creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 13:14:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
efca3ec611b11d8bb0d94c457be74a082bd90888
Anthropic-Cybersecurity-Skills/index.json
T
mukul975 e8105a2f4d chore: auto-update index.json
2026-04-05 23:56:33 +00:00

1 line
186 KiB
JSON
Raw Blame History

{"version":"1.1.0","generated_at":"2026-04-05T23:56:33Z","repository":"https://github.com/mukul975/Anthropic-Cybersecurity-Skills","domain":"cybersecurity","total_skills":754,"skills":[{"name":"acquiring-disk-image-with-dd-and-dcfldd","description":"Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.","domain":"cybersecurity","path":"skills/acquiring-disk-image-with-dd-and-dcfldd"},{"name":"analyzing-active-directory-acl-abuse","description":"Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths","domain":"cybersecurity","path":"skills/analyzing-active-directory-acl-abuse"},{"name":"analyzing-android-malware-with-apktool","description":"Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.","domain":"cybersecurity","path":"skills/analyzing-android-malware-with-apktool"},{"name":"analyzing-api-gateway-access-logs","description":">","domain":"cybersecurity","path":"skills/analyzing-api-gateway-access-logs"},{"name":"analyzing-apt-group-with-mitre-navigator","description":"Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps","domain":"cybersecurity","path":"skills/analyzing-apt-group-with-mitre-navigator"},{"name":"analyzing-azure-activity-logs-for-threats","description":">","domain":"cybersecurity","path":"skills/analyzing-azure-activity-logs-for-threats"},{"name":"analyzing-bootkit-and-rootkit-samples","description":">","domain":"cybersecurity","path":"skills/analyzing-bootkit-and-rootkit-samples"},{"name":"analyzing-browser-forensics-with-hindsight","description":"Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.","domain":"cybersecurity","path":"skills/analyzing-browser-forensics-with-hindsight"},{"name":"analyzing-campaign-attribution-evidence","description":"Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr","domain":"cybersecurity","path":"skills/analyzing-campaign-attribution-evidence"},{"name":"analyzing-certificate-transparency-for-phishing","description":"Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,","domain":"cybersecurity","path":"skills/analyzing-certificate-transparency-for-phishing"},{"name":"analyzing-cloud-storage-access-patterns","description":"Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS","domain":"cybersecurity","path":"skills/analyzing-cloud-storage-access-patterns"},{"name":"analyzing-cobalt-strike-beacon-configuration","description":"Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure, malleable profiles, and operator tradecraft.","domain":"cybersecurity","path":"skills/analyzing-cobalt-strike-beacon-configuration"},{"name":"analyzing-cobaltstrike-malleable-c2-profiles","description":"Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract C2 indicators, detect evasion techniques, and generate network detection signatures.","domain":"cybersecurity","path":"skills/analyzing-cobaltstrike-malleable-c2-profiles"},{"name":"analyzing-command-and-control-communication","description":">","domain":"cybersecurity","path":"skills/analyzing-command-and-control-communication"},{"name":"analyzing-cyber-kill-chain","description":">","domain":"cybersecurity","path":"skills/analyzing-cyber-kill-chain"},{"name":"analyzing-disk-image-with-autopsy","description":"Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and build investigation timelines.","domain":"cybersecurity","path":"skills/analyzing-disk-image-with-autopsy"},{"name":"analyzing-dns-logs-for-exfiltration","description":"'Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert","domain":"cybersecurity","path":"skills/analyzing-dns-logs-for-exfiltration"},{"name":"analyzing-docker-container-forensics","description":"Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity and evidence.","domain":"cybersecurity","path":"skills/analyzing-docker-container-forensics"},{"name":"analyzing-email-headers-for-phishing-investigation","description":"Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify","domain":"cybersecurity","path":"skills/analyzing-email-headers-for-phishing-investigation"},{"name":"analyzing-ethereum-smart-contract-vulnerabilities","description":"Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.","domain":"cybersecurity","path":"skills/analyzing-ethereum-smart-contract-vulnerabilities"},{"name":"analyzing-golang-malware-with-ghidra","description":"Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.","domain":"cybersecurity","path":"skills/analyzing-golang-malware-with-ghidra"},{"name":"analyzing-heap-spray-exploitation","description":"Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.","domain":"cybersecurity","path":"skills/analyzing-heap-spray-exploitation"},{"name":"analyzing-indicators-of-compromise","description":"'Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts","domain":"cybersecurity","path":"skills/analyzing-indicators-of-compromise"},{"name":"analyzing-ios-app-security-with-objection","description":"'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that","domain":"cybersecurity","path":"skills/analyzing-ios-app-security-with-objection"},{"name":"analyzing-kubernetes-audit-logs","description":">","domain":"cybersecurity","path":"skills/analyzing-kubernetes-audit-logs"},{"name":"analyzing-linux-audit-logs-for-intrusion","description":">","domain":"cybersecurity","path":"skills/analyzing-linux-audit-logs-for-intrusion"},{"name":"analyzing-linux-elf-malware","description":">","domain":"cybersecurity","path":"skills/analyzing-linux-elf-malware"},{"name":"analyzing-linux-kernel-rootkits","description":"Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules), rkhunter system scanning, and /proc vs /sys discrepancy analysis to identify hooked syscalls, hidden kernel modules, and tampered system structures.","domain":"cybersecurity","path":"skills/analyzing-linux-kernel-rootkits"},{"name":"analyzing-linux-system-artifacts","description":"Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.","domain":"cybersecurity","path":"skills/analyzing-linux-system-artifacts"},{"name":"analyzing-lnk-file-and-jump-list-artifacts","description":"Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.","domain":"cybersecurity","path":"skills/analyzing-lnk-file-and-jump-list-artifacts"},{"name":"analyzing-macro-malware-in-office-documents","description":"'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download","domain":"cybersecurity","path":"skills/analyzing-macro-malware-in-office-documents"},{"name":"analyzing-malicious-pdf-with-peepdf","description":"Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.","domain":"cybersecurity","path":"skills/analyzing-malicious-pdf-with-peepdf"},{"name":"analyzing-malicious-url-with-urlscan","description":"URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,","domain":"cybersecurity","path":"skills/analyzing-malicious-url-with-urlscan"},{"name":"analyzing-malware-behavior-with-cuckoo-sandbox","description":">","domain":"cybersecurity","path":"skills/analyzing-malware-behavior-with-cuckoo-sandbox"},{"name":"analyzing-malware-family-relationships-with-malpedia","description":"Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.","domain":"cybersecurity","path":"skills/analyzing-malware-family-relationships-with-malpedia"},{"name":"analyzing-malware-persistence-with-autoruns","description":"","domain":"cybersecurity","path":"skills/analyzing-malware-persistence-with-autoruns"},{"name":"analyzing-malware-sandbox-evasion-techniques","description":"Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction","domain":"cybersecurity","path":"skills/analyzing-malware-sandbox-evasion-techniques"},{"name":"analyzing-memory-dumps-with-volatility","description":">","domain":"cybersecurity","path":"skills/analyzing-memory-dumps-with-volatility"},{"name":"analyzing-memory-forensics-with-lime-and-volatility","description":">","domain":"cybersecurity","path":"skills/analyzing-memory-forensics-with-lime-and-volatility"},{"name":"analyzing-mft-for-deleted-file-recovery","description":"Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record entries, $LogFile, $UsnJrnl, and MFT slack space using MFTECmd, analyzeMFT, and X-Ways Forensics.","domain":"cybersecurity","path":"skills/analyzing-mft-for-deleted-file-recovery"},{"name":"analyzing-network-covert-channels-in-malware","description":"Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,","domain":"cybersecurity","path":"skills/analyzing-network-covert-channels-in-malware"},{"name":"analyzing-network-flow-data-with-netflow","description":">-","domain":"cybersecurity","path":"skills/analyzing-network-flow-data-with-netflow"},{"name":"analyzing-network-packets-with-scapy","description":"Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing","domain":"cybersecurity","path":"skills/analyzing-network-packets-with-scapy"},{"name":"analyzing-network-traffic-for-incidents","description":">","domain":"cybersecurity","path":"skills/analyzing-network-traffic-for-incidents"},{"name":"analyzing-network-traffic-of-malware","description":">","domain":"cybersecurity","path":"skills/analyzing-network-traffic-of-malware"},{"name":"analyzing-network-traffic-with-wireshark","description":">","domain":"cybersecurity","path":"skills/analyzing-network-traffic-with-wireshark"},{"name":"analyzing-office365-audit-logs-for-compromise","description":"Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation, suspicious OAuth app grants, and other indicators of account compromise.","domain":"cybersecurity","path":"skills/analyzing-office365-audit-logs-for-compromise"},{"name":"analyzing-outlook-pst-for-email-forensics","description":"Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,","domain":"cybersecurity","path":"skills/analyzing-outlook-pst-for-email-forensics"},{"name":"analyzing-packed-malware-with-upx-unpacker","description":">","domain":"cybersecurity","path":"skills/analyzing-packed-malware-with-upx-unpacker"},{"name":"analyzing-pdf-malware-with-pdfid","description":">","domain":"cybersecurity","path":"skills/analyzing-pdf-malware-with-pdfid"},{"name":"analyzing-persistence-mechanisms-in-linux","description":"","domain":"cybersecurity","path":"skills/analyzing-persistence-mechanisms-in-linux"},{"name":"analyzing-powershell-empire-artifacts","description":"Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns,","domain":"cybersecurity","path":"skills/analyzing-powershell-empire-artifacts"},{"name":"analyzing-powershell-script-block-logging","description":">-","domain":"cybersecurity","path":"skills/analyzing-powershell-script-block-logging"},{"name":"analyzing-prefetch-files-for-execution-history","description":"Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.","domain":"cybersecurity","path":"skills/analyzing-prefetch-files-for-execution-history"},{"name":"analyzing-ransomware-encryption-mechanisms","description":">","domain":"cybersecurity","path":"skills/analyzing-ransomware-encryption-mechanisms"},{"name":"analyzing-ransomware-leak-site-intelligence","description":"Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.","domain":"cybersecurity","path":"skills/analyzing-ransomware-leak-site-intelligence"},{"name":"analyzing-ransomware-network-indicators","description":"Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration","domain":"cybersecurity","path":"skills/analyzing-ransomware-network-indicators"},{"name":"analyzing-ransomware-payment-wallets","description":">","domain":"cybersecurity","path":"skills/analyzing-ransomware-payment-wallets"},{"name":"analyzing-sbom-for-supply-chain-vulnerabilities","description":"'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities","domain":"cybersecurity","path":"skills/analyzing-sbom-for-supply-chain-vulnerabilities"},{"name":"analyzing-security-logs-with-splunk","description":"","domain":"cybersecurity","path":"skills/analyzing-security-logs-with-splunk"},{"name":"analyzing-slack-space-and-file-system-artifacts","description":"Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.","domain":"cybersecurity","path":"skills/analyzing-slack-space-and-file-system-artifacts"},{"name":"analyzing-supply-chain-malware-artifacts","description":"Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,","domain":"cybersecurity","path":"skills/analyzing-supply-chain-malware-artifacts"},{"name":"analyzing-threat-actor-ttps-with-mitre-attack","description":"MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-attack"},{"name":"analyzing-threat-actor-ttps-with-mitre-navigator","description":"'Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework","domain":"cybersecurity","path":"skills/analyzing-threat-actor-ttps-with-mitre-navigator"},{"name":"analyzing-threat-intelligence-feeds","description":">","domain":"cybersecurity","path":"skills/analyzing-threat-intelligence-feeds"},{"name":"analyzing-threat-landscape-with-misp","description":"Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,","domain":"cybersecurity","path":"skills/analyzing-threat-landscape-with-misp"},{"name":"analyzing-tls-certificate-transparency-logs","description":"'Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate","domain":"cybersecurity","path":"skills/analyzing-tls-certificate-transparency-logs"},{"name":"analyzing-typosquatting-domains-with-dnstwist","description":"Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations","domain":"cybersecurity","path":"skills/analyzing-typosquatting-domains-with-dnstwist"},{"name":"analyzing-uefi-bootkit-persistence","description":"'Analyzes