalies"},{"name":"detecting-dns-exfiltration-with-dns-query-analysis","description":"Detect data exfiltration through DNS tunneling by analyzing query entropy,","domain":"cybersecurity","path":"skills/detecting-dns-exfiltration-with-dns-query-analysis"},{"name":"detecting-email-account-compromise","description":"Detect compromised O365 and Google Workspace email accounts by analyzing","domain":"cybersecurity","path":"skills/detecting-email-account-compromise"},{"name":"detecting-email-forwarding-rules-attack","description":"Detect malicious email forwarding rules created by adversaries to maintain","domain":"cybersecurity","path":"skills/detecting-email-forwarding-rules-attack"},{"name":"detecting-evasion-techniques-in-endpoint-logs","description":"'Detects defense evasion techniques used by adversaries in endpoint logs","domain":"cybersecurity","path":"skills/detecting-evasion-techniques-in-endpoint-logs"},{"name":"detecting-exfiltration-over-dns-with-zeek","description":"Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy","domain":"cybersecurity","path":"skills/detecting-exfiltration-over-dns-with-zeek"},{"name":"detecting-fileless-attacks-on-endpoints","description":"'Detects fileless malware and in-memory attacks that execute entirely","domain":"cybersecurity","path":"skills/detecting-fileless-attacks-on-endpoints"},{"name":"detecting-fileless-malware-techniques","description":"'Detects and analyzes fileless malware that operates entirely in memory","domain":"cybersecurity","path":"skills/detecting-fileless-malware-techniques"},{"name":"detecting-golden-ticket-attacks-in-kerberos-logs","description":"Detect Golden Ticket attacks in Active Directory by analyzing Kerberos","domain":"cybersecurity","path":"skills/detecting-golden-ticket-attacks-in-kerberos-logs"},{"name":"detecting-golden-ticket-forgery","description":"Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769","domain":"cybersecurity","path":"skills/detecting-golden-ticket-forgery"},{"name":"detecting-insider-data-exfiltration-via-dlp","description":"'Detects insider data exfiltration by analyzing DLP policy violations,","domain":"cybersecurity","path":"skills/detecting-insider-data-exfiltration-via-dlp"},{"name":"detecting-insider-threat-behaviors","description":"Detect insider threat behavioral indicators including unusual data access,","domain":"cybersecurity","path":"skills/detecting-insider-threat-behaviors"},{"name":"detecting-insider-threat-with-ueba","description":"Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch","domain":"cybersecurity","path":"skills/detecting-insider-threat-with-ueba"},{"name":"detecting-kerberoasting-attacks","description":"Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS","domain":"cybersecurity","path":"skills/detecting-kerberoasting-attacks"},{"name":"detecting-lateral-movement-in-network","description":"'Identifies lateral movement techniques in enterprise networks by analyzing","domain":"cybersecurity","path":"skills/detecting-lateral-movement-in-network"},{"name":"detecting-lateral-movement-with-splunk","description":"Detect adversary lateral movement across networks using Splunk SPL queries","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-splunk"},{"name":"detecting-lateral-movement-with-zeek","description":"'Detect lateral movement in network traffic using Zeek (formerly Bro)","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-zeek"},{"name":"detecting-living-off-the-land-attacks","description":"'Detect abuse of legitimate Windows binaries (LOLBins) used for living","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-attacks"},{"name":"detecting-living-off-the-land-with-lolbas","description":"Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-with-lolbas"},{"name":"detecting-malicious-scheduled-tasks-with-sysmon","description":"'Detect malicious scheduled task creation and modification using Sysmon","domain":"cybersecurity","path":"skills/detecting-malicious-scheduled-tasks-with-sysmon"},{"name":"detecting-mimikatz-execution-patterns","description":"Detect Mimikatz execution through command-line patterns, LSASS access","domain":"cybersecurity","path":"skills/detecting-mimikatz-execution-patterns"},{"name":"detecting-misconfigured-azure-storage","description":"'Detecting misconfigured Azure Storage accounts including publicly accessible","domain":"cybersecurity","path":"skills/detecting-misconfigured-azure-storage"},{"name":"detecting-mobile-malware-behavior","description":"'Detects and analyzes malicious behavior in mobile applications through","domain":"cybersecurity","path":"skills/detecting-mobile-malware-behavior"},{"name":"detecting-modbus-command-injection-attacks","description":"'Detect command injection attacks against Modbus TCP/RTU protocol in","domain":"cybersecurity","path":"skills/detecting-modbus-command-injection-attacks"},{"name":"detecting-modbus-protocol-anomalies","description":"'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications","domain":"cybersecurity","path":"skills/detecting-modbus-protocol-anomalies"},{"name":"detecting-network-anomalies-with-zeek","description":"'Deploys and configures Zeek (formerly Bro) network security monitor","domain":"cybersecurity","path":"skills/detecting-network-anomalies-with-zeek"},{"name":"detecting-network-scanning-with-ids-signatures","description":"Detect network reconnaissance and port scanning using Suricata and Snort","domain":"cybersecurity","path":"skills/detecting-network-scanning-with-ids-signatures"},{"name":"detecting-ntlm-relay-with-event-correlation","description":"'Detect NTLM relay attacks through Windows Security Event correlation","domain":"cybersecurity","path":"skills/detecting-ntlm-relay-with-event-correlation"},{"name":"detecting-oauth-token-theft","description":"'Detects and responds to OAuth token theft and replay attacks in cloud","domain":"cybersecurity","path":"skills/detecting-oauth-token-theft"},{"name":"detecting-pass-the-hash-attacks","description":"Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns,","domain":"cybersecurity","path":"skills/detecting-pass-the-hash-attacks"},{"name":"detecting-pass-the-ticket-attacks","description":"Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event","domain":"cybersecurity","path":"skills/detecting-pass-the-ticket-attacks"},{"name":"detecting-port-scanning-with-fail2ban","description":"'Configures Fail2ban with custom filters and actions to detect port scanning","domain":"cybersecurity","path":"skills/detecting-port-scanning-with-fail2ban"},{"name":"detecting-privilege-escalation-attempts","description":"Detect privilege escalation attempts including token manipulation, UAC","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-attempts"},{"name":"detecting-privilege-escalation-in-kubernetes-pods","description":"Detect and prevent privilege escalation in Kubernetes pods by monitoring","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-in-kubernetes-pods"},{"name":"detecting-process-hollowing-technique","description":"Detect process hollowing (T1055.012) by analyzing memory-mapped sections,","domain":"cybersecurity","path":"skills/detecting-process-hollowing-technique"},{"name":"detecting-process-injection-techniques","description":"'Detects and analyzes process injection techniques used by malware including","domain":"cybersecurity","path":"skills/detecting-process-injection-techniques"},{"name":"detecting-qr-code-phishing-with-email-security","description":"Detect and prevent QR code phishing (quishing) attacks that bypass traditional","domain":"cybersecurity","path":"skills/detecting-qr-code-phishing-with-email-security"},{"name":"detecting-ransomware-encryption-behavior","description":"'Detects ransomware encryption activity in real time using entropy analysis,","domain":"cybersecurity","path":"skills/detecting-ransomware-encryption-behavior"},{"name":"detecting-ransomware-precursors-in-network","description":"'Detects early-stage ransomware indicators in network traffic before","domain":"cybersecurity","path":"skills/detecting-ransomware-precursors-in-network"},{"name":"detecting-rdp-brute-force-attacks","description":"Detect RDP brute force attacks by analyzing Windows Security Event Logs","domain":"cybersecurity","path":"skills/detecting-rdp-brute-force-attacks"},{"name":"detecting-rootkit-activity","description":"'Detects rootkit presence on compromised systems by identifying hidden","domain":"cybersecurity","path":"skills/detecting-rootkit-activity"},{"name":"detecting-s3-data-exfiltration-attempts","description":"'Detecting data exfiltration attempts from AWS S3 buckets by analyzing","domain":"cybersecurity","path":"skills/detecting-s3-data-exfiltration-attempts"},{"name":"detecting-serverless-function-injection","description":"'Detects and prevents code injection attacks targeting serverless functions","domain":"cybersecurity","path":"skills/detecting-serverless-function-injection"},{"name":"detecting-service-account-abuse","description":"Detect abuse of service accounts through anomalous interactive logons,","domain":"cybersecurity","path":"skills/detecting-service-account-abuse"},{"name":"detecting-shadow-api-endpoints","description":"Discover and inventory shadow API endpoints that operate outside documented","domain":"cybersecurity","path":"skills/detecting-shadow-api-endpoints"},{"name":"detecting-shadow-it-cloud-usage","description":"Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing","domain":"cybersecurity","path":"skills/detecting-shadow-it-cloud-usage"},{"name":"detecting-spearphishing-with-email-gateway","description":"Spearphishing targets specific individuals using personalized, researched","domain":"cybersecurity","path":"skills/detecting-spearphishing-with-email-gateway"},{"name":"detecting-sql-injection-via-waf-logs","description":"Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection","domain":"cybersecurity","path":"skills/detecting-sql-injection-via-waf-logs"},{"name":"detecting-stuxnet-style-attacks","description":"'This skill covers detecting sophisticated cyber-physical attacks that","domain":"cybersecurity","path":"skills/detecting-stuxnet-style-attacks"},{"name":"detecting-supply-chain-attacks-in-ci-cd","description":"'Scans GitHub Actions workflows and CI/CD pipeline configurations for","domain":"cybersecurity","path":"skills/detecting-supply-chain-attacks-in-ci-cd"},{"name":"detecting-suspicious-oauth-application-consent","description":"Detect risky OAuth application consent grants in Azure AD / Microsoft","domain":"cybersecurity","path":"skills/detecting-suspicious-oauth-application-consent"},{"name":"detecting-suspicious-powershell-execution","description":"Detect suspicious PowerShell execution patterns including encoded commands,","domain":"cybersecurity","path":"skills/detecting-suspicious-powershell-execution"},{"name":"detecting-t1003-credential-dumping-with-edr","description":"Detect OS credential dumping techniques targeting LSASS memory, SAM database,","domain":"cybersecurity","path":"skills/detecting-t1003-credential-dumping-with-edr"},{"name":"detecting-t1055-process-injection-with-sysmon","description":"Detect process injection techniques (T1055) including classic DLL injection,","domain":"cybersecurity","path":"skills/detecting-t1055-process-injection-with-sysmon"},{"name":"detecting-t1548-abuse-elevation-control-mechanism","description":"Detect abuse of elevation control mechanisms including UAC bypass, sudo","domain":"cybersecurity","path":"skills/detecting-t1548-abuse-elevation-control-mechanism"},{"name":"detecting-typosquatting-packages-in-npm-pypi","description":"'Detects typosquatting attacks in npm and PyPI package registries by","domain":"cybersecurity","path":"skills/detecting-typosquatting-packages-in-npm-pypi"},{"name":"detecting-wmi-persistence","description":"Detect WMI event subscription persistence by analyzing Sysmon Event IDs","domain":"cybersecurity","path":"skills/detecting-wmi-persistence"},{"name":"eradicating-malware-from-infected-systems","description":"Systematically remove malware, backdoors, and attacker persistence mechanisms","domain":"cybersecurity","path":"skills/eradicating-malware-from-infected-systems"},{"name":"evaluating-threat-intelligence-platforms","description":"'Evaluates and selects Threat Intelligence Platform (TIP) products based","domain":"cybersecurity","path":"skills/evaluating-threat-intelligence-platforms"},{"name":"executing-active-directory-attack-simulation","description":"'Executes authorized attack simulations against Active Directory environments","domain":"cybersecurity","path":"skills/executing-active-directory-attack-simulation"},{"name":"executing-phishing-simulation-campaign","description":"'Executes authorized phishing simulation campaigns to assess an organization''s","domain":"cybersecurity","path":"skills/executing-phishing-simulation-campaign"},{"name":"executing-red-team-engagement-planning","description":"Red team engagement planning is the foundational phase that defines scope,","domain":"cybersecurity","path":"skills/executing-red-team-engagement-planning"},{"name":"executing-red-team-exercise","description":"'Executes comprehensive red team exercises that simulate real-world adversary","domain":"cybersecurity","path":"skills/executing-red-team-exercise"},{"name":"exploiting-active-directory-certificate-services-esc1","description":"Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1","domain":"cybersecurity","path":"skills/exploiting-active-directory-certificate-services-esc1"},{"name":"exploiting-active-directory-with-bloodhound","description":"BloodHound is a graph-based Active Directory reconnaissance tool that","domain":"cybersecurity","path":"skills/exploiting-active-directory-with-bloodhound"},{"name":"exploiting-api-injection-vulnerabilities","description":"'Tests APIs for injection vulnerabilities including SQL injection, NoSQL","domain":"cybersecurity","path":"skills/exploiting-api-injection-vulnerabilities"},{"name":"exploiting-bgp-hijacking-vulnerabilities","description":"'Analyzes and simulates BGP hijacking scenarios in authorized lab environments","domain":"cybersecurity","path":"skills/exploiting-bgp-hijacking-vulnerabilities"},{"name":"exploiting-broken-function-level-authorization","description":"'Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities","domain":"cybersecurity","path":"skills/exploiting-broken-function-level-authorization"},{"name":"exploiting-broken-link-hijacking","description":"Discover and exploit broken link hijacking vulnerabilities by identifying","domain":"cybersecurity","path":"skills/exploiting-broken-link-hijacking"},{"name":"exploiting-constrained-delegation-abuse","description":"Exploit Kerberos Constrained Delegation misconfigurations in Active Directory","domain":"cybersecurity","path":"skills/exploiting-constrained-delegation-abuse"},{"name":"exploiting-deeplink-vulnerabilities","description":"'Tests and exploits deep link (URL scheme and App Link) vulnerabilities","domain":"cybersecurity","path":"skills/exploiting-deeplink-vulnerabilities"},{"name":"exploiting-excessive-data-exposure-in-api","description":"'Tests APIs for excessive data exposure where endpoints return more data","domain":"cybersecurity","path":"skills/exploiting-excessive-data-exposure-in-api"},{"name":"exploiting-http-request-smuggling","description":"Detecting and exploiting HTTP request smuggling vulnerabilities caused","domain":"cybersecurity","path":"skills/exploiting-http-request-smuggling"},{"name":"exploiting-idor-vulnerabilities","description":"Identifying and exploiting Insecure Direct Object Reference vulnerabilities","domain":"cybersecurity","path":"skills/exploiting-idor-vulnerabilities"},{"name":"exploiting-insecure-data-storage-in-mobile","description":"'Identifies and exploits insecure local data storage vulnerabilities","domain":"cybersecurity","path":"skills/exploiting-insecure-data-storage-in-mobile"},{"name":"exploiting-insecure-deserialization","description":"Identifying and exploiting insecure deserialization vulnerabilities in","domain":"cybersecurity","path":"skills/exploiting-insecure-deserialization"},{"name":"exploiting-ipv6-vulnerabilities","description":"'Identifies and exploits IPv6-specific vulnerabilities including SLAAC","domain":"cybersecurity","path":"skills/exploiting-ipv6-vulnerabilities"},{"name":"exploiting-jwt-algorithm-confusion-attack","description":"'Exploits JWT algorithm confusion vulnerabilities where the server''s","domain":"cybersecurity","path":"skills/exploiting-jwt-algorithm-confusion-attack"},{"name":"exploiting-kerberoasting-with-impacket","description":"Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract","domain":"cybersecurity","path":"skills/exploiting-kerberoasting-with-impacket"},{"name":"exploiting-mass-assignment-in-rest-apis","description":"Discover and exploit mass assignment vulnerabilities in REST APIs to","domain":"cybersecurity","path":"skills/exploiting-mass-assignment-in-rest-apis"},{"name":"exploiting-ms17-010-eternalblue-vulnerability","description":"MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1","domain":"cybersecurity","path":"skills/exploiting-ms17-010-eternalblue-vulnerability"},{"name":"exploiting-nopac-cve-2021-42278-42287","description":"Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName","domain":"cybersecurity","path":"skills/exploiting-nopac-cve-2021-42278-42287"},{"name":"exploiting-nosql-injection-vulnerabilities","description":"Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB,","domain":"cybersecurity","path":"skills/exploiting-nosql-injection-vulnerabilities"},{"name":"exploiting-oauth-misconfiguration","description":"Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations","domain":"cybersecurity","path":"skills/exploiting-oauth-misconfiguration"},{"name":"exploiting-prototype-pollution-in-javascript","description":"Detect and exploit JavaScript prototype pollution vulnerabilities on","domain":"cybersecurity","path":"skills/exploiting-prototype-pollution-in-javascript"},{"name":"exploiting-race-condition-vulnerabilities","description":"Detect and exploit race condition vulnerabilities in web applications","domain":"cybersecurity","path":"skills/exploiting-race-condition-vulnerabilities"},{"name":"exploiting-server-side-request-forgery","description":"Identifying and exploiting SSRF vulnerabilities to access internal services,","domain":"cybersecurity","path":"skills/exploiting-server-side-request-forgery"},{"name":"exploiting-smb-vulnerabilities-with-metasploit","description":"'Identifies and exploits SMB protocol vulnerabilities using Metasploit","domain":"cybersecurity","path":"skills/exploiting-smb-vulnerabilities-with-metasploit"},{"name":"exploiting-sql-injection-vulnerabilities","description":"'Identifies and exploits SQL injection vulnerabilities in web applications","domain":"cybersecurity","path":"skills/exploiting-sql-injection-vulnerabilities"},{"name":"exploiting-sql-injection-with-sqlmap","description":"Detecting and exploiting SQL injection vulnerabilities using sqlmap to","domain":"cybersecurity","path":"skills/exploiting-sql-injection-with-sqlmap"},{"name":"exploiting-template-injection-vulnerabilities","description":"Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities","domain":"cybersecurity","path":"skills/exploiting-template-injection-vulnerabilities"},{"name":"exploiting-type-juggling-vulnerabilities","description":"Exploit PHP type juggling vulnerabilities caused by loose comparison","domain":"cybersecurity","path":"skills/exploiting-type-juggling-vulnerabilities"},{"name":"exploiting-vulnerabilities-with-metasploit-framework","description":"The Metasploit Framework is the world's most widely used penetration","domain":"cybersecurity","path":"skills/exploiting-vulnerabilities-with-metasploit-framework"},{"name":"exploiting-websocket-vulnerabilities","description":"Testing WebSocket implementations for authentication bypass, cross-site","domain":"cybersecurity","path":"skills/exploiting-websocket-vulnerabilities"},{"name":"exploiting-zerologon-vulnerability-cve-2020-1472","description":"Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote","domain":"cybersecurity","path":"skills/exploiting-zerologon-vulnerability-cve-2020-1472"},{"name":"extracting-browser-history-artifacts","description":"Extract and analyze browser history, cookies, cache, downloads, and bookmarks","domain":"cybersecurity","path":"skills/extracting-browser-history-artifacts"},{"name":"extracting-config-from-agent-tesla-rat","description":"Extract embedded configuration from Agent Tesla RAT samples including","domain":"cybersecurity","path":"skills/extracting-config-from-agent-tesla-rat"},{"name":"extracting-credentials-from-memory-dump","description":"Extract cached credentials, password hashes, Kerberos tickets, and authentication","domain":"cybersecurity","path":"skills/extracting-credentials-from-memory-dump"},{"name":"extracting-iocs-from-malware-samples","description":"'Extracts indicators of compromise (IOCs) from malware samples including","domain":"cybersecurity","path":"skills/extracting-iocs-from-malware-samples"},{"name":"extracting-memory-artifacts-with-rekall","description":"'Uses Rekall memory forensics framework to analyze memory dumps for process","domain":"cybersecurity","path":"skills/extracting-memory-artifacts-with-rekall"},{"name":"extracting-windows-event-logs-artifacts","description":"Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw,","domain":"cybersecurity","path":"skills/extracting-windows-event-logs-artifacts"},{"name":"generating-threat-intelligence-reports","description":"'Generates structured cyber threat intelligence reports at strategic,","domain":"cybersecurity","path":"skills/generating-threat-intelligence-reports"},{"name":"hardening-docker-containers-for-production","description":"Hardening Docker containers for production involves applying security","domain":"cybersecurity","path":"skills/hardening-docker-containers-for-production"},{"name":"hardening-docker-daemon-configuration","description":"Harden the Docker daemon by configuring daemon.json with user namespace","domain":"cybersecurity","path":"skills/hardening-docker-daemon-configuration"},{"name":"hardening-linux-endpoint-with-cis-benchmark","description":"'Hardens Linux endpoints using CIS Benchmark recommendations for Ubuntu,","domain":"cybersecurity","path":"skills/hardening-linux-endpoint-with-cis-benchmark"},{"name":"hardening-windows-endpoint-with-cis-benchmark","description":"'Hardens Windows endpoints using CIS (Center for Internet Security) Benchmark","domain":"cybersecurity","path":"skills/hardening-windows-endpoint-with-cis-benchmark"},{"name":"hunting-advanced-persistent-threats","description":"'Proactively hunts for Advanced Persistent Threat (APT) activity within","domain":"cybersecurity","path":"skills/hunting-advanced-persistent-threats"},{"name":"hunting-credential-stuffing-attacks","description":"'Detects credential stuffing attacks by analyzing authentication logs","domain":"cybersecurity","path":"skills/hunting-credential-stuffing-attacks"},{"name":"hunting-for-anomalous-powershell-execution","description":"'Hunt for malicious PowerShell activity by analyzing Script Block Logging","domain":"cybersecurity","path":"skills/hunting-for-anomalous-powershell-execution"},{"name":"hunting-for-beaconing-with-frequency-analysis","description":"Identify command-and-control beaconing patterns in network traffic by","domain":"cybersecurity","path":"skills/hunting-for-beaconing-with-frequency-analysis"},{"name":"hunting-for-cobalt-strike-beacons","description":"Detect Cobalt Strike beacon network activity using default TLS certificate","domain":"cybersecurity","path":"skills/hunting-for-cobalt-strike-beacons"},{"name":"hunting-for-command-and-control-beaconing","description":"Detect C2 beaconing patterns in network traffic using frequency analysis,","domain":"cybersecurity","path":"skills/hunting-for-command-and-control-beaconing"},{"name":"hunting-for-data-exfiltration-indicators","description":"Hunt for data exfiltration through network traffic analysis, detecting","domain":"cybersecurity","path":"skills/hunting-for-data-exfiltration-indicators"},{"name":"hunting-for-data-staging-before-exfiltration","description":"Detect data staging activity before exfiltration by monitoring for archive","domain":"cybersecurity","path":"skills/hunting-for-data-staging-before-exfiltration"},{"name":"hunting-for-dcom-lateral-movement","description":"'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application,","domain":"cybersecurity","path":"skills/hunting-for-dcom-lateral-movement"},{"name":"hunting-for-dcsync-attacks","description":"Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized","domain":"cybersecurity","path":"skills/hunting-for-dcsync-attacks"},{"name":"hunting-for-defense-evasion-via-timestomping","description":"'Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION","domain":"cybersecurity","path":"skills/hunting-for-defense-evasion-via-timestomping"},{"name":"hunting-for-dns-based-persistence","description":"Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling","domain":"cybersecurity","path":"skills/hunting-for-dns-based-persistence"},{"name":"hunting-for-dns-tunneling-with-zeek","description":"Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log","domain":"cybersecurity","path":"skills/hunting-for-dns-tunneling-with-zeek"},{"name":"hunting-for-domain-fronting-c2-traffic","description":"Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header","domain":"cybersecurity","path":"skills/hunting-for-domain-fronting-c2-traffic"},{"name":"hunting-for-lateral-movement-via-wmi","description":"Detect WMI-based lateral movement by analyzing Windows Event ID 4688","domain":"cybersecurity","path":"skills/hunting-for-lateral-movement-via-wmi"},{"name":"hunting-for-living-off-the-cloud-techniques","description":"Hunt for adversary abuse of legitimate cloud services for C2, data staging,","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-cloud-techniques"},{"name":"hunting-for-living-off-the-land-binaries","description":"Proactively hunt for adversary abuse of legitimate system binaries (LOLBins)","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-land-binaries"},{"name":"hunting-for-lolbins-execution-in-endpoint-logs","description":"Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by","domain":"cybersecurity","path":"skills/hunting-for-lolbins-execution-in-endpoint-logs"},{"name":"hunting-for-ntlm-relay-attacks","description":"Detect NTLM relay attacks by analyzing Windows Event 4624 logon type","domain":"cybersecurity","path":"skills/hunting-for-ntlm-relay-attacks"},{"name":"hunting-for-persistence-mechanisms-in-windows","description":"Systematically hunt for adversary persistence mechanisms across Windows","domain":"cybersecurity","path":"skills/hunting-for-persistence-mechanisms-in-windows"},{"name":"hunting-for-persistence-via-wmi-subscriptions","description":"Hunt for adversary persistence through Windows Management Instrumentation","domain":"cybersecurity","path":"skills/hunting-for-persistence-via-wmi-subscriptions"},{"name":"hunting-for-process-injection-techniques","description":"Detect process injection techniques (T1055) including CreateRemoteThread,","domain":"cybersecurity","path":"skills/hunting-for-process-injection-techniques"},{"name":"hunting-for-registry-persistence-mechanisms","description":"Hunt for registry-based persistence mechanisms including Run keys, Winlogon","domain":"cybersecurity","path":"skills/hunting-for-registry-persistence-mechanisms"},{"name":"hunting-for-registry-run-key-persistence","description":"Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing","domain":"cybersecurity","path":"skills/hunting-for-registry-run-key-persistence"},{"name":"hunting-for-scheduled-task-persistence","description":"Hunt for adversary persistence via Windows Scheduled Tasks by analyzing","domain":"cybersecurity","path":"skills/hunting-for-scheduled-task-persistence"},{"name":"hunting-for-shadow-copy-deletion","description":"Hunt for Volume Shadow Copy deletion activity that indicates ransomware","domain":"cybersecurity","path":"skills/hunting-for-shadow-copy-deletion"},{"name":"hunting-for-spearphishing-indicators","description":"Hunt for spearphishing campaign indicators across email logs, endpoint","domain":"cybersecurity","path":"skills/hunting-for-spearphishing-indicators"},{"name":"hunting-for-startup-folder-persistence","description":"Detect T1547.001 startup folder persistence by monitoring Windows startup","domain":"cybersecurity","path":"skills/hunting-for-startup-folder-persistence"},{"name":"hunting-for-supply-chain-compromise","description":"Hunt for supply chain compromise indicators including trojanized software","domain":"cybersecurity","path":"skills/hunting-for-supply-chain-compromise"},{"name":"hunting-for-suspicious-scheduled-tasks","description":"Hunt for adversary persistence and execution via Windows scheduled tasks","domain":"cybersecurity","path":"skills/hunting-for-suspicious-scheduled-tasks"},{"name":"hunting-for-t1098-account-manipulation","description":"Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin","domain":"cybersecurity","path":"skills/hunting-for-t1098-account-manipulation"},{"name":"hunting-for-unusual-network-connections","description":"Hunt for unusual network connections by analyzing outbound traffic patterns,","domain":"cybersecurity","path":"skills/hunting-for-unusual-network-connections"},{"name":"hunting-for-unusual-service-installations","description":"Detect suspicious Windows service installations (MITRE ATT&CK T1543.003)","domain":"cybersecurity","path":"skills/hunting-for-unusual-service-installations"},{"name":"hunting-for-webshell-activity","description":"Hunt for web shell deployments on internet-facing servers by analyzing","domain":"cybersecurity","path":"skills/hunting-for-webshell-activity"},{"name":"implementing-aes-encryption-for-data-at-rest","description":"AES (Advanced Encryption Standard) is a symmetric block cipher standardized","domain":"cybersecurity","path":"skills/implementing-aes-encryption-for-data-at-rest"},{"name":"implementing-alert-fatigue-reduction","description":"'Implements strategies to reduce SOC alert fatigue by tuning