UEFI bootkit persistence mechanisms including firmware implants in SPI flash, EFI System Partition","domain":"cybersecurity","path":"skills/analyzing-uefi-bootkit-persistence"},{"name":"analyzing-usb-device-connection-history","description":"Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable media usage and potential data exfiltration.","domain":"cybersecurity","path":"skills/analyzing-usb-device-connection-history"},{"name":"analyzing-web-server-logs-for-intrusion","description":">-","domain":"cybersecurity","path":"skills/analyzing-web-server-logs-for-intrusion"},{"name":"analyzing-windows-amcache-artifacts","description":">","domain":"cybersecurity","path":"skills/analyzing-windows-amcache-artifacts"},{"name":"analyzing-windows-event-logs-in-splunk","description":"'Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege","domain":"cybersecurity","path":"skills/analyzing-windows-event-logs-in-splunk"},{"name":"analyzing-windows-lnk-files-for-artifacts","description":"Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.","domain":"cybersecurity","path":"skills/analyzing-windows-lnk-files-for-artifacts"},{"name":"analyzing-windows-prefetch-with-python","description":"Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.","domain":"cybersecurity","path":"skills/analyzing-windows-prefetch-with-python"},{"name":"analyzing-windows-registry-for-artifacts","description":"Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and evidence of system compromise.","domain":"cybersecurity","path":"skills/analyzing-windows-registry-for-artifacts"},{"name":"analyzing-windows-shellbag-artifacts","description":"Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable media and network shares, and establish user interaction with directories even after deletion using SBECmd and ShellBags Explorer.","domain":"cybersecurity","path":"skills/analyzing-windows-shellbag-artifacts"},{"name":"auditing-aws-s3-bucket-permissions","description":">","domain":"cybersecurity","path":"skills/auditing-aws-s3-bucket-permissions"},{"name":"auditing-azure-active-directory-configuration","description":">","domain":"cybersecurity","path":"skills/auditing-azure-active-directory-configuration"},{"name":"auditing-cloud-with-cis-benchmarks","description":"'This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS,","domain":"cybersecurity","path":"skills/auditing-cloud-with-cis-benchmarks"},{"name":"auditing-gcp-iam-permissions","description":">","domain":"cybersecurity","path":"skills/auditing-gcp-iam-permissions"},{"name":"auditing-kubernetes-cluster-rbac","description":">","domain":"cybersecurity","path":"skills/auditing-kubernetes-cluster-rbac"},{"name":"auditing-terraform-infrastructure-for-security","description":">","domain":"cybersecurity","path":"skills/auditing-terraform-infrastructure-for-security"},{"name":"auditing-tls-certificate-transparency-logs","description":">","domain":"cybersecurity","path":"skills/auditing-tls-certificate-transparency-logs"},{"name":"automating-ioc-enrichment","description":">","domain":"cybersecurity","path":"skills/automating-ioc-enrichment"},{"name":"building-adversary-infrastructure-tracking-system","description":"Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS data, and IP enrichment to map and monitor threat actor command-and-control networks.","domain":"cybersecurity","path":"skills/building-adversary-infrastructure-tracking-system"},{"name":"building-attack-pattern-library-from-cti-reports","description":"Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library","domain":"cybersecurity","path":"skills/building-attack-pattern-library-from-cti-reports"},{"name":"building-automated-malware-submission-pipeline","description":">","domain":"cybersecurity","path":"skills/building-automated-malware-submission-pipeline"},{"name":"building-c2-infrastructure-with-sliver-framework","description":"Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with","domain":"cybersecurity","path":"skills/building-c2-infrastructure-with-sliver-framework"},{"name":"building-cloud-siem-with-sentinel","description":"'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security","domain":"cybersecurity","path":"skills/building-cloud-siem-with-sentinel"},{"name":"building-detection-rule-with-splunk-spl","description":"Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify","domain":"cybersecurity","path":"skills/building-detection-rule-with-splunk-spl"},{"name":"building-detection-rules-with-sigma","description":"'Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms","domain":"cybersecurity","path":"skills/building-detection-rules-with-sigma"},{"name":"building-devsecops-pipeline-with-gitlab-ci","description":"Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.","domain":"cybersecurity","path":"skills/building-devsecops-pipeline-with-gitlab-ci"},{"name":"building-identity-federation-with-saml-azure-ad","description":"Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID) for seamless cross-domain authentication and SSO to cloud applications.","domain":"cybersecurity","path":"skills/building-identity-federation-with-saml-azure-ad"},{"name":"building-identity-governance-lifecycle-process","description":"'Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,","domain":"cybersecurity","path":"skills/building-identity-governance-lifecycle-process"},{"name":"building-incident-response-dashboard","description":">","domain":"cybersecurity","path":"skills/building-incident-response-dashboard"},{"name":"building-incident-response-playbook","description":">","domain":"cybersecurity","path":"skills/building-incident-response-playbook"},{"name":"building-incident-timeline-with-timesketch","description":"","domain":"cybersecurity","path":"skills/building-incident-timeline-with-timesketch"},{"name":"building-ioc-defanging-and-sharing-pipeline","description":"Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.","domain":"cybersecurity","path":"skills/building-ioc-defanging-and-sharing-pipeline"},{"name":"building-ioc-enrichment-pipeline-with-opencti","description":"OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O","domain":"cybersecurity","path":"skills/building-ioc-enrichment-pipeline-with-opencti"},{"name":"building-malware-incident-communication-template","description":"Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.","domain":"cybersecurity","path":"skills/building-malware-incident-communication-template"},{"name":"building-patch-tuesday-response-process","description":"Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.","domain":"cybersecurity","path":"skills/building-patch-tuesday-response-process"},{"name":"building-phishing-reporting-button-workflow","description":"Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.","domain":"cybersecurity","path":"skills/building-phishing-reporting-button-workflow"},{"name":"building-ransomware-playbook-with-cisa-framework","description":">","domain":"cybersecurity","path":"skills/building-ransomware-playbook-with-cisa-framework"},{"name":"building-red-team-c2-infrastructure-with-havoc","description":"Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for","domain":"cybersecurity","path":"skills/building-red-team-c2-infrastructure-with-havoc"},{"name":"building-role-mining-for-rbac-optimization","description":"Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.","domain":"cybersecurity","path":"skills/building-role-mining-for-rbac-optimization"},{"name":"building-soc-escalation-matrix","description":"Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.","domain":"cybersecurity","path":"skills/building-soc-escalation-matrix"},{"name":"building-soc-metrics-and-kpi-tracking","description":"'Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to","domain":"cybersecurity","path":"skills/building-soc-metrics-and-kpi-tracking"},{"name":"building-soc-playbook-for-ransomware","description":"","domain":"cybersecurity","path":"skills/building-soc-playbook-for-ransomware"},{"name":"building-threat-actor-profile-from-osint","description":"Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary motivations, capabilities, infrastructure, and TTPs for proactive defense.","domain":"cybersecurity","path":"skills/building-threat-actor-profile-from-osint"},{"name":"building-threat-feed-aggregation-with-misp","description":"Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.","domain":"cybersecurity","path":"skills/building-threat-feed-aggregation-with-misp"},{"name":"building-threat-hunt-hypothesis-framework","description":"Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and environmental data into testable hunting hypotheses.","domain":"cybersecurity","path":"skills/building-threat-hunt-hypothesis-framework"},{"name":"building-threat-intelligence-enrichment-in-splunk","description":"Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular inputs, and the Threat Intelligence Framework.","domain":"cybersecurity","path":"skills/building-threat-intelligence-enrichment-in-splunk"},{"name":"building-threat-intelligence-feed-integration","description":">","domain":"cybersecurity","path":"skills/building-threat-intelligence-feed-integration"},{"name":"building-threat-intelligence-platform","description":"Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T","domain":"cybersecurity","path":"skills/building-threat-intelligence-platform"},{"name":"building-vulnerability-aging-and-sla-tracking","description":"Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.","domain":"cybersecurity","path":"skills/building-vulnerability-aging-and-sla-tracking"},{"name":"building-vulnerability-dashboard-with-defectdojo","description":"Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.","domain":"cybersecurity","path":"skills/building-vulnerability-dashboard-with-defectdojo"},{"name":"building-vulnerability-exception-tracking-system","description":"Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.","domain":"cybersecurity","path":"skills/building-vulnerability-exception-tracking-system"},{"name":"building-vulnerability-scanning-workflow","description":">","domain":"cybersecurity","path":"skills/building-vulnerability-scanning-workflow"},{"name":"bypassing-authentication-with-forced-browsing","description":"Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.","domain":"cybersecurity","path":"skills/bypassing-authentication-with-forced-browsing"},{"name":"collecting-indicators-of-compromise","description":">","domain":"cybersecurity","path":"skills/collecting-indicators-of-compromise"},{"name":"collecting-open-source-intelligence","description":">","domain":"cybersecurity","path":"skills/collecting-open-source-intelligence"},{"name":"collecting-threat-intelligence-with-misp","description":"MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat","domain":"cybersecurity","path":"skills/collecting-threat-intelligence-with-misp"},{"name":"collecting-volatile-evidence-from-compromised-host","description":"Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory, network