detection","domain":"cybersecurity","path":"skills/implementing-alert-fatigue-reduction"},{"name":"implementing-anti-phishing-training-program","description":"Security awareness training is the human layer of phishing defense. An","domain":"cybersecurity","path":"skills/implementing-anti-phishing-training-program"},{"name":"implementing-anti-ransomware-group-policy","description":"'Configures Windows Group Policy Objects (GPO) to prevent ransomware","domain":"cybersecurity","path":"skills/implementing-anti-ransomware-group-policy"},{"name":"implementing-api-abuse-detection-with-rate-limiting","description":"Implement API abuse detection using token bucket, sliding window, and","domain":"cybersecurity","path":"skills/implementing-api-abuse-detection-with-rate-limiting"},{"name":"implementing-api-gateway-security-controls","description":"'Implements security controls at the API gateway layer including authentication","domain":"cybersecurity","path":"skills/implementing-api-gateway-security-controls"},{"name":"implementing-api-key-security-controls","description":"'Implements secure API key generation, storage, rotation, and revocation","domain":"cybersecurity","path":"skills/implementing-api-key-security-controls"},{"name":"implementing-api-rate-limiting-and-throttling","description":"'Implements API rate limiting and throttling controls using token bucket,","domain":"cybersecurity","path":"skills/implementing-api-rate-limiting-and-throttling"},{"name":"implementing-api-schema-validation-security","description":"Implement API schema validation using OpenAPI specifications and JSON","domain":"cybersecurity","path":"skills/implementing-api-schema-validation-security"},{"name":"implementing-api-security-posture-management","description":"Implement API Security Posture Management to continuously discover, classify,","domain":"cybersecurity","path":"skills/implementing-api-security-posture-management"},{"name":"implementing-api-security-testing-with-42crunch","description":"Implement comprehensive API security testing using the 42Crunch platform","domain":"cybersecurity","path":"skills/implementing-api-security-testing-with-42crunch"},{"name":"implementing-api-threat-protection-with-apigee","description":"Implement API threat protection using Google Apigee policies including","domain":"cybersecurity","path":"skills/implementing-api-threat-protection-with-apigee"},{"name":"implementing-application-whitelisting-with-applocker","description":"'Implements application whitelisting using Windows AppLocker to restrict","domain":"cybersecurity","path":"skills/implementing-application-whitelisting-with-applocker"},{"name":"implementing-aqua-security-for-container-scanning","description":"Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations,","domain":"cybersecurity","path":"skills/implementing-aqua-security-for-container-scanning"},{"name":"implementing-attack-path-analysis-with-xm-cyber","description":"Deploy XM Cyber's continuous exposure management platform to map attack","domain":"cybersecurity","path":"skills/implementing-attack-path-analysis-with-xm-cyber"},{"name":"implementing-attack-surface-management","description":"'Implements external attack surface management (EASM) using Shodan, Censys,","domain":"cybersecurity","path":"skills/implementing-attack-surface-management"},{"name":"implementing-aws-config-rules-for-compliance","description":"'Implementing AWS Config rules for continuous compliance monitoring of","domain":"cybersecurity","path":"skills/implementing-aws-config-rules-for-compliance"},{"name":"implementing-aws-iam-permission-boundaries","description":"Configure IAM permission boundaries in AWS to delegate role creation","domain":"cybersecurity","path":"skills/implementing-aws-iam-permission-boundaries"},{"name":"implementing-aws-macie-for-data-classification","description":"Implement Amazon Macie to automatically discover, classify, and protect","domain":"cybersecurity","path":"skills/implementing-aws-macie-for-data-classification"},{"name":"implementing-aws-nitro-enclave-security","description":"'Implements AWS Nitro Enclave-based confidential computing environments","domain":"cybersecurity","path":"skills/implementing-aws-nitro-enclave-security"},{"name":"implementing-aws-security-hub","description":"'This skill covers deploying AWS Security Hub as a centralized cloud","domain":"cybersecurity","path":"skills/implementing-aws-security-hub"},{"name":"implementing-aws-security-hub-compliance","description":"'Implementing AWS Security Hub to aggregate security findings across","domain":"cybersecurity","path":"skills/implementing-aws-security-hub-compliance"},{"name":"implementing-azure-ad-privileged-identity-management","description":"Configure Microsoft Entra Privileged Identity Management to enforce just-in-time","domain":"cybersecurity","path":"skills/implementing-azure-ad-privileged-identity-management"},{"name":"implementing-azure-defender-for-cloud","description":"'Implementing Microsoft Defender for Cloud to enable cloud security posture","domain":"cybersecurity","path":"skills/implementing-azure-defender-for-cloud"},{"name":"implementing-beyondcorp-zero-trust-access-model","description":"'Implementing Google''s BeyondCorp zero trust access model to eliminate","domain":"cybersecurity","path":"skills/implementing-beyondcorp-zero-trust-access-model"},{"name":"implementing-bgp-security-with-rpki","description":"Implement BGP route origin validation using RPKI with Route Origin Authorizations,","domain":"cybersecurity","path":"skills/implementing-bgp-security-with-rpki"},{"name":"implementing-browser-isolation-for-zero-trust","description":"'Deploys remote browser isolation (RBI) as a core component of a Zero","domain":"cybersecurity","path":"skills/implementing-browser-isolation-for-zero-trust"},{"name":"implementing-canary-tokens-for-network-intrusion","description":"'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure","domain":"cybersecurity","path":"skills/implementing-canary-tokens-for-network-intrusion"},{"name":"implementing-cisa-zero-trust-maturity-model","description":"Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars","domain":"cybersecurity","path":"skills/implementing-cisa-zero-trust-maturity-model"},{"name":"implementing-cloud-dlp-for-data-protection","description":"'Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure","domain":"cybersecurity","path":"skills/implementing-cloud-dlp-for-data-protection"},{"name":"implementing-cloud-security-posture-management","description":"'Implementing Cloud Security Posture Management (CSPM) to continuously","domain":"cybersecurity","path":"skills/implementing-cloud-security-posture-management"},{"name":"implementing-cloud-trail-log-analysis","description":"'Implementing AWS CloudTrail log analysis for security monitoring, threat","domain":"cybersecurity","path":"skills/implementing-cloud-trail-log-analysis"},{"name":"implementing-cloud-vulnerability-posture-management","description":"Implement Cloud Security Posture Management using AWS Security Hub, Azure","domain":"cybersecurity","path":"skills/implementing-cloud-vulnerability-posture-management"},{"name":"implementing-cloud-waf-rules","description":"'This skill covers deploying and tuning Web Application Firewall rules","domain":"cybersecurity","path":"skills/implementing-cloud-waf-rules"},{"name":"implementing-cloud-workload-protection","description":"'Implements cloud workload protection using boto3 and google-cloud APIs","domain":"cybersecurity","path":"skills/implementing-cloud-workload-protection"},{"name":"implementing-code-signing-for-artifacts","description":"'This skill covers implementing code signing for build artifacts to ensure","domain":"cybersecurity","path":"skills/implementing-code-signing-for-artifacts"},{"name":"implementing-conditional-access-policies-azure-ad","description":"Configure Microsoft Entra ID (Azure AD) Conditional Access policies for","domain":"cybersecurity","path":"skills/implementing-conditional-access-policies-azure-ad"},{"name":"implementing-conduit-security-for-ot-remote-access","description":"'Implement secure conduit architecture for OT remote access following","domain":"cybersecurity","path":"skills/implementing-conduit-security-for-ot-remote-access"},{"name":"implementing-container-image-minimal-base-with-distroless","description":"Reduce container attack surface by building application images on Google","domain":"cybersecurity","path":"skills/implementing-container-image-minimal-base-with-distroless"},{"name":"implementing-container-network-policies-with-calico","description":"Enforce Kubernetes network segmentation using Calico CNI network policies","domain":"cybersecurity","path":"skills/implementing-container-network-policies-with-calico"},{"name":"implementing-continuous-security-validation-with-bas","description":"Deploy Breach and Attack Simulation tools to continuously validate security","domain":"cybersecurity","path":"skills/implementing-continuous-security-validation-with-bas"},{"name":"implementing-data-loss-prevention-with-microsoft-purview","description":"'Implements data loss prevention policies using Microsoft Purview to","domain":"cybersecurity","path":"skills/implementing-data-loss-prevention-with-microsoft-purview"},{"name":"implementing-ddos-mitigation-with-cloudflare","description":"Configure Cloudflare DDoS protection with managed rulesets, rate limiting,","domain":"cybersecurity","path":"skills/implementing-ddos-mitigation-with-cloudflare"},{"name":"implementing-deception-based-detection-with-canarytoken","description":"Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based","domain":"cybersecurity","path":"skills/implementing-deception-based-detection-with-canarytoken"},{"name":"implementing-delinea-secret-server-for-pam","description":"'Implements Delinea Secret Server for privileged access management (PAM)","domain":"cybersecurity","path":"skills/implementing-delinea-secret-server-for-pam"},{"name":"implementing-device-posture-assessment-in-zero-trust","description":"'Implementing device posture assessment as a zero trust access control","domain":"cybersecurity","path":"skills/implementing-device-posture-assessment-in-zero-trust"},{"name":"implementing-devsecops-security-scanning","description":"'Integrates Static Application Security Testing (SAST), Dynamic Application","domain":"cybersecurity","path":"skills/implementing-devsecops-security-scanning"},{"name":"implementing-diamond-model-analysis","description":"The Diamond Model of Intrusion Analysis provides a structured framework","domain":"cybersecurity","path":"skills/implementing-diamond-model-analysis"},{"name":"implementing-digital-signatures-with-ed25519","description":"Ed25519 is a high-performance digital signature algorithm using the Edwards","domain":"cybersecurity","path":"skills/implementing-digital-signatures-with-ed25519"},{"name":"implementing-disk-encryption-with-bitlocker","description":"'Implements full disk encryption using Microsoft BitLocker on Windows","domain":"cybersecurity","path":"skills/implementing-disk-encryption-with-bitlocker"},{"name":"implementing-dmarc-dkim-spf-email-security","description":"SPF, DKIM, and DMARC form the three pillars of email authentication.","domain":"cybersecurity","path":"skills/implementing-dmarc-dkim-spf-email-security"},{"name":"implementing-dragos-platform-for-ot-monitoring","description":"'Deploy and configure the Dragos Platform for OT network monitoring,","domain":"cybersecurity","path":"skills/implementing-dragos-platform-for-ot-monitoring"},{"name":"implementing-ebpf-security-monitoring","description":"'Implements eBPF-based security monitoring using Cilium Tetragon for","domain":"cybersecurity","path":"skills/implementing-ebpf-security-monitoring"},{"name":"implementing-email-sandboxing-with-proofpoint","description":"Email sandboxing detonates suspicious attachments and URLs in isolated","domain":"cybersecurity","path":"skills/implementing-email-sandboxing-with-proofpoint"},{"name":"implementing-end-to-end-encryption-for-messaging","description":"End-to-end encryption (E2EE) ensures that only the communicating parties","domain":"cybersecurity","path":"skills/implementing-end-to-end-encryption-for-messaging"},{"name":"implementing-endpoint-detection-with-wazuh","description":"Deploy and configure Wazuh SIEM/XDR for endpoint detection including","domain":"cybersecurity","path":"skills/implementing-endpoint-detection-with-wazuh"},{"name":"implementing-endpoint-dlp-controls","description":"'Implements endpoint Data Loss Prevention (DLP) controls to detect and","domain":"cybersecurity","path":"skills/implementing-endpoint-dlp-controls"},{"name":"implementing-envelope-encryption-with-aws-kms","description":"Envelope encryption is a strategy where data is encrypted with a data","domain":"cybersecurity","path":"skills/implementing-envelope-encryption-with-aws-kms"},{"name":"implementing-epss-score-for-vulnerability-prioritization","description":"Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize","domain":"cybersecurity","path":"skills/implementing-epss-score-for-vulnerability-prioritization"},{"name":"implementing-file-integrity-monitoring-with-aide","description":"Configure AIDE (Advanced Intrusion Detection Environment) for file integrity","domain":"cybersecurity","path":"skills/implementing-file-integrity-monitoring-with-aide"},{"name":"implementing-fuzz-testing-in-cicd-with-aflplusplus","description":"Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to","domain":"cybersecurity","path":"skills/implementing-fuzz-testing-in-cicd-with-aflplusplus"},{"name":"implementing-gcp-binary-authorization","description":"Implement GCP Binary Authorization to enforce deploy-time security controls","domain":"cybersecurity","path":"skills/implementing-gcp-binary-authorization"},{"name":"implementing-gcp-organization-policy-constraints","description":"Implement GCP Organization Policy constraints to enforce security guardrails","domain":"cybersecurity","path":"skills/implementing-gcp-organization-policy-constraints"},{"name":"implementing-gcp-vpc-firewall-rules","description":"'Implementing and auditing GCP VPC firewall rules to enforce network","domain":"cybersecurity","path":"skills/implementing-gcp-vpc-firewall-rules"},{"name":"implementing-gdpr-data-protection-controls","description":"The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's","domain":"cybersecurity","path":"skills/implementing-gdpr-data-protection-controls"},{"name":"implementing-gdpr-data-subject-access-request","description":"'Automates GDPR Data Subject Access Request (DSAR) workflows including","domain":"cybersecurity","path":"skills/implementing-gdpr-data-subject-access-request"},{"name":"implementing-github-advanced-security-for-code-scanning","description":"Configure GitHub Advanced Security with CodeQL to perform automated static","domain":"cybersecurity","path":"skills/implementing-github-advanced-security-for-code-scanning"},{"name":"implementing-google-workspace-admin-security","description":"'Implements comprehensive Google Workspace security hardening including","domain":"cybersecurity","path":"skills/implementing-google-workspace-admin-security"},{"name":"implementing-google-workspace-phishing-protection","description":"Configure Google Workspace advanced phishing and malware protection settings","domain":"cybersecurity","path":"skills/implementing-google-workspace-phishing-protection"},{"name":"implementing-google-workspace-sso-configuration","description":"Configure SAML 2.0 single sign-on for Google Workspace with a third-party","domain":"cybersecurity","path":"skills/implementing-google-workspace-sso-configuration"},{"name":"implementing-hardware-security-key-authentication","description":"'Implements FIDO2/WebAuthn hardware security key authentication including","domain":"cybersecurity","path":"skills/implementing-hardware-security-key-authentication"},{"name":"implementing-hashicorp-vault-dynamic-secrets","description":"'Implements HashiCorp Vault dynamic secrets engines for database credentials,","domain":"cybersecurity","path":"skills/implementing-hashicorp-vault-dynamic-secrets"},{"name":"implementing-honeypot-for-ransomware-detection","description":"'Deploys canary files, honeypot shares, and decoy systems to detect ransomware","domain":"cybersecurity","path":"skills/implementing-honeypot-for-ransomware-detection"},{"name":"implementing-honeytokens-for-breach-detection","description":"'Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries,","domain":"cybersecurity","path":"skills/implementing-honeytokens-for-breach-detection"},{"name":"implementing-ics-firewall-with-tofino","description":"'Deploy and configure Tofino industrial firewalls from Belden/Hirschmann","domain":"cybersecurity","path":"skills/implementing-ics-firewall-with-tofino"},{"name":"implementing-identity-governance-with-sailpoint","description":"Deploy SailPoint IdentityNow or IdentityIQ for identity governance and","domain":"cybersecurity","path":"skills/implementing-identity-governance-with-sailpoint"},{"name":"implementing-identity-verification-for-zero-trust","description":"Implement continuous identity verification for zero trust using phishing-resistant","domain":"cybersecurity","path":"skills/implementing-identity-verification-for-zero-trust"},{"name":"implementing-iec-62443-security-zones","description":"'This skill covers designing and implementing security zones and conduits","domain":"cybersecurity","path":"skills/implementing-iec-62443-security-zones"},{"name":"implementing-image-provenance-verification-with-cosign","description":"Sign and verify container image provenance using Sigstore Cosign with","domain":"cybersecurity","path":"skills/implementing-image-provenance-verification-with-cosign"},{"name":"implementing-immutable-backup-with-restic","description":"'Implements immutable backup strategy using restic with S3-compatible","domain":"cybersecurity","path":"skills/implementing-immutable-backup-with-restic"},{"name":"implementing-infrastructure-as-code-security-scanning","description":"'This skill covers implementing automated security scanning for Infrastructure","domain":"cybersecurity","path":"skills/implementing-infrastructure-as-code-security-scanning"},{"name":"implementing-iso-27001-information-security-management","description":"ISO/IEC 27001:2022 is the international standard for establishing, implementing,","domain":"cybersecurity","path":"skills/implementing-iso-27001-information-security-management"},{"name":"implementing-just-in-time-access-provisioning","description":"Implement Just-In-Time (JIT) access provisioning to eliminate standing","domain":"cybersecurity","path":"skills/implementing-just-in-time-access-provisioning"},{"name":"implementing-jwt-signing-and-verification","description":"JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens","domain":"cybersecurity","path":"skills/implementing-jwt-signing-and-verification"},{"name":"implementing-kubernetes-network-policy-with-calico","description":"Implement Kubernetes network segmentation using Calico NetworkPolicy","domain":"cybersecurity","path":"skills/implementing-kubernetes-network-policy-with-calico"},{"name":"implementing-kubernetes-pod-security-standards","description":"Pod Security Standards (PSS) define three levels of security policies","domain":"cybersecurity","path":"skills/implementing-kubernetes-pod-security-standards"},{"name":"implementing-llm-guardrails-for-security","description":"'Implements input and output validation guardrails for LLM-powered applications","domain":"cybersecurity","path":"skills/implementing-llm-guardrails-for-security"},{"name":"implementing-log-forwarding-with-fluentd","description":"Configure Fluentd and Fluent Bit for centralized log aggregation, routing,","domain":"cybersecurity","path":"skills/implementing-log-forwarding-with-fluentd"},{"name":"implementing-log-integrity-with-blockchain","description":"Build an append-only log integrity chain using SHA-256 hash chaining","domain":"cybersecurity","path":"skills/implementing-log-integrity-with-blockchain"},{"name":"implementing-memory-protection-with-dep-aslr","description":"'Implements memory protection mechanisms including DEP (Data Execution","domain":"cybersecurity","path":"skills/implementing-memory-protection-with-dep-aslr"},{"name":"implementing-microsegmentation-with-guardicore","description":"'Implementing microsegmentation using Akamai Guardicore Segmentation","domain":"cybersecurity","path":"skills/implementing-microsegmentation-with-guardicore"},{"name":"implementing-mimecast-targeted-attack-protection","description":"Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment","domain":"cybersecurity","path":"skills/implementing-mimecast-targeted-attack-protection"},{"name":"implementing-mitre-attack-coverage-mapping","description":"Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize","domain":"cybersecurity","path":"skills/implementing-mitre-attack-coverage-mapping"},{"name":"implementing-mobile-application-management","description":"'Implements Mobile Application Management (MAM) policies to protect enterprise","domain":"cybersecurity","path":"skills/implementing-mobile-application-management"},{"name":"implementing-mtls-for-zero-trust-services","description":"'Configures mutual TLS (mTLS) authentication between microservices using","domain":"cybersecurity","path":"skills/implementing-mtls-for-zero-trust-services"},{"name":"implementing-nerc-cip-compliance-controls","description":"'This skill covers implementing North American Electric Reliability Corporation","domain":"cybersecurity","path":"skills/implementing-nerc-cip-compliance-controls"},{"name":"implementing-network-access-control","description":"'Implements 802.1X port-based network access control using RADIUS authentication,","domain":"cybersecurity","path":"skills/implementing-network-access-control"},{"name":"implementing-network-access-control-with-cisco-ise","description":"Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication,","domain":"cybersecurity","path":"skills/implementing-network-access-control-with-cisco-ise"},{"name":"implementing-network-deception-with-honeypots","description":"Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie","domain":"cybersecurity","path":"skills/implementing-network-deception-with-honeypots"},{"name":"implementing-network-intrusion-prevention-with-suricata","description":"Deploy and configure Suricata as a network intrusion prevention system","domain":"cybersecurity","path":"skills/implementing-network-intrusion-prevention-with-suricata"},{"name":"implementing-network-policies-for-kubernetes","description":"Kubernetes NetworkPolicies provide pod-level network segmentation by","domain":"cybersecurity","path":"skills/implementing-network-policies-for-kubernetes"},{"name":"implementing-network-segmentation-for-ot","description":"'This skill covers implementing network segmentation in Operational Technology","domain":"cybersecurity","path":"skills/implementing-network-segmentation-for-ot"},{"name":"implementing-network-segmentation-with-firewall-zones","description":"Design and implement network segmentation using firewall security zones,","domain":"cybersecurity","path":"skills/implementing-network-segmentation-with-firewall-zones"},{"name":"implementing-network-traffic-analysis-with-arkime","description":"Deploy and query Arkime (formerly Moloch) for full packet capture network","domain":"cybersecurity","path":"skills/implementing-network-traffic-analysis-with-arkime"},{"name":"implementing-network-traffic-baselining","description":"Build network traffic baselines from NetFlow/IPFIX data using Python","domain":"cybersecurity","path":"skills/implementing-network-traffic-baselining"},{"name":"implementing-next-generation-firewall-with-palo-alto","description":"Configure and deploy Palo Alto Networks next-generation firewalls with","domain":"cybersecurity","path":"skills/implementing-next-generation-firewall-with-palo-alto"},{"name":"implementing-opa-gatekeeper-for-policy-enforcement","description":"Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates,","domain":"cybersecurity","path":"skills/implementing-opa-gatekeeper-for-policy-enforcement"},{"name":"implementing-ot-incident-response-playbook","description":"'Develop and implement OT-specific incident response playbooks aligned","domain":"cybersecurity","path":"skills/implementing-ot-incident-response-playbook"},{"name":"implementing-ot-network-traffic-analysis-with-nozomi","description":"'Deploy Nozomi Networks Guardian sensors for passive OT network traffic","domain":"cybersecurity","path":"skills/implementing-ot-network-traffic-analysis-with-nozomi"},{"name":"implementing-pam-for-database-access","description":"Deploy privileged access management for database systems including Oracle,","domain":"cybersecurity","path":"skills/implementing-pam-for-database-access"},{"name":"implementing-passwordless-auth-with-microsoft-entra","description":"'Implements passwordless authentication using Microsoft Entra ID with","domain":"cybersecurity","path":"skills/implementing-passwordless-auth-with-microsoft-entra"},{"name":"implementing-passwordless-authentication-with-fido2","description":"Deploy FIDO2/WebAuthn passwordless authentication using security keys","domain":"cybersecurity","path":"skills/implementing-passwordless-authentication-with-fido2"},{"name":"implementing-patch-management-for-ot-systems","description":"'This skill covers implementing a structured patch management program","domain":"cybersecurity","path":"skills/implementing-patch-management-for-ot-systems"},{"name":"implementing-patch-management-workflow","description":"Patch management is the systematic process of identifying, testing, deploying,","domain":"cybersecurity","path":"skills/implementing-patch-management-workflow"},{"name":"implementing-pci-dss-compliance-controls","description":"PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives","domain":"cybersecurity","path":"skills/implementing-pci-dss-compliance-controls"},{"name":"implementing-pod-security-admission-controller","description":"Implement Kubernetes Pod Security Admission to enforce baseline and restricted","domain":"cybersecurity","path":"skills/implementing-pod-security-admission-controller"},{"name":"implementing-policy-as-code-with-open-policy-agent","description":"'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper","domain":"cybersecurity","path":"skills/implementing-policy-as-code-with-open-policy-agent"},{"name":"implementing-privileged-access-management-with-cyberark","description":"Deploy CyberArk Privileged Access Management to discover, vault, rotate,","domain":"cybersecurity","path":"skills/implementing-privileged-access-management-with-cyberark"},{"name":"implementing-privileged-access-workstation","description":"Design and implement Privileged Access Workstations (PAWs) with device","domain":"cybersecurity","path":"skills/implementing-privileged-access-workstation"},{"name":"implementing-privileged-session-monitoring","description":"'Implements privileged session monitoring and recording using Privileged","domain":"cybersecurity","path":"skills/implementing-privileged-session-monitoring"},{"name":"implementing-proofpoint-email-security-gateway","description":"Deploy and configure Proofpoint Email Protection as a secure email gateway","domain":"cybersecurity","path":"skills/implementing-proofpoint-email-security-gateway"},{"name":"implementing-purdue-model-network-segmentation","description":"'Implement network segmentation based on the Purdue Enterprise Reference","domain":"cybersecurity","path":"skills/implementing-purdue-model-network-segmentation"},{"name":"implementing-ransomware-backup-strategy","description":"'Designs and implements a ransomware-resilient backup strategy following","domain":"cybersecurity","path":"skills/implementing-ransomware-backup-strategy"},{"name":"implementing-ransomware-kill-switch-detection","description":"'Detects and exploits ransomware kill switch mechanisms including mutex-based","domain":"cybersecurity","path":"skills/implementing-ransomware-kill-switch-detection"},{"name":"implementing-rapid7-insightvm-for-scanning","description":"Deploy and configure Rapid7 InsightVM Security Console and Scan Engines","domain":"cybersecurity","path":"skills/implementing-rapid7-insightvm-for-scanning"},{"name":"implementing-rbac-hardening-for-kubernetes","description":"Harden Kubernetes Role-Based Access Control by implementing least-privilege","domain":"cybersecurity","path":"skills/implementing-rbac-hardening-for-kubernetes"},{"name":"implementing-rsa-key-pair-management","description":"RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic","domain":"cybersecurity","path":"skills/implementing-rsa-key-pair-management"},{"name":"implementing-runtime-application-self-protection","description":"Deploy Runtime Application Self-Protection (RASP) agents to detect and","domain":"cybersecurity","path":"skills/implementing-runtime-application-self-protection"},{"name":"implementing-runtime-security-with-tetragon","description":"Implement eBPF-based runtime security observability and enforcement in","domain":"cybersecurity","path":"skills/implementing-runtime-security-with-tetragon"},{"name":"implementing-saml-sso-with-okta","description":"Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider","domain":"cybersecurity","path":"skills/implementing-saml-sso-with-okta"},{"name":"implementing-scim-provisioning-with-okta","description":"Implement automated user provisioning and deprovisioning using SCIM 2.0","domain":"cybersecurity","path":"skills/implementing-scim-provisioning-with-okta"},{"name":"implementing-secret-scanning-with-gitleaks","description":"'This skill covers implementing Gitleaks for detecting and preventing","domain":"cybersecurity","path":"skills/implementing-secret-scanning-with-gitleaks"},{"name":"implementing-secrets-management-with-vault","description":"'This skill covers deploying HashiCorp Vault for centralized secrets","domain":"cybersecurity","path":"skills/implementing-secrets-management-with-vault"},{"name":"implementing-secrets-scanning-in-ci-cd","description":"Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked","domain":"cybersecurity","path":"skills/implementing-secrets-scanning-in-ci-cd"},{"name":"implementing-security-chaos-engineering","description":"'Implements