connections, processes, and system state before they are lost.","domain":"cybersecurity","path":"skills/collecting-volatile-evidence-from-compromised-host"},{"name":"conducting-api-security-testing","description":">","domain":"cybersecurity","path":"skills/conducting-api-security-testing"},{"name":"conducting-cloud-incident-response","description":">","domain":"cybersecurity","path":"skills/conducting-cloud-incident-response"},{"name":"conducting-cloud-penetration-testing","description":"'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP","domain":"cybersecurity","path":"skills/conducting-cloud-penetration-testing"},{"name":"conducting-domain-persistence-with-dcsync","description":"Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting","domain":"cybersecurity","path":"skills/conducting-domain-persistence-with-dcsync"},{"name":"conducting-external-reconnaissance-with-osint","description":">","domain":"cybersecurity","path":"skills/conducting-external-reconnaissance-with-osint"},{"name":"conducting-full-scope-red-team-engagement","description":"Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using","domain":"cybersecurity","path":"skills/conducting-full-scope-red-team-engagement"},{"name":"conducting-internal-network-penetration-test","description":"Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify","domain":"cybersecurity","path":"skills/conducting-internal-network-penetration-test"},{"name":"conducting-internal-reconnaissance-with-bloodhound-ce","description":"Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify","domain":"cybersecurity","path":"skills/conducting-internal-reconnaissance-with-bloodhound-ce"},{"name":"conducting-malware-incident-response","description":"","domain":"cybersecurity","path":"skills/conducting-malware-incident-response"},{"name":"conducting-man-in-the-middle-attack-simulation","description":">","domain":"cybersecurity","path":"skills/conducting-man-in-the-middle-attack-simulation"},{"name":"conducting-memory-forensics-with-volatility","description":">","domain":"cybersecurity","path":"skills/conducting-memory-forensics-with-volatility"},{"name":"conducting-mobile-app-penetration-test","description":"'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security","domain":"cybersecurity","path":"skills/conducting-mobile-app-penetration-test"},{"name":"conducting-network-penetration-test","description":">","domain":"cybersecurity","path":"skills/conducting-network-penetration-test"},{"name":"conducting-pass-the-ticket-attack","description":"Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate","domain":"cybersecurity","path":"skills/conducting-pass-the-ticket-attack"},{"name":"conducting-phishing-incident-response","description":">","domain":"cybersecurity","path":"skills/conducting-phishing-incident-response"},{"name":"conducting-post-incident-lessons-learned","description":"Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce actionable recommendations to improve future incident response.","domain":"cybersecurity","path":"skills/conducting-post-incident-lessons-learned"},{"name":"conducting-social-engineering-penetration-test","description":"Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical","domain":"cybersecurity","path":"skills/conducting-social-engineering-penetration-test"},{"name":"conducting-social-engineering-pretext-call","description":"Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social","domain":"cybersecurity","path":"skills/conducting-social-engineering-pretext-call"},{"name":"conducting-spearphishing-simulation-campaign","description":"Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.","domain":"cybersecurity","path":"skills/conducting-spearphishing-simulation-campaign"},{"name":"conducting-wireless-network-penetration-test","description":">","domain":"cybersecurity","path":"skills/conducting-wireless-network-penetration-test"},{"name":"configuring-active-directory-tiered-model","description":"Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f","domain":"cybersecurity","path":"skills/configuring-active-directory-tiered-model"},{"name":"configuring-aws-verified-access-for-ztna","description":"Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.","domain":"cybersecurity","path":"skills/configuring-aws-verified-access-for-ztna"},{"name":"configuring-certificate-authority-with-openssl","description":"A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking digital certificates. This skill covers building a two-tier CA hierarchy (Root CA +","domain":"cybersecurity","path":"skills/configuring-certificate-authority-with-openssl"},{"name":"configuring-host-based-intrusion-detection","description":">","domain":"cybersecurity","path":"skills/configuring-host-based-intrusion-detection"},{"name":"configuring-hsm-for-key-storage","description":"Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and","domain":"cybersecurity","path":"skills/configuring-hsm-for-key-storage"},{"name":"configuring-identity-aware-proxy-with-google-iap","description":">","domain":"cybersecurity","path":"skills/configuring-identity-aware-proxy-with-google-iap"},{"name":"configuring-ldap-security-hardening","description":"Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous binding, and channel binding bypass. Covers LDAPS enforcement, channel binding, LDAP si","domain":"cybersecurity","path":"skills/configuring-ldap-security-hardening"},{"name":"configuring-microsegmentation-for-zero-trust","description":"Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like VMware NSX, Illumio, and Calico, preventing lateral movement in zero trust architectures.","domain":"cybersecurity","path":"skills/configuring-microsegmentation-for-zero-trust"},{"name":"configuring-multi-factor-authentication-with-duo","description":"Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust","domain":"cybersecurity","path":"skills/configuring-multi-factor-authentication-with-duo"},{"name":"configuring-network-segmentation-with-vlans","description":">","domain":"cybersecurity","path":"skills/configuring-network-segmentation-with-vlans"},{"name":"configuring-oauth2-authorization-flow","description":"Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token","domain":"cybersecurity","path":"skills/configuring-oauth2-authorization-flow"},{"name":"configuring-pfsense-firewall-rules","description":">","domain":"cybersecurity","path":"skills/configuring-pfsense-firewall-rules"},{"name":"configuring-snort-ids-for-intrusion-detection","description":">","domain":"cybersecurity","path":"skills/configuring-snort-ids-for-intrusion-detection"},{"name":"configuring-suricata-for-network-monitoring","description":">","domain":"cybersecurity","path":"skills/configuring-suricata-for-network-monitoring"},{"name":"configuring-tls-1-3-for-secure-communications","description":"TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements over TLS 1.2 in both security and performance. It reduces handshake latency to 1-R","domain":"cybersecurity","path":"skills/configuring-tls-1-3-for-secure-communications"},{"name":"configuring-windows-defender-advanced-settings","description":">","domain":"cybersecurity","path":"skills/configuring-windows-defender-advanced-settings"},{"name":"configuring-windows-event-logging-for-detection","description":">","domain":"cybersecurity","path":"skills/configuring-windows-event-logging-for-detection"},{"name":"configuring-zscaler-private-access-for-ztna","description":">","domain":"cybersecurity","path":"skills/configuring-zscaler-private-access-for-ztna"},{"name":"containing-active-breach","description":">","domain":"cybersecurity","path":"skills/containing-active-breach"},{"name":"correlating-security-events-in-qradar","description":">","domain":"cybersecurity","path":"skills/correlating-security-events-in-qradar"},{"name":"correlating-threat-campaigns","description":">","domain":"cybersecurity","path":"skills/correlating-threat-campaigns"},{"name":"deobfuscating-javascript-malware","description":">","domain":"cybersecurity","path":"skills/deobfuscating-javascript-malware"},{"name":"deobfuscating-powershell-obfuscated-malware","description":"","domain":"cybersecurity","path":"skills/deobfuscating-powershell-obfuscated-malware"},{"name":"deploying-active-directory-honeytokens","description":">","domain":"cybersecurity","path":"skills/deploying-active-directory-honeytokens"},{"name":"deploying-cloudflare-access-for-zero-trust","description":"'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,","domain":"cybersecurity","path":"skills/deploying-cloudflare-access-for-zero-trust"},{"name":"deploying-decoy-files-for-ransomware-detection","description":">","domain":"cybersecurity","path":"skills/deploying-decoy-files-for-ransomware-detection"},{"name":"deploying-edr-agent-with-crowdstrike","description":"'Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat","domain":"cybersecurity","path":"skills/deploying-edr-agent-with-crowdstrike"},{"name":"deploying-osquery-for-endpoint-monitoring","description":">","domain":"cybersecurity","path":"skills/deploying-osquery-for-endpoint-monitoring"},{"name":"deploying-palo-alto-prisma-access-zero-trust","description":"'Deploying Palo Alto Networks Prisma Access for SASE-based zero trust network access using GlobalProtect agents,","domain":"cybersecurity","path":"skills/deploying-palo-alto-prisma-access-zero-trust"},{"name":"deploying-ransomware-canary-files","description":">","domain":"cybersecurity","path":"skills/deploying-ransomware-canary-files"},{"name":"deploying-software-defined-perimeter","description":"Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual TLS, and SDP controller/gateway configuration to enforce zero trust network access.","domain":"cybersecurity","path":"skills/deploying-software-defined-perimeter"},{"name":"deploying-tailscale-for-zero-trust-vpn","description":"Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls, ACLs, and exit nodes for secure peer-to-peer connectivity.","domain":"cybersecurity","path":"skills/deploying-tailscale-for-zero-trust-vpn"},{"name":"detecting-ai-model-prompt-injection-attacks","description":"'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex","domain":"cybersecurity","path":"skills/detecting-ai-model-prompt-injection-attacks"},{"name":"detecting-anomalies-in-industrial-control-systems","description":"'This skill covers deploying anomaly detection systems for industrial control environments using machine