security chaos engineering experiments that deliberately","domain":"cybersecurity","path":"skills/implementing-security-chaos-engineering"},{"name":"implementing-security-information-sharing-with-stix2","description":"'Create, validate, and share STIX 2.1 threat intelligence objects using","domain":"cybersecurity","path":"skills/implementing-security-information-sharing-with-stix2"},{"name":"implementing-security-monitoring-with-datadog","description":"'Implements security monitoring using Datadog Cloud SIEM, Cloud Security","domain":"cybersecurity","path":"skills/implementing-security-monitoring-with-datadog"},{"name":"implementing-semgrep-for-custom-sast-rules","description":"Write custom Semgrep SAST rules in YAML to detect application-specific","domain":"cybersecurity","path":"skills/implementing-semgrep-for-custom-sast-rules"},{"name":"implementing-siem-correlation-rules-for-apt","description":"Write multi-event correlation rules that detect APT lateral movement","domain":"cybersecurity","path":"skills/implementing-siem-correlation-rules-for-apt"},{"name":"implementing-siem-use-case-tuning","description":"Tune SIEM detection rules to reduce false positives by analyzing alert","domain":"cybersecurity","path":"skills/implementing-siem-use-case-tuning"},{"name":"implementing-siem-use-cases-for-detection","description":"'Implements SIEM detection use cases by designing correlation rules,","domain":"cybersecurity","path":"skills/implementing-siem-use-cases-for-detection"},{"name":"implementing-sigstore-for-software-signing","description":"'Implements Sigstore-based software signing and verification using Cosign","domain":"cybersecurity","path":"skills/implementing-sigstore-for-software-signing"},{"name":"implementing-soar-automation-with-phantom","description":"'Implements Security Orchestration, Automation, and Response (SOAR) workflows","domain":"cybersecurity","path":"skills/implementing-soar-automation-with-phantom"},{"name":"implementing-soar-playbook-for-phishing","description":"Automate phishing incident response using Splunk SOAR REST API to create","domain":"cybersecurity","path":"skills/implementing-soar-playbook-for-phishing"},{"name":"implementing-soar-playbook-with-palo-alto-xsoar","description":"Implement automated incident response playbooks in Cortex XSOAR to orchestrate","domain":"cybersecurity","path":"skills/implementing-soar-playbook-with-palo-alto-xsoar"},{"name":"implementing-stix-taxii-feed-integration","description":"STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated","domain":"cybersecurity","path":"skills/implementing-stix-taxii-feed-integration"},{"name":"implementing-supply-chain-security-with-in-toto","description":"Implement software supply chain integrity verification for container","domain":"cybersecurity","path":"skills/implementing-supply-chain-security-with-in-toto"},{"name":"implementing-syslog-centralization-with-rsyslog","description":"Configure rsyslog for centralized log collection with TLS encryption,","domain":"cybersecurity","path":"skills/implementing-syslog-centralization-with-rsyslog"},{"name":"implementing-taxii-server-with-opentaxii","description":"Deploy and configure an OpenTAXII server to share and consume STIX-formatted","domain":"cybersecurity","path":"skills/implementing-taxii-server-with-opentaxii"},{"name":"implementing-threat-intelligence-lifecycle-management","description":"Implement a structured threat intelligence lifecycle encompassing planning,","domain":"cybersecurity","path":"skills/implementing-threat-intelligence-lifecycle-management"},{"name":"implementing-threat-modeling-with-mitre-attack","description":"'Implements threat modeling using the MITRE ATT&CK framework to map adversary","domain":"cybersecurity","path":"skills/implementing-threat-modeling-with-mitre-attack"},{"name":"implementing-ticketing-system-for-incidents","description":"'Implements an integrated incident ticketing system connecting SIEM alerts","domain":"cybersecurity","path":"skills/implementing-ticketing-system-for-incidents"},{"name":"implementing-usb-device-control-policy","description":"'Implements USB device control policies to restrict unauthorized removable","domain":"cybersecurity","path":"skills/implementing-usb-device-control-policy"},{"name":"implementing-velociraptor-for-ir-collection","description":"Deploy and configure Velociraptor for scalable endpoint forensic artifact","domain":"cybersecurity","path":"skills/implementing-velociraptor-for-ir-collection"},{"name":"implementing-vulnerability-management-with-greenbone","description":"Deploy and operate Greenbone/OpenVAS vulnerability management using the","domain":"cybersecurity","path":"skills/implementing-vulnerability-management-with-greenbone"},{"name":"implementing-vulnerability-remediation-sla","description":"Vulnerability remediation SLAs define mandatory timeframes for patching","domain":"cybersecurity","path":"skills/implementing-vulnerability-remediation-sla"},{"name":"implementing-vulnerability-sla-breach-alerting","description":"Build automated alerting for vulnerability remediation SLA breaches with","domain":"cybersecurity","path":"skills/implementing-vulnerability-sla-breach-alerting"},{"name":"implementing-web-application-logging-with-modsecurity","description":"'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application","domain":"cybersecurity","path":"skills/implementing-web-application-logging-with-modsecurity"},{"name":"implementing-zero-knowledge-proof-for-authentication","description":"Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge","domain":"cybersecurity","path":"skills/implementing-zero-knowledge-proof-for-authentication"},{"name":"implementing-zero-standing-privilege-with-cyberark","description":"Deploy CyberArk Secure Cloud Access to eliminate standing privileges","domain":"cybersecurity","path":"skills/implementing-zero-standing-privilege-with-cyberark"},{"name":"implementing-zero-trust-dns-with-nextdns","description":"Implement NextDNS as a zero trust DNS filtering layer with encrypted","domain":"cybersecurity","path":"skills/implementing-zero-trust-dns-with-nextdns"},{"name":"implementing-zero-trust-for-saas-applications","description":"'Implementing zero trust access controls for SaaS applications using","domain":"cybersecurity","path":"skills/implementing-zero-trust-for-saas-applications"},{"name":"implementing-zero-trust-in-cloud","description":"'This skill guides organizations through implementing zero trust architecture","domain":"cybersecurity","path":"skills/implementing-zero-trust-in-cloud"},{"name":"implementing-zero-trust-network-access","description":"'Implementing Zero Trust Network Access (ZTNA) in cloud environments","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access"},{"name":"implementing-zero-trust-network-access-with-zscaler","description":"Implement Zero Trust Network Access using Zscaler Private Access (ZPA)","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access-with-zscaler"},{"name":"implementing-zero-trust-with-beyondcorp","description":"Deploy Google BeyondCorp Enterprise zero trust access controls using","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-beyondcorp"},{"name":"implementing-zero-trust-with-hashicorp-boundary","description":"Implement HashiCorp Boundary for identity-aware zero trust infrastructure","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-hashicorp-boundary"},{"name":"integrating-dast-with-owasp-zap-in-pipeline","description":"'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic","domain":"cybersecurity","path":"skills/integrating-dast-with-owasp-zap-in-pipeline"},{"name":"integrating-sast-into-github-actions-pipeline","description":"'This skill covers integrating Static Application Security Testing (SAST)","domain":"cybersecurity","path":"skills/integrating-sast-into-github-actions-pipeline"},{"name":"intercepting-mobile-traffic-with-burpsuite","description":"'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications","domain":"cybersecurity","path":"skills/intercepting-mobile-traffic-with-burpsuite"},{"name":"investigating-insider-threat-indicators","description":"'Investigates insider threat indicators including data exfiltration attempts,","domain":"cybersecurity","path":"skills/investigating-insider-threat-indicators"},{"name":"investigating-phishing-email-incident","description":"'Investigates phishing email incidents from initial user report through","domain":"cybersecurity","path":"skills/investigating-phishing-email-incident"},{"name":"investigating-ransomware-attack-artifacts","description":"Identify, collect, and analyze ransomware attack artifacts to determine","domain":"cybersecurity","path":"skills/investigating-ransomware-attack-artifacts"},{"name":"managing-cloud-identity-with-okta","description":"'This skill covers implementing Okta as a centralized identity provider","domain":"cybersecurity","path":"skills/managing-cloud-identity-with-okta"},{"name":"managing-intelligence-lifecycle","description":"'Manages the end-to-end cyber threat intelligence lifecycle from planning","domain":"cybersecurity","path":"skills/managing-intelligence-lifecycle"},{"name":"mapping-mitre-attack-techniques","description":"'Maps observed adversary behaviors, security alerts, and detection rules","domain":"cybersecurity","path":"skills/mapping-mitre-attack-techniques"},{"name":"monitoring-darkweb-sources","description":"'Monitors dark web forums, marketplaces, paste sites, and ransomware","domain":"cybersecurity","path":"skills/monitoring-darkweb-sources"},{"name":"monitoring-scada-modbus-traffic-anomalies","description":"'Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous","domain":"cybersecurity","path":"skills/monitoring-scada-modbus-traffic-anomalies"},{"name":"performing-access-recertification-with-saviynt","description":"Configure and execute access recertification campaigns in Saviynt Enterprise","domain":"cybersecurity","path":"skills/performing-access-recertification-with-saviynt"},{"name":"performing-access-review-and-certification","description":"Conduct systematic access reviews and certifications to ensure users","domain":"cybersecurity","path":"skills/performing-access-review-and-certification"},{"name":"performing-active-directory-bloodhound-analysis","description":"Use BloodHound and SharpHound to enumerate Active Directory relationships","domain":"cybersecurity","path":"skills/performing-active-directory-bloodhound-analysis"},{"name":"performing-active-directory-compromise-investigation","description":"Investigate Active Directory compromise by analyzing authentication logs,","domain":"cybersecurity","path":"skills/performing-active-directory-compromise-investigation"},{"name":"performing-active-directory-forest-trust-attack","description":"Enumerate and audit Active Directory forest trust relationships using","domain":"cybersecurity","path":"skills/performing-active-directory-forest-trust-attack"},{"name":"performing-active-directory-penetration-test","description":"Conduct a focused Active Directory penetration test to enumerate domain","domain":"cybersecurity","path":"skills/performing-active-directory-penetration-test"},{"name":"performing-active-directory-vulnerability-assessment","description":"Assess Active Directory security posture using PingCastle, BloodHound,","domain":"cybersecurity","path":"skills/performing-active-directory-vulnerability-assessment"},{"name":"performing-adversary-in-the-middle-phishing-detection","description":"Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks","domain":"cybersecurity","path":"skills/performing-adversary-in-the-middle-phishing-detection"},{"name":"performing-agentless-vulnerability-scanning","description":"Configure and execute agentless vulnerability scanning using network","domain":"cybersecurity","path":"skills/performing-agentless-vulnerability-scanning"},{"name":"performing-ai-driven-osint-correlation","description":"Use AI and LLM-based reasoning to correlate findings across multiple","domain":"cybersecurity","path":"skills/performing-ai-driven-osint-correlation"},{"name":"performing-alert-triage-with-elastic-siem","description":"Perform systematic alert triage in Elastic Security SIEM to rapidly classify,","domain":"cybersecurity","path":"skills/performing-alert-triage-with-elastic-siem"},{"name":"performing-android-app-static-analysis-with-mobsf","description":"'Performs automated static analysis of Android applications using Mobile","domain":"cybersecurity","path":"skills/performing-android-app-static-analysis-with-mobsf"},{"name":"performing-api-fuzzing-with-restler","description":"'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically","domain":"cybersecurity","path":"skills/performing-api-fuzzing-with-restler"},{"name":"performing-api-inventory-and-discovery","description":"'Performs API inventory and discovery to identify all API endpoints in","domain":"cybersecurity","path":"skills/performing-api-inventory-and-discovery"},{"name":"performing-api-rate-limiting-bypass","description":"'Tests API rate limiting implementations for bypass vulnerabilities by","domain":"cybersecurity","path":"skills/performing-api-rate-limiting-bypass"},{"name":"performing-api-security-testing-with-postman","description":"'Uses Postman to perform structured API security testing by building","domain":"cybersecurity","path":"skills/performing-api-security-testing-with-postman"},{"name":"performing-arp-spoofing-attack-simulation","description":"'Simulates ARP spoofing attacks in authorized lab or pentest environments","domain":"cybersecurity","path":"skills/performing-arp-spoofing-attack-simulation"},{"name":"performing-asset-criticality-scoring-for-vulns","description":"Develop and apply a multi-factor asset criticality scoring model to weight","domain":"cybersecurity","path":"skills/performing-asset-criticality-scoring-for-vulns"},{"name":"performing-authenticated-scan-with-openvas","description":"Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone","domain":"cybersecurity","path":"skills/performing-authenticated-scan-with-openvas"},{"name":"performing-authenticated-vulnerability-scan","description":"Authenticated (credentialed) vulnerability scanning uses valid system","domain":"cybersecurity","path":"skills/performing-authenticated-vulnerability-scan"},{"name":"performing-automated-malware-analysis-with-cape","description":"Deploy and operate CAPEv2 sandbox for automated malware analysis with","domain":"cybersecurity","path":"skills/performing-automated-malware-analysis-with-cape"},{"name":"performing-aws-account-enumeration-with-scout-suite","description":"Perform comprehensive security posture assessment of AWS accounts using","domain":"cybersecurity","path":"skills/performing-aws-account-enumeration-with-scout-suite"},{"name":"performing-aws-privilege-escalation-assessment","description":"'Performing authorized privilege escalation assessments in AWS environments","domain":"cybersecurity","path":"skills/performing-aws-privilege-escalation-assessment"},{"name":"performing-bandwidth-throttling-attack-simulation","description":"'Simulates