learning","domain":"cybersecurity","path":"skills/detecting-anomalies-in-industrial-control-systems"},{"name":"detecting-anomalous-authentication-patterns","description":"'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning","domain":"cybersecurity","path":"skills/detecting-anomalous-authentication-patterns"},{"name":"detecting-api-enumeration-attacks","description":"Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.","domain":"cybersecurity","path":"skills/detecting-api-enumeration-attacks"},{"name":"detecting-arp-poisoning-in-network-traffic","description":"Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.","domain":"cybersecurity","path":"skills/detecting-arp-poisoning-in-network-traffic"},{"name":"detecting-attacks-on-historian-servers","description":">","domain":"cybersecurity","path":"skills/detecting-attacks-on-historian-servers"},{"name":"detecting-attacks-on-scada-systems","description":"'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems","domain":"cybersecurity","path":"skills/detecting-attacks-on-scada-systems"},{"name":"detecting-aws-cloudtrail-anomalies","description":"Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.","domain":"cybersecurity","path":"skills/detecting-aws-cloudtrail-anomalies"},{"name":"detecting-aws-credential-exposure-with-trufflehog","description":">","domain":"cybersecurity","path":"skills/detecting-aws-credential-exposure-with-trufflehog"},{"name":"detecting-aws-guardduty-findings-automation","description":"Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.","domain":"cybersecurity","path":"skills/detecting-aws-guardduty-findings-automation"},{"name":"detecting-aws-iam-privilege-escalation","description":"Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations","domain":"cybersecurity","path":"skills/detecting-aws-iam-privilege-escalation"},{"name":"detecting-azure-lateral-movement","description":"Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.","domain":"cybersecurity","path":"skills/detecting-azure-lateral-movement"},{"name":"detecting-azure-service-principal-abuse","description":"Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin","domain":"cybersecurity","path":"skills/detecting-azure-service-principal-abuse"},{"name":"detecting-azure-storage-account-misconfigurations","description":"Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing","domain":"cybersecurity","path":"skills/detecting-azure-storage-account-misconfigurations"},{"name":"detecting-beaconing-patterns-with-zeek","description":">","domain":"cybersecurity","path":"skills/detecting-beaconing-patterns-with-zeek"},{"name":"detecting-bluetooth-low-energy-attacks","description":">","domain":"cybersecurity","path":"skills/detecting-bluetooth-low-energy-attacks"},{"name":"detecting-broken-object-property-level-authorization","description":"Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive data exposure and mass assignment attacks.","domain":"cybersecurity","path":"skills/detecting-broken-object-property-level-authorization"},{"name":"detecting-business-email-compromise","description":"Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors,","domain":"cybersecurity","path":"skills/detecting-business-email-compromise"},{"name":"detecting-business-email-compromise-with-ai","description":"Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing","domain":"cybersecurity","path":"skills/detecting-business-email-compromise-with-ai"},{"name":"detecting-cloud-threats-with-guardduty","description":">","domain":"cybersecurity","path":"skills/detecting-cloud-threats-with-guardduty"},{"name":"detecting-command-and-control-over-dns","description":">","domain":"cybersecurity","path":"skills/detecting-command-and-control-over-dns"},{"name":"detecting-compromised-cloud-credentials","description":">","domain":"cybersecurity","path":"skills/detecting-compromised-cloud-credentials"},{"name":"detecting-container-drift-at-runtime","description":"Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system changes, and configuration deviations from the original container image.","domain":"cybersecurity","path":"skills/detecting-container-drift-at-runtime"},{"name":"detecting-container-escape-attempts","description":"Container escape is a critical attack technique where an adversary breaks out of container isolation to access","domain":"cybersecurity","path":"skills/detecting-container-escape-attempts"},{"name":"detecting-container-escape-with-falco-rules","description":"Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file","domain":"cybersecurity","path":"skills/detecting-container-escape-with-falco-rules"},{"name":"detecting-credential-dumping-techniques","description":"Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows","domain":"cybersecurity","path":"skills/detecting-credential-dumping-techniques"},{"name":"detecting-cryptomining-in-cloud","description":">","domain":"cybersecurity","path":"skills/detecting-cryptomining-in-cloud"},{"name":"detecting-dcsync-attack-in-active-directory","description":"Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes","domain":"cybersecurity","path":"skills/detecting-dcsync-attack-in-active-directory"},{"name":"detecting-deepfake-audio-in-vishing-attacks","description":"'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features","domain":"cybersecurity","path":"skills/detecting-deepfake-audio-in-vishing-attacks"},{"name":"detecting-dll-sideloading-attacks","description":"Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack","domain":"cybersecurity","path":"skills/detecting-dll-sideloading-attacks"},{"name":"detecting-dnp3-protocol-anomalies","description":"'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring","domain":"cybersecurity","path":"skills/detecting-dnp3-protocol-anomalies"},{"name":"detecting-dns-exfiltration-with-dns-query-analysis","description":"Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.","domain":"cybersecurity","path":"skills/detecting-dns-exfiltration-with-dns-query-analysis"},{"name":"detecting-email-account-compromise","description":"Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.","domain":"cybersecurity","path":"skills/detecting-email-account-compromise"},{"name":"detecting-email-forwarding-rules-attack","description":"Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications","domain":"cybersecurity","path":"skills/detecting-email-forwarding-rules-attack"},{"name":"detecting-evasion-techniques-in-endpoint-logs","description":"'Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,","domain":"cybersecurity","path":"skills/detecting-evasion-techniques-in-endpoint-logs"},{"name":"detecting-exfiltration-over-dns-with-zeek","description":"Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns","domain":"cybersecurity","path":"skills/detecting-exfiltration-over-dns-with-zeek"},{"name":"detecting-fileless-attacks-on-endpoints","description":">","domain":"cybersecurity","path":"skills/detecting-fileless-attacks-on-endpoints"},{"name":"detecting-fileless-malware-techniques","description":"'Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,","domain":"cybersecurity","path":"skills/detecting-fileless-malware-techniques"},{"name":"detecting-golden-ticket-attacks-in-kerberos-logs","description":"Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption types, impossible ticket lifetimes, non-existent accounts, and forged PAC signatures in domain controller event logs.","domain":"cybersecurity","path":"skills/detecting-golden-ticket-attacks-in-kerberos-logs"},{"name":"detecting-golden-ticket-forgery","description":"Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17),","domain":"cybersecurity","path":"skills/detecting-golden-ticket-forgery"},{"name":"detecting-insider-data-exfiltration-via-dlp","description":">","domain":"cybersecurity","path":"skills/detecting-insider-data-exfiltration-via-dlp"},{"name":"detecting-insider-threat-behaviors","description":"Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,","domain":"cybersecurity","path":"skills/detecting-insider-threat-behaviors"},{"name":"detecting-insider-threat-with-ueba","description":"Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.","domain":"cybersecurity","path":"skills/detecting-insider-threat-with-ueba"},{"name":"detecting-kerberoasting-attacks","description":"Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with","domain":"cybersecurity","path":"skills/detecting-kerberoasting-attacks"},{"name":"detecting-lateral-movement-in-network","description":"'Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-in-network"},{"name":"detecting-lateral-movement-with-splunk","description":"Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-splunk"},{"name":"detecting-lateral-movement-with-zeek","description":">","domain":"cybersecurity","path":"skills/detecting-lateral-movement-with-zeek"},{"name":"detecting-living-off-the-land-attacks","description":"'Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-attacks"},{"name":"detecting-living-off-the-land-with-lolbas","description":"Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32","domain":"cybersecurity","path":"skills/detecting-living-off-the-land-with-lolbas"},{"name":"detecting-malicious-scheduled-tasks-with-sysmon","description":"'Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe),","domain":"cybersecurity","path":"skills/detecting-malicious-scheduled-tasks-with-sysmon"},{"name":"detecting-mimikatz-execution-patterns","description":"Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory","domain":"cybersecurity","path":"skills/detecting-mimikatz-execution-patterns"},{"name":"detecting-misconfigured-azure-storage","description":"'Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption","domain":"cybersecurity","path":"skills/detecting-misconfigured-azure-storage"},{"name":"detecting-mobile-malware-behavior","description":">","domain":"cybersecurity","path":"skills/detecting-mobile-malware-behavior"},{"name":"detecting-modbus-command-injection-attacks","description":">","domain":"cybersecurity","path":"skills/detecting-modbus-command-injection-attacks"},{"name":"detecting-modbus-protocol-anomalies","description":"'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.","domain":"cybersecurity","path":"skills/detecting-modbus-protocol-anomalies"},{"name":"detecting-network-anomalies-with-zeek","description":">","domain":"cybersecurity","path":"skills/detecting-network-anomalies-with-zeek"},{"name":"detecting-network-scanning-with-ids-signatures","description":"Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.","domain":"cybersecurity","path":"skills/detecting-network-scanning-with-ids-signatures"},{"name":"detecting-ntlm-relay-with-event-correlation","description":"'Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for","domain":"cybersecurity","path":"skills/detecting-ntlm-relay-with-event-correlation"},{"name":"detecting-oauth-token-theft","description":">","domain":"cybersecurity","path":"skills/detecting-oauth-token-theft"},{"name":"detecting-pass-the-hash-attacks","description":"Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where","domain":"cybersecurity","path":"skills/detecting-pass-the-hash-attacks"},{"name":"detecting-pass-the-ticket-attacks","description":"Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous","domain":"cybersecurity","path":"skills/detecting-pass-the-ticket-attacks"},{"name":"detecting-port-scanning-with-fail2ban","description":">","domain":"cybersecurity","path":"skills/detecting-port-scanning-with-fail2ban"},{"name":"detecting-privilege-escalation-attempts","description":"Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-attempts"},{"name":"detecting-privilege-escalation-in-kubernetes-pods","description":"Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and","domain":"cybersecurity","path":"skills/detecting-privilege-escalation-in-kubernetes-pods"},{"name":"detecting-process-hollowing-technique","description":"Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child","domain":"cybersecurity","path":"skills/detecting-process-hollowing-technique"},{"name":"detecting-process-injection-techniques","description":"'Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,","domain":"cybersecurity","path":"skills/detecting-process-injection-techniques"},{"name":"detecting-qr-code-phishing-with-email-security","description":"Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious","domain":"cybersecurity","path":"skills/detecting-qr-code-phishing-with-email-security"},{"name":"detecting-ransomware-encryption-behavior","description":">","domain":"cybersecurity","path":"skills/detecting-ransomware-encryption-behavior"},{"name":"detecting-ransomware-precursors-in-network","description":">","domain":"cybersecurity","path":"skills/detecting-ransomware-precursors-in-network"},{"name":"detecting-rdp-brute-force-attacks","description":"Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.","domain":"cybersecurity","path":"skills/detecting-rdp-brute-force-attacks"},{"name":"detecting-rootkit-activity","description":">","domain":"cybersecurity","path":"skills/detecting-rootkit-activity"},{"name":"detecting-s3-data-exfiltration-attempts","description":">","domain":"cybersecurity","path":"skills/detecting-s3-data-exfiltration-attempts"},{"name":"detecting-serverless-function-injection","description":">","domain":"cybersecurity","path":"skills/detecting-serverless-function-injection"},{"name":"detecting-service-account-abuse","description":"Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement,","domain":"cybersecurity","path":"skills/detecting-service-account-abuse"},{"name":"detecting-shadow-api-endpoints","description":"Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.","domain":"cybersecurity","path":"skills/detecting-shadow-api-endpoints"},{"name":"detecting-shadow-it-cloud-usage","description":"Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.","domain":"cybersecurity","path":"skills/detecting-shadow-it-cloud-usage"},{"name":"detecting-spearphishing-with-email-gateway","description":"Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,","domain":"cybersecurity","path":"skills/detecting-spearphishing-with-email-gateway"},{"name":"detecting-sql-injection-via-waf-logs","description":">-","domain":"cybersecurity","path":"skills/detecting-sql-injection-via-waf-logs"},{"name":"detecting-stuxnet-style-attacks","description":">","domain":"cybersecurity","path":"skills/detecting-stuxnet-style-attacks"},{"name":"detecting-supply-chain-attacks-in-ci-cd","description":"'Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned","domain":"cybersecurity","path":"skills/detecting-supply-chain-attacks-in-ci-cd"},{"name":"detecting-suspicious-oauth-application-consent","description":"Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.","domain":"cybersecurity","path":"skills/detecting-suspicious-oauth-application-consent"},{"name":"detecting-suspicious-powershell-execution","description":"Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,","domain":"cybersecurity","path":"skills/detecting-suspicious-powershell-execution"},{"name":"detecting-t1003-credential-dumping-with-edr","description":"Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials","domain":"cybersecurity","path":"skills/detecting-t1003-credential-dumping-with-edr"},{"name":"detecting-t1055-process-injection-with-sysmon","description":"Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection","domain":"cybersecurity","path":"skills/detecting-t1055-process-injection-with-sysmon"},{"name":"detecting-t1548-abuse-elevation-control-mechanism","description":"Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation","domain":"cybersecurity","path":"skills/detecting-t1548-abuse-elevation-control-mechanism"},{"name":"detecting-typosquatting-packages-in-npm-pypi","description":">","domain":"cybersecurity","path":"skills/detecting-typosquatting-packages-in-npm-pypi"},{"name":"detecting-wmi-persistence","description":"Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,","domain":"cybersecurity","path":"skills/detecting-wmi-persistence"},{"name":"eradicating-malware-from-infected-systems","description":"Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.","domain":"cybersecurity","path":"skills/eradicating-malware-from-infected-systems"},{"name":"evaluating-threat-intelligence-platforms","description":">","domain":"cybersecurity","path":"skills/evaluating-threat-intelligence-platforms"},{"name":"executing-active-directory-attack-simulation","description":"'Executes authorized attack simulations against Active Directory environments to identify misconfigurations,","domain":"cybersecurity","path":"skills/executing-active-directory-attack-simulation"},{"name":"executing-phishing-simulation-campaign","description":">","domain":"cybersecurity","path":"skills/executing-phishing-simulation-campaign"},{"name":"executing-red-team-engagement-planning","description":"Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.","domain":"cybersecurity","path":"skills/executing-red-team-engagement-planning"},{"name":"executing-red-team-exercise","description":"'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s","domain":"cybersecurity","path":"skills/executing-red-team-exercise"},{"name":"exploiting-active-directory-certificate-services-esc1","description":"Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates","domain":"cybersecurity","path":"skills/exploiting-active-directory-certificate-services-esc1"},{"name":"exploiting-active-directory-with-bloodhound","description":"BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and","domain":"cybersecurity","path":"skills/exploiting-active-directory-with-bloodhound"},{"name":"exploiting-api-injection-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-api-injection-vulnerabilities"},{"name":"exploiting-bgp-hijacking-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-bgp-hijacking-vulnerabilities"},{"name":"exploiting-broken-function-level-authorization","description":">","domain":"cybersecurity","path":"skills/exploiting-broken-function-level-authorization"},{"name":"exploiting-broken-link-hijacking","description":"Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned cloud resources, and dead external services that can be claimed by an attacker.","domain":"cybersecurity","path":"skills/exploiting-broken-link-hijacking"},{"name":"exploiting-constrained-delegation-abuse","description":"Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users","domain":"cybersecurity","path":"skills/exploiting-constrained-delegation-abuse"},{"name":"exploiting-deeplink-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-deeplink-vulnerabilities"},{"name":"exploiting-excessive-data-exposure-in-api","description":">","domain":"cybersecurity","path":"skills/exploiting-excessive-data-exposure-in-api"},{"name":"exploiting-http-request-smuggling","description":"Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.","domain":"cybersecurity","path":"skills/exploiting-http-request-smuggling"},{"name":"exploiting-idor-vulnerabilities","description":"Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.","domain":"cybersecurity","path":"skills/exploiting-idor-vulnerabilities"},{"name":"exploiting-insecure-data-storage-in-mobile","description":"'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including","domain":"cybersecurity","path":"skills/exploiting-insecure-data-storage-in-mobile"},{"name":"exploiting-insecure-deserialization","description":"Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications to achieve remote code execution during authorized penetration tests.","domain":"cybersecurity","path":"skills/exploiting-insecure-deserialization"},{"name":"exploiting-ipv6-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-ipv6-vulnerabilities"},{"name":"exploiting-jwt-algorithm-confusion-attack","description":">","domain":"cybersecurity","path":"skills/exploiting-jwt-algorithm-confusion-attack"},{"name":"exploiting-kerberoasting-with-impacket","description":"Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active","domain":"cybersecurity","path":"skills/exploiting-kerberoasting-with-impacket"},{"name":"exploiting-mass-assignment-in-rest-apis","description":"Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields, and bypass authorization controls by injecting unexpected parameters in API requests.","domain":"cybersecurity","path":"skills/exploiting-mass-assignment-in-rest-apis"},{"name":"exploiting-ms17-010-eternalblue-vulnerability","description":"MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code","domain":"cybersecurity","path":"skills/exploiting-ms17-010-eternalblue-vulnerability"},{"name":"exploiting-nopac-cve-2021-42278-42287","description":"Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)","domain":"cybersecurity","path":"skills/exploiting-nopac-cve-2021-42278-42287"},{"name":"exploiting-nosql-injection-vulnerabilities","description":"Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate authentication bypass, data extraction, and unauthorized access risks.","domain":"cybersecurity","path":"skills/exploiting-nosql-injection-vulnerabilities"},{"name":"exploiting-oauth-misconfiguration","description":"Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.","domain":"cybersecurity","path":"skills/exploiting-oauth-misconfiguration"},{"name":"exploiting-prototype-pollution-in-javascript","description":"Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications to achieve XSS, RCE, and authentication bypass through property injection.","domain":"cybersecurity","path":"skills/exploiting-prototype-pollution-in-javascript"},{"name":"exploiting-race-condition-vulnerabilities","description":"Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack technique to bypass rate limits, duplicate transactions, and exploit time-of-check-to-time-of-use flaws.","domain":"cybersecurity","path":"skills/exploiting-race-condition-vulnerabilities"},{"name":"exploiting-server-side-request-forgery","description":"Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.","domain":"cybersecurity","path":"skills/exploiting-server-side-request-forgery"},{"name":"exploiting-smb-vulnerabilities-with-metasploit","description":">","domain":"cybersecurity","path":"skills/exploiting-smb-vulnerabilities-with-metasploit"},{"name":"exploiting-sql-injection-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/exploiting-sql-injection-vulnerabilities"},{"name":"exploiting-sql-injection-with-sqlmap","description":"Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.","domain":"cybersecurity","path":"skills/exploiting-sql-injection-with-sqlmap"},{"name":"exploiting-template-injection-vulnerabilities","description":"Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.","domain":"cybersecurity","path":"skills/exploiting-template-injection-vulnerabilities"},{"name":"exploiting-type-juggling-vulnerabilities","description":"Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.","domain":"cybersecurity","path":"skills/exploiting-type-juggling-vulnerabilities"},{"name":"exploiting-vulnerabilities-with-metasploit-framework","description":"The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules","domain":"cybersecurity","path":"skills/exploiting-vulnerabilities-with-metasploit-framework"},{"name":"exploiting-websocket-vulnerabilities","description":"Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.","domain":"cybersecurity","path":"skills/exploiting-websocket-vulnerabilities"},{"name":"exploiting-zerologon-vulnerability-cve-2020-1472","description":"Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller","domain":"cybersecurity","path":"skills/exploiting-zerologon-vulnerability-cve-2020-1472"},{"name":"extracting-browser-history-artifacts","description":"Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.","domain":"cybersecurity","path":"skills/extracting-browser-history-artifacts"},{"name":"extracting-config-from-agent-tesla-rat","description":"Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,","domain":"cybersecurity","path":"skills/extracting-config-from-agent-tesla-rat"},{"name":"extracting-credentials-from-memory-dump","description":"Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.","domain":"cybersecurity","path":"skills/extracting-credentials-from-memory-dump"},{"name":"extracting-iocs-from-malware-samples","description":">","domain":"cybersecurity","path":"skills/extracting-iocs-from-malware-samples"},{"name":"extracting-memory-artifacts-with-rekall","description":">","domain":"cybersecurity","path":"skills/extracting-memory-artifacts-with-rekall"},{"name":"extracting-windows-event-logs-artifacts","description":"Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.","domain":"cybersecurity","path":"skills/extracting-windows-event-logs-artifacts"},{"name":"generating-threat-intelligence-reports","description":">","domain":"cybersecurity","path":"skills/generating-threat-intelligence-reports"},{"name":"hardening-docker-containers-for-production","description":"Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas","domain":"cybersecurity","path":"skills/hardening-docker-containers-for-production"},{"name":"hardening-docker-daemon-configuration","description":"Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.","domain":"cybersecurity","path":"skills/hardening-docker-daemon-configuration"},{"name":"hardening-linux-endpoint-with-cis-benchmark","description":">","domain":"cybersecurity","path":"skills/hardening-linux-endpoint-with-cis-benchmark"},{"name":"hardening-windows-endpoint-with-cis-benchmark","description":">","domain":"cybersecurity","path":"skills/hardening-windows-endpoint-