bandwidth throttling and network degradation attacks using","domain":"cybersecurity","path":"skills/performing-bandwidth-throttling-attack-simulation"},{"name":"performing-binary-exploitation-analysis","description":"'Analyze binary exploitation techniques including buffer overflows and","domain":"cybersecurity","path":"skills/performing-binary-exploitation-analysis"},{"name":"performing-blind-ssrf-exploitation","description":"Detect and exploit blind Server-Side Request Forgery vulnerabilities","domain":"cybersecurity","path":"skills/performing-blind-ssrf-exploitation"},{"name":"performing-bluetooth-security-assessment","description":"Assess Bluetooth Low Energy device security by scanning, enumerating","domain":"cybersecurity","path":"skills/performing-bluetooth-security-assessment"},{"name":"performing-brand-monitoring-for-impersonation","description":"Monitor for brand impersonation attacks across domains, social media,","domain":"cybersecurity","path":"skills/performing-brand-monitoring-for-impersonation"},{"name":"performing-clickjacking-attack-test","description":"Testing web applications for clickjacking vulnerabilities by assessing","domain":"cybersecurity","path":"skills/performing-clickjacking-attack-test"},{"name":"performing-cloud-asset-inventory-with-cartography","description":"Perform comprehensive cloud asset inventory and relationship mapping","domain":"cybersecurity","path":"skills/performing-cloud-asset-inventory-with-cartography"},{"name":"performing-cloud-forensics-investigation","description":"Conduct forensic investigations in cloud environments by collecting and","domain":"cybersecurity","path":"skills/performing-cloud-forensics-investigation"},{"name":"performing-cloud-forensics-with-aws-cloudtrail","description":"Perform forensic investigation of AWS environments using CloudTrail logs","domain":"cybersecurity","path":"skills/performing-cloud-forensics-with-aws-cloudtrail"},{"name":"performing-cloud-incident-containment-procedures","description":"Execute cloud-native incident containment across AWS, Azure, and GCP","domain":"cybersecurity","path":"skills/performing-cloud-incident-containment-procedures"},{"name":"performing-cloud-log-forensics-with-athena","description":"'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs,","domain":"cybersecurity","path":"skills/performing-cloud-log-forensics-with-athena"},{"name":"performing-cloud-native-forensics-with-falco","description":"'Uses Falco YAML rules for runtime threat detection in containers and","domain":"cybersecurity","path":"skills/performing-cloud-native-forensics-with-falco"},{"name":"performing-cloud-native-threat-hunting-with-aws-detective","description":"Hunt for threats in AWS environments using Detective behavior graphs,","domain":"cybersecurity","path":"skills/performing-cloud-native-threat-hunting-with-aws-detective"},{"name":"performing-cloud-penetration-testing-with-pacu","description":"'Performing authorized AWS penetration testing using Pacu, the open-source","domain":"cybersecurity","path":"skills/performing-cloud-penetration-testing-with-pacu"},{"name":"performing-cloud-storage-forensic-acquisition","description":"Perform forensic acquisition and analysis of cloud storage services including","domain":"cybersecurity","path":"skills/performing-cloud-storage-forensic-acquisition"},{"name":"performing-container-escape-detection","description":"'Detects container escape attempts by analyzing namespace configurations,","domain":"cybersecurity","path":"skills/performing-container-escape-detection"},{"name":"performing-container-image-hardening","description":"'This skill covers hardening container images by minimizing attack surface,","domain":"cybersecurity","path":"skills/performing-container-image-hardening"},{"name":"performing-container-security-scanning-with-trivy","description":"Scan container images, filesystems, and Kubernetes manifests for vulnerabilities,","domain":"cybersecurity","path":"skills/performing-container-security-scanning-with-trivy"},{"name":"performing-content-security-policy-bypass","description":"Analyze and bypass Content Security Policy implementations to achieve","domain":"cybersecurity","path":"skills/performing-content-security-policy-bypass"},{"name":"performing-credential-access-with-lazagne","description":"Extract stored credentials from compromised endpoints using the LaZagne","domain":"cybersecurity","path":"skills/performing-credential-access-with-lazagne"},{"name":"performing-cryptographic-audit-of-application","description":"A cryptographic audit systematically reviews an application's use of","domain":"cybersecurity","path":"skills/performing-cryptographic-audit-of-application"},{"name":"performing-csrf-attack-simulation","description":"Testing web applications for Cross-Site Request Forgery vulnerabilities","domain":"cybersecurity","path":"skills/performing-csrf-attack-simulation"},{"name":"performing-cve-prioritization-with-kev-catalog","description":"Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS","domain":"cybersecurity","path":"skills/performing-cve-prioritization-with-kev-catalog"},{"name":"performing-dark-web-monitoring-for-threats","description":"Dark web monitoring involves systematically scanning Tor hidden services,","domain":"cybersecurity","path":"skills/performing-dark-web-monitoring-for-threats"},{"name":"performing-deception-technology-deployment","description":"'Deploys deception technology including honeypots, honeytokens, and decoy","domain":"cybersecurity","path":"skills/performing-deception-technology-deployment"},{"name":"performing-directory-traversal-testing","description":"Testing web applications for path traversal vulnerabilities that allow","domain":"cybersecurity","path":"skills/performing-directory-traversal-testing"},{"name":"performing-disk-forensics-investigation","description":"'Conducts disk forensics investigations using forensic imaging, file","domain":"cybersecurity","path":"skills/performing-disk-forensics-investigation"},{"name":"performing-dmarc-policy-enforcement-rollout","description":"Execute a phased DMARC rollout from p=none monitoring through p=quarantine","domain":"cybersecurity","path":"skills/performing-dmarc-policy-enforcement-rollout"},{"name":"performing-dns-enumeration-and-zone-transfer","description":"'Enumerates DNS records, attempts zone transfers, brute-forces subdomains,","domain":"cybersecurity","path":"skills/performing-dns-enumeration-and-zone-transfer"},{"name":"performing-dns-tunneling-detection","description":"'Detects DNS tunneling by computing Shannon entropy of DNS query names,","domain":"cybersecurity","path":"skills/performing-dns-tunneling-detection"},{"name":"performing-docker-bench-security-assessment","description":"Docker Bench for Security is an open-source script that checks dozens","domain":"cybersecurity","path":"skills/performing-docker-bench-security-assessment"},{"name":"performing-dynamic-analysis-of-android-app","description":"'Performs runtime dynamic analysis of Android applications using Frida,","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-of-android-app"},{"name":"performing-dynamic-analysis-with-any-run","description":"'Performs interactive dynamic malware analysis using the ANY.RUN cloud","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-with-any-run"},{"name":"performing-endpoint-forensics-investigation","description":"'Performs digital forensics investigation on compromised endpoints including","domain":"cybersecurity","path":"skills/performing-endpoint-forensics-investigation"},{"name":"performing-endpoint-vulnerability-remediation","description":"'Performs vulnerability remediation on endpoints by prioritizing CVEs","domain":"cybersecurity","path":"skills/performing-endpoint-vulnerability-remediation"},{"name":"performing-entitlement-review-with-sailpoint-iiq","description":"'Performs entitlement review and access certification campaigns using","domain":"cybersecurity","path":"skills/performing-entitlement-review-with-sailpoint-iiq"},{"name":"performing-external-network-penetration-test","description":"Conduct a comprehensive external network penetration test to identify","domain":"cybersecurity","path":"skills/performing-external-network-penetration-test"},{"name":"performing-false-positive-reduction-in-siem","description":"Perform systematic SIEM false positive reduction through rule tuning,","domain":"cybersecurity","path":"skills/performing-false-positive-reduction-in-siem"},{"name":"performing-file-carving-with-foremost","description":"Recover files from disk images and unallocated space using Foremost's","domain":"cybersecurity","path":"skills/performing-file-carving-with-foremost"},{"name":"performing-firmware-extraction-with-binwalk","description":"'Performs firmware image extraction and analysis using binwalk to identify","domain":"cybersecurity","path":"skills/performing-firmware-extraction-with-binwalk"},{"name":"performing-firmware-malware-analysis","description":"'Analyzes firmware images for embedded malware, backdoors, and unauthorized","domain":"cybersecurity","path":"skills/performing-firmware-malware-analysis"},{"name":"performing-fuzzing-with-aflplusplus","description":"'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American","domain":"cybersecurity","path":"skills/performing-fuzzing-with-aflplusplus"},{"name":"performing-gcp-penetration-testing-with-gcpbucketbrute","description":"Perform GCP security testing using GCPBucketBrute for storage bucket","domain":"cybersecurity","path":"skills/performing-gcp-penetration-testing-with-gcpbucketbrute"},{"name":"performing-gcp-security-assessment-with-forseti","description":"'Performing comprehensive security assessments of Google Cloud Platform","domain":"cybersecurity","path":"skills/performing-gcp-security-assessment-with-forseti"},{"name":"performing-graphql-depth-limit-attack","description":"Execute and test GraphQL depth limit attacks using deeply nested recursive","domain":"cybersecurity","path":"skills/performing-graphql-depth-limit-attack"},{"name":"performing-graphql-introspection-attack","description":"'Performs GraphQL introspection attacks to extract the full API schema","domain":"cybersecurity","path":"skills/performing-graphql-introspection-attack"},{"name":"performing-graphql-security-assessment","description":"Assessing GraphQL API endpoints for introspection leaks, injection attacks,","domain":"cybersecurity","path":"skills/performing-graphql-security-assessment"},{"name":"performing-hardware-security-module-integration","description":"Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for","domain":"cybersecurity","path":"skills/performing-hardware-security-module-integration"},{"name":"performing-hash-cracking-with-hashcat","description":"Hash cracking is an essential skill for penetration testers and security","domain":"cybersecurity","path":"skills/performing-hash-cracking-with-hashcat"},{"name":"performing-http-parameter-pollution-attack","description":"Execute HTTP Parameter Pollution attacks to bypass input validation,","domain":"cybersecurity","path":"skills/performing-http-parameter-pollution-attack"},{"name":"performing-ics-asset-discovery-with-claroty","description":"'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform,","domain":"cybersecurity","path":"skills/performing-ics-asset-discovery-with-claroty"},{"name":"performing-indicator-lifecycle-management","description":"Indicator lifecycle management tracks IOCs from initial discovery through","domain":"cybersecurity","path":"skills/performing-indicator-lifecycle-management"},{"name":"performing-initial-access-with-evilginx3","description":"Perform authorized initial access using EvilGinx3 adversary-in-the-middle","domain":"cybersecurity","path":"skills/performing-initial-access-with-evilginx3"},{"name":"performing-insider-threat-investigation","description":"'Investigates insider threat incidents involving employees, contractors,","domain":"cybersecurity","path":"skills/performing-insider-threat-investigation"},{"name":"performing-ioc-enrichment-automation","description":"'Automates Indicator of Compromise (IOC) enrichment by orchestrating","domain":"cybersecurity","path":"skills/performing-ioc-enrichment-automation"},{"name":"performing-ios-app-security-assessment","description":"'Performs comprehensive iOS application security assessments using Frida","domain":"cybersecurity","path":"skills/performing-ios-app-security-assessment"},{"name":"performing-iot-security-assessment","description":"'Performs comprehensive security assessments of IoT devices and their","domain":"cybersecurity","path":"skills/performing-iot-security-assessment"},{"name":"performing-ip-reputation-analysis-with-shodan","description":"Analyze IP address reputation using the Shodan API to identify open ports,","domain":"cybersecurity","path":"skills/performing-ip-reputation-analysis-with-shodan"},{"name":"performing-jwt-none-algorithm-attack","description":"Execute and test the JWT none algorithm attack to bypass signature verification","domain":"cybersecurity","path":"skills/performing-jwt-none-algorithm-attack"},{"name":"performing-kerberoasting-attack","description":"Kerberoasting is a post-exploitation technique that targets service accounts","domain":"cybersecurity","path":"skills/performing-kerberoasting-attack"},{"name":"performing-kubernetes-cis-benchmark-with-kube-bench","description":"Audit Kubernetes cluster security posture against CIS benchmarks using","domain":"cybersecurity","path":"skills/performing-kubernetes-cis-benchmark-with-kube-bench"},{"name":"performing-kubernetes-etcd-security-assessment","description":"Assess the security posture of Kubernetes etcd clusters by evaluating","domain":"cybersecurity","path":"skills/performing-kubernetes-etcd-security-assessment"},{"name":"performing-kubernetes-penetration-testing","description":"Kubernetes penetration testing systematically evaluates cluster security","domain":"cybersecurity","path":"skills/performing-kubernetes-penetration-testing"},{"name":"performing-lateral-movement-detection","description":"'Detects lateral movement techniques including Pass-the-Hash, PsExec,","domain":"cybersecurity","path":"skills/performing-lateral-movement-detection"},{"name":"performing-lateral-movement-with-wmiexec","description":"Perform lateral movement across Windows networks using WMI-based remote","domain":"cybersecurity","path":"skills/performing-lateral-movement-with-wmiexec"},{"name":"performing-linux-log-forensics-investigation","description":"Perform forensic investigation of Linux system logs including syslog,","domain":"cybersecurity","path":"skills/performing-linux-log-forensics-investigation"},{"name":"performing-log-analysis-for-forensic-investigation","description":"Collect, parse, and correlate system, application, and security logs","domain":"cybersecurity","path":"skills/performing-log-analysis-for-forensic-investigation"},{"name":"performing-log-source-onboarding-in-siem","description":"Perform structured log source onboarding into SIEM platforms by configuring","domain":"cybersecurity","path":"skills/performing-log-source-onboarding-in-siem"},{"name":"performing-malware-hash-enrichment-with-virustotal","description":"Enrich