with-cis-benchmark"},{"name":"hunting-advanced-persistent-threats","description":"'Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven","domain":"cybersecurity","path":"skills/hunting-advanced-persistent-threats"},{"name":"hunting-credential-stuffing-attacks","description":">","domain":"cybersecurity","path":"skills/hunting-credential-stuffing-attacks"},{"name":"hunting-for-anomalous-powershell-execution","description":">","domain":"cybersecurity","path":"skills/hunting-for-anomalous-powershell-execution"},{"name":"hunting-for-beaconing-with-frequency-analysis","description":"Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis,","domain":"cybersecurity","path":"skills/hunting-for-beaconing-with-frequency-analysis"},{"name":"hunting-for-cobalt-strike-beacons","description":"Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.","domain":"cybersecurity","path":"skills/hunting-for-cobalt-strike-beacons"},{"name":"hunting-for-command-and-control-beaconing","description":"Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation","domain":"cybersecurity","path":"skills/hunting-for-command-and-control-beaconing"},{"name":"hunting-for-data-exfiltration-indicators","description":"Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud","domain":"cybersecurity","path":"skills/hunting-for-data-exfiltration-indicators"},{"name":"hunting-for-data-staging-before-exfiltration","description":"Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp","domain":"cybersecurity","path":"skills/hunting-for-data-staging-before-exfiltration"},{"name":"hunting-for-dcom-lateral-movement","description":"'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows","domain":"cybersecurity","path":"skills/hunting-for-dcom-lateral-movement"},{"name":"hunting-for-dcsync-attacks","description":"Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests","domain":"cybersecurity","path":"skills/hunting-for-dcsync-attacks"},{"name":"hunting-for-defense-evasion-via-timestomping","description":"'Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps","domain":"cybersecurity","path":"skills/hunting-for-defense-evasion-via-timestomping"},{"name":"hunting-for-dns-based-persistence","description":"Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.","domain":"cybersecurity","path":"skills/hunting-for-dns-based-persistence"},{"name":"hunting-for-dns-tunneling-with-zeek","description":"Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive","domain":"cybersecurity","path":"skills/hunting-for-dns-tunneling-with-zeek"},{"name":"hunting-for-domain-fronting-c2-traffic","description":"Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate","domain":"cybersecurity","path":"skills/hunting-for-domain-fronting-c2-traffic"},{"name":"hunting-for-lateral-movement-via-wmi","description":"Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.","domain":"cybersecurity","path":"skills/hunting-for-lateral-movement-via-wmi"},{"name":"hunting-for-living-off-the-cloud-techniques","description":"Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-cloud-techniques"},{"name":"hunting-for-living-off-the-land-binaries","description":"Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while","domain":"cybersecurity","path":"skills/hunting-for-living-off-the-land-binaries"},{"name":"hunting-for-lolbins-execution-in-endpoint-logs","description":"Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs","domain":"cybersecurity","path":"skills/hunting-for-lolbins-execution-in-endpoint-logs"},{"name":"hunting-for-ntlm-relay-attacks","description":"Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying","domain":"cybersecurity","path":"skills/hunting-for-ntlm-relay-attacks"},{"name":"hunting-for-persistence-mechanisms-in-windows","description":"Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,","domain":"cybersecurity","path":"skills/hunting-for-persistence-mechanisms-in-windows"},{"name":"hunting-for-persistence-via-wmi-subscriptions","description":"Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI","domain":"cybersecurity","path":"skills/hunting-for-persistence-via-wmi-subscriptions"},{"name":"hunting-for-process-injection-techniques","description":"Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection","domain":"cybersecurity","path":"skills/hunting-for-process-injection-techniques"},{"name":"hunting-for-registry-persistence-mechanisms","description":"Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and","domain":"cybersecurity","path":"skills/hunting-for-registry-persistence-mechanisms"},{"name":"hunting-for-registry-run-key-persistence","description":"Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry","domain":"cybersecurity","path":"skills/hunting-for-registry-run-key-persistence"},{"name":"hunting-for-scheduled-task-persistence","description":"Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task","domain":"cybersecurity","path":"skills/hunting-for-scheduled-task-persistence"},{"name":"hunting-for-shadow-copy-deletion","description":"Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring","domain":"cybersecurity","path":"skills/hunting-for-shadow-copy-deletion"},{"name":"hunting-for-spearphishing-indicators","description":"Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect","domain":"cybersecurity","path":"skills/hunting-for-spearphishing-indicators"},{"name":"hunting-for-startup-folder-persistence","description":"Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation,","domain":"cybersecurity","path":"skills/hunting-for-startup-folder-persistence"},{"name":"hunting-for-supply-chain-compromise","description":"Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,","domain":"cybersecurity","path":"skills/hunting-for-supply-chain-compromise"},{"name":"hunting-for-suspicious-scheduled-tasks","description":"Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.","domain":"cybersecurity","path":"skills/hunting-for-suspicious-scheduled-tasks"},{"name":"hunting-for-t1098-account-manipulation","description":"Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group","domain":"cybersecurity","path":"skills/hunting-for-t1098-account-manipulation"},{"name":"hunting-for-unusual-network-connections","description":"Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard","domain":"cybersecurity","path":"skills/hunting-for-unusual-network-connections"},{"name":"hunting-for-unusual-service-installations","description":"Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event","domain":"cybersecurity","path":"skills/hunting-for-unusual-service-installations"},{"name":"hunting-for-webshell-activity","description":"Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious","domain":"cybersecurity","path":"skills/hunting-for-webshell-activity"},{"name":"implementing-aes-encryption-for-data-at-rest","description":"AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classified and sensitive data. This skill covers implementing AES-256 encryption in GCM m","domain":"cybersecurity","path":"skills/implementing-aes-encryption-for-data-at-rest"},{"name":"implementing-alert-fatigue-reduction","description":">","domain":"cybersecurity","path":"skills/implementing-alert-fatigue-reduction"},{"name":"implementing-anti-phishing-training-program","description":"Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv","domain":"cybersecurity","path":"skills/implementing-anti-phishing-training-program"},{"name":"implementing-anti-ransomware-group-policy","description":">","domain":"cybersecurity","path":"skills/implementing-anti-ransomware-group-policy"},{"name":"implementing-api-abuse-detection-with-rate-limiting","description":"Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent DDoS, brute force, and credential stuffing attacks.","domain":"cybersecurity","path":"skills/implementing-api-abuse-detection-with-rate-limiting"},{"name":"implementing-api-gateway-security-controls","description":">","domain":"cybersecurity","path":"skills/implementing-api-gateway-security-controls"},{"name":"implementing-api-key-security-controls","description":"'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication","domain":"cybersecurity","path":"skills/implementing-api-key-security-controls"},{"name":"implementing-api-rate-limiting-and-throttling","description":">","domain":"cybersecurity","path":"skills/implementing-api-rate-limiting-and-throttling"},{"name":"implementing-api-schema-validation-security","description":"Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.","domain":"cybersecurity","path":"skills/implementing-api-schema-validation-security"},{"name":"implementing-api-security-posture-management","description":"Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while enforcing security policies across the API lifecycle.","domain":"cybersecurity","path":"skills/implementing-api-security-posture-management"},{"name":"implementing-api-security-testing-with-42crunch","description":"Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic conformance scanning of OpenAPI specifications.","domain":"cybersecurity","path":"skills/implementing-api-security-testing-with-42crunch"},{"name":"implementing-api-threat-protection-with-apigee","description":"Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.","domain":"cybersecurity","path":"skills/implementing-api-threat-protection-with-apigee"},{"name":"implementing-application-whitelisting-with-applocker","description":">","domain":"cybersecurity","path":"skills/implementing-application-whitelisting-with-applocker"},{"name":"implementing-aqua-security-for-container-scanning","description":"Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.","domain":"cybersecurity","path":"skills/implementing-aqua-security-for-container-scanning"},{"name":"implementing-attack-path-analysis-with-xm-cyber","description":"Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize the 2% of exposures that threaten critical assets.","domain":"cybersecurity","path":"skills/implementing-attack-path-analysis-with-xm-cyber"},{"name":"implementing-attack-surface-management","description":">","domain":"cybersecurity","path":"skills/implementing-attack-surface-management"},{"name":"implementing-aws-config-rules-for-compliance","description":">","domain":"cybersecurity","path":"skills/implementing-aws-config-rules-for-compliance"},{"name":"implementing-aws-iam-permission-boundaries","description":"Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.","domain":"cybersecurity","path":"skills/implementing-aws-iam-permission-boundaries"},{"name":"implementing-aws-macie-for-data-classification","description":"Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine","domain":"cybersecurity","path":"skills/implementing-aws-macie-for-data-classification"},{"name":"implementing-aws-nitro-enclave-security","description":">","domain":"cybersecurity","path":"skills/implementing-aws-nitro-enclave-security"},{"name":"implementing-aws-security-hub","description":">","domain":"cybersecurity","path":"skills/implementing-aws-security-hub"},{"name":"implementing-aws-security-hub-compliance","description":">","domain":"cybersecurity","path":"skills/implementing-aws-security-hub-compliance"},{"name":"implementing-azure-ad-privileged-identity-management","description":"Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows, and access reviews for Azure AD privileged roles.","domain":"cybersecurity","path":"skills/implementing-azure-ad-privileged-identity-management"},{"name":"implementing-azure-defender-for-cloud","description":"'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across","domain":"cybersecurity","path":"skills/implementing-azure-defender-for-cloud"},{"name":"implementing-beyondcorp-zero-trust-access-model","description":">","domain":"cybersecurity","path":"skills/implementing-beyondcorp-zero-trust-access-model"},{"name":"implementing-bgp-security-with-rpki","description":"Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and ROV policies on Cisco and Juniper routers to prevent route