malware file hashes using the VirusTotal API to retrieve detection","domain":"cybersecurity","path":"skills/performing-malware-hash-enrichment-with-virustotal"},{"name":"performing-malware-ioc-extraction","description":"Malware IOC extraction is the process of analyzing malicious software","domain":"cybersecurity","path":"skills/performing-malware-ioc-extraction"},{"name":"performing-malware-persistence-investigation","description":"Systematically investigate all persistence mechanisms on Windows and","domain":"cybersecurity","path":"skills/performing-malware-persistence-investigation"},{"name":"performing-malware-triage-with-yara","description":"'Performs rapid malware triage and classification using YARA rules to","domain":"cybersecurity","path":"skills/performing-malware-triage-with-yara"},{"name":"performing-memory-forensics-with-volatility3","description":"Analyze volatile memory dumps using Volatility 3 to extract running processes,","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3"},{"name":"performing-memory-forensics-with-volatility3-plugins","description":"Analyze memory dumps using Volatility3 plugins to detect injected code,","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3-plugins"},{"name":"performing-mobile-app-certificate-pinning-bypass","description":"'Bypasses SSL/TLS certificate pinning implementations in Android and","domain":"cybersecurity","path":"skills/performing-mobile-app-certificate-pinning-bypass"},{"name":"performing-mobile-device-forensics-with-cellebrite","description":"Acquire and analyze mobile device data using Cellebrite UFED and open-source","domain":"cybersecurity","path":"skills/performing-mobile-device-forensics-with-cellebrite"},{"name":"performing-network-forensics-with-wireshark","description":"Capture and analyze network traffic using Wireshark and tshark to reconstruct","domain":"cybersecurity","path":"skills/performing-network-forensics-with-wireshark"},{"name":"performing-network-packet-capture-analysis","description":"Perform forensic analysis of network packet captures (PCAP/PCAPNG) using","domain":"cybersecurity","path":"skills/performing-network-packet-capture-analysis"},{"name":"performing-network-traffic-analysis-with-tshark","description":"Automate network traffic analysis using tshark and pyshark for protocol","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-tshark"},{"name":"performing-network-traffic-analysis-with-zeek","description":"Deploy Zeek network security monitor to capture, parse, and analyze network","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-zeek"},{"name":"performing-nist-csf-maturity-assessment","description":"The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024,","domain":"cybersecurity","path":"skills/performing-nist-csf-maturity-assessment"},{"name":"performing-oauth-scope-minimization-review","description":"'Performs OAuth 2.0 scope minimization review to identify over-permissioned","domain":"cybersecurity","path":"skills/performing-oauth-scope-minimization-review"},{"name":"performing-oil-gas-cybersecurity-assessment","description":"'This skill covers conducting cybersecurity assessments specific to oil","domain":"cybersecurity","path":"skills/performing-oil-gas-cybersecurity-assessment"},{"name":"performing-open-source-intelligence-gathering","description":"Open Source Intelligence (OSINT) gathering is the first active phase","domain":"cybersecurity","path":"skills/performing-open-source-intelligence-gathering"},{"name":"performing-osint-with-spiderfoot","description":"Automate OSINT collection using SpiderFoot REST API and CLI for target","domain":"cybersecurity","path":"skills/performing-osint-with-spiderfoot"},{"name":"performing-ot-network-security-assessment","description":"'This skill covers conducting comprehensive security assessments of Operational","domain":"cybersecurity","path":"skills/performing-ot-network-security-assessment"},{"name":"performing-ot-vulnerability-assessment-with-claroty","description":"'This skill covers performing vulnerability assessments in OT environments","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-assessment-with-claroty"},{"name":"performing-ot-vulnerability-scanning-safely","description":"'Perform vulnerability scanning in OT/ICS environments safely using passive","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-scanning-safely"},{"name":"performing-packet-injection-attack","description":"'Crafts and injects custom network packets using Scapy, hping3, and Nemesis","domain":"cybersecurity","path":"skills/performing-packet-injection-attack"},{"name":"performing-paste-site-monitoring-for-credentials","description":"Monitor paste sites like Pastebin and GitHub Gists for leaked credentials,","domain":"cybersecurity","path":"skills/performing-paste-site-monitoring-for-credentials"},{"name":"performing-phishing-simulation-with-gophish","description":"GoPhish is an open-source phishing simulation framework used by security","domain":"cybersecurity","path":"skills/performing-phishing-simulation-with-gophish"},{"name":"performing-physical-intrusion-assessment","description":"Conduct authorized physical penetration testing using tailgating, badge","domain":"cybersecurity","path":"skills/performing-physical-intrusion-assessment"},{"name":"performing-plc-firmware-security-analysis","description":"'This skill covers analyzing Programmable Logic Controller (PLC) firmware","domain":"cybersecurity","path":"skills/performing-plc-firmware-security-analysis"},{"name":"performing-post-quantum-cryptography-migration","description":"'Assesses organizational readiness for post-quantum cryptography migration","domain":"cybersecurity","path":"skills/performing-post-quantum-cryptography-migration"},{"name":"performing-power-grid-cybersecurity-assessment","description":"'This skill covers conducting cybersecurity assessments of electric power","domain":"cybersecurity","path":"skills/performing-power-grid-cybersecurity-assessment"},{"name":"performing-privacy-impact-assessment","description":"'Automates the Privacy Impact Assessment (PIA) workflow including data","domain":"cybersecurity","path":"skills/performing-privacy-impact-assessment"},{"name":"performing-privilege-escalation-assessment","description":"'Performs privilege escalation assessments on compromised Linux and Windows","domain":"cybersecurity","path":"skills/performing-privilege-escalation-assessment"},{"name":"performing-privilege-escalation-on-linux","description":"Linux privilege escalation involves elevating from a low-privilege user","domain":"cybersecurity","path":"skills/performing-privilege-escalation-on-linux"},{"name":"performing-privileged-account-access-review","description":"Conduct systematic reviews of privileged accounts to validate access","domain":"cybersecurity","path":"skills/performing-privileged-account-access-review"},{"name":"performing-privileged-account-discovery","description":"Discover and inventory all privileged accounts across enterprise infrastructure","domain":"cybersecurity","path":"skills/performing-privileged-account-discovery"},{"name":"performing-purple-team-atomic-testing","description":"'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs","domain":"cybersecurity","path":"skills/performing-purple-team-atomic-testing"},{"name":"performing-purple-team-exercise","description":"'Performs purple team exercises by coordinating red team adversary emulation","domain":"cybersecurity","path":"skills/performing-purple-team-exercise"},{"name":"performing-ransomware-response","description":"'Executes a structured ransomware incident response from initial detection","domain":"cybersecurity","path":"skills/performing-ransomware-response"},{"name":"performing-ransomware-tabletop-exercise","description":"'Plans and facilitates tabletop exercises simulating ransomware incidents","domain":"cybersecurity","path":"skills/performing-ransomware-tabletop-exercise"},{"name":"performing-red-team-phishing-with-gophish","description":"Automate GoPhish phishing simulation campaigns using the Python gophish","domain":"cybersecurity","path":"skills/performing-red-team-phishing-with-gophish"},{"name":"performing-red-team-with-covenant","description":"Conduct red team operations using the Covenant C2 framework for authorized","domain":"cybersecurity","path":"skills/performing-red-team-with-covenant"},{"name":"performing-s7comm-protocol-security-analysis","description":"'Perform security analysis of Siemens S7comm and S7CommPlus protocols","domain":"cybersecurity","path":"skills/performing-s7comm-protocol-security-analysis"},{"name":"performing-sca-dependency-scanning-with-snyk","description":"'This skill covers implementing Software Composition Analysis (SCA) using","domain":"cybersecurity","path":"skills/performing-sca-dependency-scanning-with-snyk"},{"name":"performing-scada-hmi-security-assessment","description":"'Perform security assessments of SCADA Human-Machine Interface (HMI)","domain":"cybersecurity","path":"skills/performing-scada-hmi-security-assessment"},{"name":"performing-second-order-sql-injection","description":"Detect and exploit second-order SQL injection vulnerabilities where malicious","domain":"cybersecurity","path":"skills/performing-second-order-sql-injection"},{"name":"performing-security-headers-audit","description":"Auditing HTTP security headers including CSP, HSTS, X-Frame-Options,","domain":"cybersecurity","path":"skills/performing-security-headers-audit"},{"name":"performing-serverless-function-security-review","description":"'Performing security reviews of serverless functions across AWS Lambda,","domain":"cybersecurity","path":"skills/performing-serverless-function-security-review"},{"name":"performing-service-account-audit","description":"Audit service accounts across enterprise infrastructure to identify orphaned,","domain":"cybersecurity","path":"skills/performing-service-account-audit"},{"name":"performing-service-account-credential-rotation","description":"Automate credential rotation for service accounts across Active Directory,","domain":"cybersecurity","path":"skills/performing-service-account-credential-rotation"},{"name":"performing-soap-web-service-security-testing","description":"Perform security testing of SOAP web services by analyzing WSDL definitions","domain":"cybersecurity","path":"skills/performing-soap-web-service-security-testing"},{"name":"performing-soc-tabletop-exercise","description":"'Performs tabletop exercises for SOC teams simulating security incidents","domain":"cybersecurity","path":"skills/performing-soc-tabletop-exercise"},{"name":"performing-soc2-type2-audit-preparation","description":"'Automates SOC 2 Type II audit preparation including gap assessment against","domain":"cybersecurity","path":"skills/performing-soc2-type2-audit-preparation"},{"name":"performing-sqlite-database-forensics","description":"Perform forensic analysis of SQLite databases to recover deleted records","domain":"cybersecurity","path":"skills/performing-sqlite-database-forensics"},{"name":"performing-ssl-certificate-lifecycle-management","description":"SSL/TLS certificate lifecycle management encompasses the full process","domain":"cybersecurity","path":"skills/performing-ssl-certificate-lifecycle-management"},{"name":"performing-ssl-stripping-attack","description":"'Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy","domain":"cybersecurity","path":"skills/performing-ssl-stripping-attack"},{"name":"performing-ssl-tls-inspection-configuration","description":"Configure SSL/TLS inspection on network security devices to decrypt,","domain":"cybersecurity","path":"skills/performing-ssl-tls-inspection-configuration"},{"name":"performing-ssl-tls-security-assessment","description":"Assess SSL/TLS server configurations using the sslyze Python library","domain":"cybersecurity","path":"skills/performing-ssl-tls-security-assessment"},{"name":"performing-ssrf-vulnerability-exploitation","description":"Test for Server-Side Request Forgery vulnerabilities by probing cloud","domain":"cybersecurity","path":"skills/performing-ssrf-vulnerability-exploitation"},{"name":"performing-static-malware-analysis-with-pe-studio","description":"'Performs static analysis of Windows PE (Portable Executable) malware","domain":"cybersecurity","path":"skills/performing-static-malware-analysis-with-pe-studio"},{"name":"performing-steganography-detection","description":"Detect and extract hidden data embedded in images, audio, and other media","domain":"cybersecurity","path":"skills/performing-steganography-detection"},{"name":"performing-subdomain-enumeration-with-subfinder","description":"Enumerate subdomains of target domains using ProjectDiscovery's Subfinder","domain":"cybersecurity","path":"skills/performing-subdomain-enumeration-with-subfinder"},{"name":"performing-supply-chain-attack-simulation","description":"Simulate and detect software supply chain attacks including typosquatting","domain":"cybersecurity","path":"skills/performing-supply-chain-attack-simulation"},{"name":"performing-thick-client-application-penetration-test","description":"Conduct a thick client application penetration test to identify insecure","domain":"cybersecurity","path":"skills/performing-thick-client-application-penetration-test"},{"name":"performing-threat-emulation-with-atomic-red-team","description":"'Executes Atomic Red Team tests for MITRE ATT&CK technique validation","domain":"cybersecurity","path":"skills/performing-threat-emulation-with-atomic-red-team"},{"name":"performing-threat-hunting-with-elastic-siem","description":"'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-elastic-siem"},{"name":"performing-threat-hunting-with-yara-rules","description":"'Use YARA pattern-matching rules to hunt for malware, suspicious files,","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-yara-rules"},{"name":"performing-threat-intelligence-sharing-with-misp","description":"Use PyMISP to create, enrich, and share threat intelligence events on","domain":"cybersecurity","path":"skills/performing-threat-intelligence-sharing-with-misp"},{"name":"performing-threat-landscape-assessment-for-sector","description":"Conduct a sector-specific threat landscape assessment by analyzing threat","domain":"cybersecurity","path":"skills/performing-threat-landscape-assessment-for-sector"},{"name":"performing-threat-modeling-with-owasp-threat-dragon","description":"Use OWASP Threat Dragon to create data flow diagrams, identify threats","domain":"cybersecurity","path":"skills/performing-threat-modeling-with-owasp-threat-dragon"},{"name":"performing-timeline-reconstruction-with-plaso","description":"Build comprehensive forensic super-timelines using Plaso (log2timeline)","domain":"cybersecurity","path":"skills/performing-timeline-reconstruction-with-plaso"},{"name":"performing-user-behavior-analytics","description":"'Performs User and Entity Behavior Analytics (UEBA) to detect anomalous","domain":"cybersecurity","path":"skills/performing-user-behavior-analytics"},{"name":"performing-vlan-hopping-attack","description":"'Simulates VLAN hopping attacks using switch spoofing