hijacking.","domain":"cybersecurity","path":"skills/implementing-bgp-security-with-rpki"},{"name":"implementing-browser-isolation-for-zero-trust","description":">","domain":"cybersecurity","path":"skills/implementing-browser-isolation-for-zero-trust"},{"name":"implementing-canary-tokens-for-network-intrusion","description":">","domain":"cybersecurity","path":"skills/implementing-canary-tokens-for-network-intrusion"},{"name":"implementing-cisa-zero-trust-maturity-model","description":"Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications,","domain":"cybersecurity","path":"skills/implementing-cisa-zero-trust-maturity-model"},{"name":"implementing-cloud-dlp-for-data-protection","description":"'Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud","domain":"cybersecurity","path":"skills/implementing-cloud-dlp-for-data-protection"},{"name":"implementing-cloud-security-posture-management","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-security-posture-management"},{"name":"implementing-cloud-trail-log-analysis","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-trail-log-analysis"},{"name":"implementing-cloud-vulnerability-posture-management","description":"Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite for multi-cloud vulnerability detection.","domain":"cybersecurity","path":"skills/implementing-cloud-vulnerability-posture-management"},{"name":"implementing-cloud-waf-rules","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-waf-rules"},{"name":"implementing-cloud-workload-protection","description":">","domain":"cybersecurity","path":"skills/implementing-cloud-workload-protection"},{"name":"implementing-code-signing-for-artifacts","description":">","domain":"cybersecurity","path":"skills/implementing-code-signing-for-artifacts"},{"name":"implementing-conditional-access-policies-azure-ad","description":"Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l","domain":"cybersecurity","path":"skills/implementing-conditional-access-policies-azure-ad"},{"name":"implementing-conduit-security-for-ot-remote-access","description":">","domain":"cybersecurity","path":"skills/implementing-conduit-security-for-ot-remote-access"},{"name":"implementing-container-image-minimal-base-with-distroless","description":"Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.","domain":"cybersecurity","path":"skills/implementing-container-image-minimal-base-with-distroless"},{"name":"implementing-container-network-policies-with-calico","description":"Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control pod-to-pod traffic, restrict egress, and implement zero-trust microsegmentation.","domain":"cybersecurity","path":"skills/implementing-container-network-policies-with-calico"},{"name":"implementing-continuous-security-validation-with-bas","description":"Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating","domain":"cybersecurity","path":"skills/implementing-continuous-security-validation-with-bas"},{"name":"implementing-data-loss-prevention-with-microsoft-purview","description":">","domain":"cybersecurity","path":"skills/implementing-data-loss-prevention-with-microsoft-purview"},{"name":"implementing-ddos-mitigation-with-cloudflare","description":"Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.","domain":"cybersecurity","path":"skills/implementing-ddos-mitigation-with-cloudflare"},{"name":"implementing-deception-based-detection-with-canarytoken","description":"Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens.","domain":"cybersecurity","path":"skills/implementing-deception-based-detection-with-canarytoken"},{"name":"implementing-delinea-secret-server-for-pam","description":">","domain":"cybersecurity","path":"skills/implementing-delinea-secret-server-for-pam"},{"name":"implementing-device-posture-assessment-in-zero-trust","description":">","domain":"cybersecurity","path":"skills/implementing-device-posture-assessment-in-zero-trust"},{"name":"implementing-devsecops-security-scanning","description":">","domain":"cybersecurity","path":"skills/implementing-devsecops-security-scanning"},{"name":"implementing-diamond-model-analysis","description":">-","domain":"cybersecurity","path":"skills/implementing-diamond-model-analysis"},{"name":"implementing-digital-signatures-with-ed25519","description":"Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove","domain":"cybersecurity","path":"skills/implementing-digital-signatures-with-ed25519"},{"name":"implementing-disk-encryption-with-bitlocker","description":">","domain":"cybersecurity","path":"skills/implementing-disk-encryption-with-bitlocker"},{"name":"implementing-dmarc-dkim-spf-email-security","description":"SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper im","domain":"cybersecurity","path":"skills/implementing-dmarc-dkim-spf-email-security"},{"name":"implementing-dragos-platform-for-ot-monitoring","description":"'Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol","domain":"cybersecurity","path":"skills/implementing-dragos-platform-for-ot-monitoring"},{"name":"implementing-ebpf-security-monitoring","description":"'Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network","domain":"cybersecurity","path":"skills/implementing-ebpf-security-monitoring"},{"name":"implementing-email-sandboxing-with-proofpoint","description":"Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry","domain":"cybersecurity","path":"skills/implementing-email-sandboxing-with-proofpoint"},{"name":"implementing-end-to-end-encryption-for-messaging","description":"End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version","domain":"cybersecurity","path":"skills/implementing-end-to-end-encryption-for-messaging"},{"name":"implementing-endpoint-detection-with-wazuh","description":"Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule","domain":"cybersecurity","path":"skills/implementing-endpoint-detection-with-wazuh"},{"name":"implementing-endpoint-dlp-controls","description":"'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through","domain":"cybersecurity","path":"skills/implementing-endpoint-dlp-controls"},{"name":"implementing-envelope-encryption-with-aws-kms","description":"Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself is encrypted with a master key (KEK) managed by AWS KMS. This approach allows encrypting","domain":"cybersecurity","path":"skills/implementing-envelope-encryption-with-aws-kms"},{"name":"implementing-epss-score-for-vulnerability-prioritization","description":"Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.","domain":"cybersecurity","path":"skills/implementing-epss-score-for-vulnerability-prioritization"},{"name":"implementing-file-integrity-monitoring-with-aide","description":"Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting","domain":"cybersecurity","path":"skills/implementing-file-integrity-monitoring-with-aide"},{"name":"implementing-fuzz-testing-in-cicd-with-aflplusplus","description":"Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,","domain":"cybersecurity","path":"skills/implementing-fuzz-testing-in-cicd-with-aflplusplus"},{"name":"implementing-gcp-binary-authorization","description":"Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested container images are deployed to Google Kubernetes Engine and Cloud Run.","domain":"cybersecurity","path":"skills/implementing-gcp-binary-authorization"},{"name":"implementing-gcp-organization-policy-constraints","description":"Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.","domain":"cybersecurity","path":"skills/implementing-gcp-organization-policy-constraints"},{"name":"implementing-gcp-vpc-firewall-rules","description":">","domain":"cybersecurity","path":"skills/implementing-gcp-vpc-firewall-rules"},{"name":"implementing-gdpr-data-protection-controls","description":"The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing","domain":"cybersecurity","path":"skills/implementing-gdpr-data-protection-controls"},{"name":"implementing-gdpr-data-subject-access-request","description":">","domain":"cybersecurity","path":"skills/implementing-gdpr-data-subject-access-request"},{"name":"implementing-github-advanced-security-for-code-scanning","description":"Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.","domain":"cybersecurity","path":"skills/implementing-github-advanced-security-for-code-scanning"},{"name":"implementing-google-workspace-admin-security","description":">","domain":"cybersecurity","path":"skills/implementing-google-workspace-admin-security"},{"name":"implementing-google-workspace-phishing-protection","description":"Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.","domain":"cybersecurity","path":"skills/implementing-google-workspace-phishing-protection"},{"name":"implementing-google-workspace-sso-configuration","description":"Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.","domain":"cybersecurity","path":"skills/implementing-google-workspace-sso-configuration"},{"name":"implementing-hardware-security-key-authentication","description":"'Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication","domain":"cybersecurity","path":"skills/implementing-hardware-security-key-authentication"},{"name":"implementing-hashicorp-vault-dynamic-secrets","description":">","domain":"cybersecurity","path":"skills/implementing-hashicorp-vault-dynamic-secrets"},{"name":"implementing-honeypot-for-ransomware-detection","description":"'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible","domain":"cybersecurity","path":"skills/implementing-honeypot-for-ransomware-detection"},{"name":"implementing-honeytokens-for-breach-detection","description":">","domain":"cybersecurity","path":"skills/implementing-honeytokens-for-breach-detection"},{"name":"implementing-ics-firewall-with-tofino","description":">","domain":"cybersecurity","path":"skills/implementing-ics-firewall-with-tofino"},{"name":"implementing-identity-governance-with-sailpoint","description":"Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy","domain":"cybersecurity","path":"skills/implementing-identity-governance-with-sailpoint"},{"name":"implementing-identity-verification-for-zero-trust","description":"Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based","domain":"cybersecurity","path":"skills/implementing-identity-verification-for-zero-trust"},{"name":"implementing-iec-62443-security-zones","description":">","domain":"cybersecurity","path":"skills/implementing-iec-62443-security-zones"},{"name":"implementing-image-provenance-verification-with-cosign","description":"Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations, and Kubernetes admission enforcement.","domain":"cybersecurity","path":"skills/implementing-image-provenance-verification-with-cosign"},{"name":"implementing-immutable-backup-with-restic","description":"'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant","domain":"cybersecurity","path":"skills/implementing-immutable-backup-with-restic"},{"name":"implementing-infrastructure-as-code-security-scanning","description":">","domain":"cybersecurity","path":"skills/implementing-infrastructure-as-code-security-scanning"},{"name":"implementing-iso-27001-information-security-management","description":"ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete","domain":"cybersecurity","path":"skills/implementing-iso-27001-information-security-management"},{"name":"implementing-just-in-time-access-provisioning","description":"Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo","domain":"cybersecurity","path":"skills/implementing-just-in-time-access-provisioning"},{"name":"implementing-jwt-signing-and-verification","description":"JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization in web applications. This skill covers implementing secure JWT signing with HMAC-SHA256","domain":"cybersecurity","path":"skills/implementing-jwt-signing-and-verification"},{"name":"implementing-kubernetes-network-policy-with-calico","description":"Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod communication.","domain":"cybersecurity","path":"skills/implementing-kubernetes-network-policy-with-calico"},{"name":"implementing-kubernetes-pod-security-standards","description":"Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted -- enforced by the Pod Security Admission (PSA) controller built into Kubernetes 