and double tagging","domain":"cybersecurity","path":"skills/performing-vlan-hopping-attack"},{"name":"performing-vulnerability-scanning-with-nessus","description":"'Performs authenticated and unauthenticated vulnerability scanning using","domain":"cybersecurity","path":"skills/performing-vulnerability-scanning-with-nessus"},{"name":"performing-web-application-firewall-bypass","description":"Bypass Web Application Firewall protections using encoding techniques,","domain":"cybersecurity","path":"skills/performing-web-application-firewall-bypass"},{"name":"performing-web-application-penetration-test","description":"'Performs systematic security testing of web applications following the","domain":"cybersecurity","path":"skills/performing-web-application-penetration-test"},{"name":"performing-web-application-scanning-with-nikto","description":"Nikto is an open-source web server and web application scanner that tests","domain":"cybersecurity","path":"skills/performing-web-application-scanning-with-nikto"},{"name":"performing-web-application-vulnerability-triage","description":"Triage web application vulnerability findings from DAST/SAST scanners","domain":"cybersecurity","path":"skills/performing-web-application-vulnerability-triage"},{"name":"performing-web-cache-deception-attack","description":"Execute web cache deception attacks by exploiting path normalization","domain":"cybersecurity","path":"skills/performing-web-cache-deception-attack"},{"name":"performing-web-cache-poisoning-attack","description":"Exploiting web cache mechanisms to serve malicious content to other users","domain":"cybersecurity","path":"skills/performing-web-cache-poisoning-attack"},{"name":"performing-wifi-password-cracking-with-aircrack","description":"'Captures WPA/WPA2 handshakes and performs offline password cracking","domain":"cybersecurity","path":"skills/performing-wifi-password-cracking-with-aircrack"},{"name":"performing-windows-artifact-analysis-with-eric-zimmerman-tools","description":"Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's","domain":"cybersecurity","path":"skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools"},{"name":"performing-wireless-network-penetration-test","description":"Execute a wireless network penetration test to assess WiFi security by","domain":"cybersecurity","path":"skills/performing-wireless-network-penetration-test"},{"name":"performing-wireless-security-assessment-with-kismet","description":"Conduct wireless network security assessments using Kismet to detect","domain":"cybersecurity","path":"skills/performing-wireless-security-assessment-with-kismet"},{"name":"performing-yara-rule-development-for-detection","description":"Develop precise YARA rules for malware detection by identifying unique","domain":"cybersecurity","path":"skills/performing-yara-rule-development-for-detection"},{"name":"prioritizing-vulnerabilities-with-cvss-scoring","description":"The Common Vulnerability Scoring System (CVSS) is the industry standard","domain":"cybersecurity","path":"skills/prioritizing-vulnerabilities-with-cvss-scoring"},{"name":"processing-stix-taxii-feeds","description":"'Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1","domain":"cybersecurity","path":"skills/processing-stix-taxii-feeds"},{"name":"profiling-threat-actor-groups","description":"'Develops comprehensive threat actor profiles for APT groups, criminal","domain":"cybersecurity","path":"skills/profiling-threat-actor-groups"},{"name":"recovering-deleted-files-with-photorec","description":"Recover deleted files from disk images and storage media using PhotoRec's","domain":"cybersecurity","path":"skills/recovering-deleted-files-with-photorec"},{"name":"recovering-from-ransomware-attack","description":"'Executes structured recovery from a ransomware incident following NIST","domain":"cybersecurity","path":"skills/recovering-from-ransomware-attack"},{"name":"remediating-s3-bucket-misconfiguration","description":"'This skill provides step-by-step procedures for identifying and remediating","domain":"cybersecurity","path":"skills/remediating-s3-bucket-misconfiguration"},{"name":"reverse-engineering-android-malware-with-jadx","description":"'Reverse engineers malicious Android APK files using JADX decompiler","domain":"cybersecurity","path":"skills/reverse-engineering-android-malware-with-jadx"},{"name":"reverse-engineering-dotnet-malware-with-dnspy","description":"'Reverse engineers .NET malware using dnSpy decompiler and debugger to","domain":"cybersecurity","path":"skills/reverse-engineering-dotnet-malware-with-dnspy"},{"name":"reverse-engineering-ios-app-with-frida","description":"'Reverse engineers iOS applications using Frida dynamic instrumentation","domain":"cybersecurity","path":"skills/reverse-engineering-ios-app-with-frida"},{"name":"reverse-engineering-malware-with-ghidra","description":"'Reverse engineers malware binaries using NSA''s Ghidra disassembler","domain":"cybersecurity","path":"skills/reverse-engineering-malware-with-ghidra"},{"name":"reverse-engineering-ransomware-encryption-routine","description":"Reverse engineer ransomware encryption routines to identify cryptographic","domain":"cybersecurity","path":"skills/reverse-engineering-ransomware-encryption-routine"},{"name":"reverse-engineering-rust-malware","description":"Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with","domain":"cybersecurity","path":"skills/reverse-engineering-rust-malware"},{"name":"scanning-container-images-with-grype","description":"Scan container images for known vulnerabilities using Anchore Grype with","domain":"cybersecurity","path":"skills/scanning-container-images-with-grype"},{"name":"scanning-containers-with-trivy-in-cicd","description":"'This skill covers integrating Aqua Security''s Trivy scanner into CI/CD","domain":"cybersecurity","path":"skills/scanning-containers-with-trivy-in-cicd"},{"name":"scanning-docker-images-with-trivy","description":"Trivy is a comprehensive open-source vulnerability scanner by Aqua Security","domain":"cybersecurity","path":"skills/scanning-docker-images-with-trivy"},{"name":"scanning-infrastructure-with-nessus","description":"Tenable Nessus is the industry-leading vulnerability scanner used to","domain":"cybersecurity","path":"skills/scanning-infrastructure-with-nessus"},{"name":"scanning-kubernetes-manifests-with-kubesec","description":"Perform security risk analysis on Kubernetes resource manifests using","domain":"cybersecurity","path":"skills/scanning-kubernetes-manifests-with-kubesec"},{"name":"scanning-network-with-nmap-advanced","description":"'Performs advanced network reconnaissance using Nmap''s scripting engine,","domain":"cybersecurity","path":"skills/scanning-network-with-nmap-advanced"},{"name":"securing-api-gateway-with-aws-waf","description":"'Securing API Gateway endpoints with AWS WAF by configuring managed rule","domain":"cybersecurity","path":"skills/securing-api-gateway-with-aws-waf"},{"name":"securing-aws-iam-permissions","description":"'This skill guides practitioners through hardening AWS Identity and Access","domain":"cybersecurity","path":"skills/securing-aws-iam-permissions"},{"name":"securing-aws-lambda-execution-roles","description":"'Securing AWS Lambda execution roles by implementing least-privilege","domain":"cybersecurity","path":"skills/securing-aws-lambda-execution-roles"},{"name":"securing-azure-with-microsoft-defender","description":"'This skill instructs security practitioners on deploying Microsoft Defender","domain":"cybersecurity","path":"skills/securing-azure-with-microsoft-defender"},{"name":"securing-container-registry-images","description":"'Securing container registry images by implementing vulnerability scanning","domain":"cybersecurity","path":"skills/securing-container-registry-images"},{"name":"securing-container-registry-with-harbor","description":"Harbor is an open-source container registry that provides security features","domain":"cybersecurity","path":"skills/securing-container-registry-with-harbor"},{"name":"securing-github-actions-workflows","description":"'This skill covers hardening GitHub Actions workflows against supply","domain":"cybersecurity","path":"skills/securing-github-actions-workflows"},{"name":"securing-helm-chart-deployments","description":"Secure Helm chart deployments by validating chart integrity, scanning","domain":"cybersecurity","path":"skills/securing-helm-chart-deployments"},{"name":"securing-historian-server-in-ot-environment","description":"'This skill covers hardening and securing process historian servers (OSIsoft","domain":"cybersecurity","path":"skills/securing-historian-server-in-ot-environment"},{"name":"securing-kubernetes-on-cloud","description":"'This skill covers hardening managed Kubernetes clusters on EKS, AKS,","domain":"cybersecurity","path":"skills/securing-kubernetes-on-cloud"},{"name":"securing-remote-access-to-ot-environment","description":"'This skill covers implementing secure remote access to OT/ICS environments","domain":"cybersecurity","path":"skills/securing-remote-access-to-ot-environment"},{"name":"securing-serverless-functions","description":"'This skill covers security hardening for serverless compute platforms","domain":"cybersecurity","path":"skills/securing-serverless-functions"},{"name":"testing-android-intents-for-vulnerabilities","description":"'Tests Android inter-process communication (IPC) through intents for","domain":"cybersecurity","path":"skills/testing-android-intents-for-vulnerabilities"},{"name":"testing-api-authentication-weaknesses","description":"'Tests API authentication mechanisms for weaknesses including broken","domain":"cybersecurity","path":"skills/testing-api-authentication-weaknesses"},{"name":"testing-api-for-broken-object-level-authorization","description":"'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR)","domain":"cybersecurity","path":"skills/testing-api-for-broken-object-level-authorization"},{"name":"testing-api-for-mass-assignment-vulnerability","description":"'Tests APIs for mass assignment (auto-binding) vulnerabilities where","domain":"cybersecurity","path":"skills/testing-api-for-mass-assignment-vulnerability"},{"name":"testing-api-security-with-owasp-top-10","description":"Systematically assessing REST and GraphQL API endpoints against the OWASP","domain":"cybersecurity","path":"skills/testing-api-security-with-owasp-top-10"},{"name":"testing-cors-misconfiguration","description":"Identifying and exploiting Cross-Origin Resource Sharing misconfigurations","domain":"cybersecurity","path":"skills/testing-cors-misconfiguration"},{"name":"testing-for-broken-access-control","description":"Systematically testing web applications for broken access control vulnerabilities","domain":"cybersecurity","path":"skills/testing-for-broken-access-control"},{"name":"testing-for-business-logic-vulnerabilities","description":"Identifying flaws in application business logic that allow price manipulation,","domain":"cybersecurity","path":"skills/testing-for-business-logic-vulnerabilities"},{"name":"testing-for-email-header-injection","description":"Test web application email functionality for SMTP header injection vulnerabilities","domain":"cybersecurity","path":"skills/testing-for-email-header-injection"},{"name":"testing-for-host-header-injection","description":"Test web applications for HTTP Host header injection vulnerabilities","domain":"cybersecurity","path":"skills/testing-for-host-header-injection"},{"name":"testing-for-json-web-token-vulnerabilities","description":"Test JWT implementations for critical vulnerabilities including algorithm","domain":"cybersecurity","path":"skills/testing-for-json-web-token-vulnerabilities"},{"name":"testing-for-open-redirect-vulnerabilities","description":"Identify and test open redirect vulnerabilities in web applications by","domain":"cybersecurity","path":"skills/testing-for-open-redirect-vulnerabilities"},{"name":"testing-for-sensitive-data-exposure","description":"Identifying sensitive data exposure vulnerabilities including API key","domain":"cybersecurity","path":"skills/testing-for-sensitive-data-exposure"},{"name":"testing-for-xml-injection-vulnerabilities","description":"Test web applications for XML injection vulnerabilities including XXE,","domain":"cybersecurity","path":"skills/testing-for-xml-injection-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities","description":"'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities-with-burpsuite","description":"Identifying and validating cross-site scripting vulnerabilities using","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities-with-burpsuite"},{"name":"testing-for-xxe-injection-vulnerabilities","description":"Discovering and exploiting XML External Entity injection vulnerabilities","domain":"cybersecurity","path":"skills/testing-for-xxe-injection-vulnerabilities"},{"name":"testing-jwt-token-security","description":"Assessing JSON Web Token implementations for cryptographic weaknesses,","domain":"cybersecurity","path":"skills/testing-jwt-token-security"},{"name":"testing-mobile-api-authentication","description":"'Tests authentication and authorization mechanisms in mobile application","domain":"cybersecurity","path":"skills/testing-mobile-api-authentication"},{"name":"testing-oauth2-implementation-flaws","description":"'Tests OAuth 2.0 and OpenID Connect implementations for security flaws","domain":"cybersecurity","path":"skills/testing-oauth2-implementation-flaws"},{"name":"testing-ransomware-recovery-procedures","description":"Test and validate ransomware recovery procedures including backup restore","domain":"cybersecurity","path":"skills/testing-ransomware-recovery-procedures"},{"name":"testing-websocket-api-security","description":"'Tests WebSocket API implementations for security vulnerabilities including","domain":"cybersecurity","path":"skills/testing-websocket-api-security"},{"name":"tracking-threat-actor-infrastructure","description":"Threat actor infrastructure tracking involves monitoring and mapping","domain":"cybersecurity","path":"skills/tracking-threat-actor-infrastructure"},{"name":"triaging-security-alerts-in-splunk","description":"'Triages security alerts in Splunk Enterprise Security by classifying","domain":"cybersecurity","path":"skills/triaging-security-alerts-in-splunk"},{"name":"triaging-security-incident","description":"'Performs initial triage of security incidents to determine severity,","domain":"cybersecurity","path":"skills/triaging-security-incident"},{"name":"triaging-security-incident-with-ir-playbook","description":"Classify and prioritize security incidents using structured IR playbooks","domain":"cybersecurity","path":"skills/triaging-security-incident-with-ir-playbook"},{"name":"triaging-vulnerabilities-with-ssvc-framework","description":"Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific","domain":"cybersecurity","path":"skills/triaging-vulnerabilities-with-ssvc-framework"},{"name":"validating-backup-integrity-for-recovery","description":"Validate backup integrity through cryptographic hash verification, automated","domain":"cybersecurity","path":"skills/validating-backup-integrity-for-recovery"}]}