1.25+. PS","domain":"cybersecurity","path":"skills/implementing-kubernetes-pod-security-standards"},{"name":"implementing-llm-guardrails-for-security","description":"'Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection,","domain":"cybersecurity","path":"skills/implementing-llm-guardrails-for-security"},{"name":"implementing-log-forwarding-with-fluentd","description":"Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed infrastructure","domain":"cybersecurity","path":"skills/implementing-log-forwarding-with-fluentd"},{"name":"implementing-log-integrity-with-blockchain","description":">-","domain":"cybersecurity","path":"skills/implementing-log-integrity-with-blockchain"},{"name":"implementing-memory-protection-with-dep-aslr","description":">","domain":"cybersecurity","path":"skills/implementing-memory-protection-with-dep-aslr"},{"name":"implementing-microsegmentation-with-guardicore","description":">","domain":"cybersecurity","path":"skills/implementing-microsegmentation-with-guardicore"},{"name":"implementing-mimecast-targeted-attack-protection","description":"Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.","domain":"cybersecurity","path":"skills/implementing-mimecast-targeted-attack-protection"},{"name":"implementing-mitre-attack-coverage-mapping","description":"Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure","domain":"cybersecurity","path":"skills/implementing-mitre-attack-coverage-mapping"},{"name":"implementing-mobile-application-management","description":">","domain":"cybersecurity","path":"skills/implementing-mobile-application-management"},{"name":"implementing-mtls-for-zero-trust-services","description":">","domain":"cybersecurity","path":"skills/implementing-mtls-for-zero-trust-services"},{"name":"implementing-nerc-cip-compliance-controls","description":">","domain":"cybersecurity","path":"skills/implementing-nerc-cip-compliance-controls"},{"name":"implementing-network-access-control","description":">","domain":"cybersecurity","path":"skills/implementing-network-access-control"},{"name":"implementing-network-access-control-with-cisco-ise","description":"Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass, posture assessment, and dynamic VLAN assignment for network access control.","domain":"cybersecurity","path":"skills/implementing-network-access-control-with-cisco-ise"},{"name":"implementing-network-deception-with-honeypots","description":"Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.","domain":"cybersecurity","path":"skills/implementing-network-deception-with-honeypots"},{"name":"implementing-network-intrusion-prevention-with-suricata","description":"Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets, and inline traffic inspection for real-time threat blocking.","domain":"cybersecurity","path":"skills/implementing-network-intrusion-prevention-with-suricata"},{"name":"implementing-network-policies-for-kubernetes","description":"Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plu","domain":"cybersecurity","path":"skills/implementing-network-policies-for-kubernetes"},{"name":"implementing-network-segmentation-for-ot","description":">","domain":"cybersecurity","path":"skills/implementing-network-segmentation-for-ot"},{"name":"implementing-network-segmentation-with-firewall-zones","description":"Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.","domain":"cybersecurity","path":"skills/implementing-network-segmentation-with-firewall-zones"},{"name":"implementing-network-traffic-analysis-with-arkime","description":">-","domain":"cybersecurity","path":"skills/implementing-network-traffic-analysis-with-arkime"},{"name":"implementing-network-traffic-baselining","description":"Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score anomaly detection, and hourly/daily traffic pattern profiling","domain":"cybersecurity","path":"skills/implementing-network-traffic-baselining"},{"name":"implementing-next-generation-firewall-with-palo-alto","description":"Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies, SSL decryption, and threat prevention profiles for enterprise network security.","domain":"cybersecurity","path":"skills/implementing-next-generation-firewall-with-palo-alto"},{"name":"implementing-opa-gatekeeper-for-policy-enforcement","description":"Enforce Kubernetes admission policies using OPA Gatekeeper with ConstraintTemplates, Rego rules, and the Gatekeeper policy library.","domain":"cybersecurity","path":"skills/implementing-opa-gatekeeper-for-policy-enforcement"},{"name":"implementing-ot-incident-response-playbook","description":">","domain":"cybersecurity","path":"skills/implementing-ot-incident-response-playbook"},{"name":"implementing-ot-network-traffic-analysis-with-nozomi","description":"'Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset","domain":"cybersecurity","path":"skills/implementing-ot-network-traffic-analysis-with-nozomi"},{"name":"implementing-pam-for-database-access","description":"Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia","domain":"cybersecurity","path":"skills/implementing-pam-for-database-access"},{"name":"implementing-passwordless-auth-with-microsoft-entra","description":">","domain":"cybersecurity","path":"skills/implementing-passwordless-auth-with-microsoft-entra"},{"name":"implementing-passwordless-authentication-with-fido2","description":"Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn","domain":"cybersecurity","path":"skills/implementing-passwordless-authentication-with-fido2"},{"name":"implementing-patch-management-for-ot-systems","description":">","domain":"cybersecurity","path":"skills/implementing-patch-management-for-ot-systems"},{"name":"implementing-patch-management-workflow","description":"Patch management is the systematic process of identifying, testing, deploying, and verifying software updates to remediate vulnerabilities across an organization's IT infrastructure. An effective patc","domain":"cybersecurity","path":"skills/implementing-patch-management-workflow"},{"name":"implementing-pci-dss-compliance-controls","description":"PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements","domain":"cybersecurity","path":"skills/implementing-pci-dss-compliance-controls"},{"name":"implementing-pod-security-admission-controller","description":"Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace level using built-in admission controller.","domain":"cybersecurity","path":"skills/implementing-pod-security-admission-controller"},{"name":"implementing-policy-as-code-with-open-policy-agent","description":"'This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes","domain":"cybersecurity","path":"skills/implementing-policy-as-code-with-open-policy-agent"},{"name":"implementing-privileged-access-management-with-cyberark","description":"Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enterprise infrastructure. This skill covers vault architecture, session isolation, c","domain":"cybersecurity","path":"skills/implementing-privileged-access-management-with-cyberark"},{"name":"implementing-privileged-access-workstation","description":"Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration with CyberArk or BeyondTrust for secure administrative operations.","domain":"cybersecurity","path":"skills/implementing-privileged-access-workstation"},{"name":"implementing-privileged-session-monitoring","description":">","domain":"cybersecurity","path":"skills/implementing-privileged-session-monitoring"},{"name":"implementing-proofpoint-email-security-gateway","description":"Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware, BEC, and spam before messages reach user inboxes.","domain":"cybersecurity","path":"skills/implementing-proofpoint-email-security-gateway"},{"name":"implementing-purdue-model-network-segmentation","description":">","domain":"cybersecurity","path":"skills/implementing-purdue-model-network-segmentation"},{"name":"implementing-ransomware-backup-strategy","description":"'Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,","domain":"cybersecurity","path":"skills/implementing-ransomware-backup-strategy"},{"name":"implementing-ransomware-kill-switch-detection","description":">","domain":"cybersecurity","path":"skills/implementing-ransomware-kill-switch-detection"},{"name":"implementing-rapid7-insightvm-for-scanning","description":"Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.","domain":"cybersecurity","path":"skills/implementing-rapid7-insightvm-for-scanning"},{"name":"implementing-rbac-hardening-for-kubernetes","description":"Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings, eliminating cluster-admin sprawl, and integrating external identity providers.","domain":"cybersecurity","path":"skills/implementing-rbac-hardening-for-kubernetes"},{"name":"implementing-rsa-key-pair-management","description":"RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital signatures, key exchange, and encryption. This skill covers generating, storing, rotating,","domain":"cybersecurity","path":"skills/implementing-rsa-key-pair-management"},{"name":"implementing-runtime-application-self-protection","description":"Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application","domain":"cybersecurity","path":"skills/implementing-runtime-application-self-protection"},{"name":"implementing-runtime-security-with-tetragon","description":"Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon","domain":"cybersecurity","path":"skills/implementing-runtime-security-with-tetragon"},{"name":"implementing-saml-sso-with-okta","description":"Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end configuration of SAML authentication flows, attribute mapping, certificate management, a","domain":"cybersecurity","path":"skills/implementing-saml-sso-with-okta"},{"name":"implementing-scim-provisioning-with-okta","description":"Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.","domain":"cybersecurity","path":"skills/implementing-scim-provisioning-with-okta"},{"name":"implementing-secret-scanning-with-gitleaks","description":">","domain":"cybersecurity","path":"skills/implementing-secret-scanning-with-gitleaks"},{"name":"implementing-secrets-management-with-vault","description":">","domain":"cybersecurity","path":"skills/implementing-secrets-management-with-vault"},{"name":"implementing-secrets-scanning-in-ci-cd","description":"Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment","domain":"cybersecurity","path":"skills/implementing-secrets-scanning-in-ci-cd"},{"name":"implementing-security-chaos-engineering","description":"'Implements security chaos engineering experiments that deliberately disable or degrade security controls to","domain":"cybersecurity","path":"skills/implementing-security-chaos-engineering"},{"name":"implementing-security-information-sharing-with-stix2","description":"'Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,","domain":"cybersecurity","path":"skills/implementing-security-information-sharing-with-stix2"},{"name":"implementing-security-monitoring-with-datadog","description":"'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection","domain":"cybersecurity","path":"skills/implementing-security-monitoring-with-datadog"},{"name":"implementing-semgrep-for-custom-sast-rules","description":"Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.","domain":"cybersecurity","path":"skills/implementing-semgrep-for-custom-sast-rules"},{"name":"implementing-siem-correlation-rules-for-apt","description":">-","domain":"cybersecurity","path":"skills/implementing-siem-correlation-rules-for-apt"},{"name":"implementing-siem-use-case-tuning","description":"Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic","domain":"cybersecurity","path":"skills/implementing-siem-use-case-tuning"},{"name":"implementing-siem-use-cases-for-detection","description":"'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics","domain":"cybersecurity","path":"skills/implementing-siem-use-cases-for-detection"},{"name":"implementing-sigstore-for-software-signing","description":">","domain":"cybersecurity","path":"skills/implementing-sigstore-for-software-signing"},{"name":"implementing-soar-automation-with-phantom","description":">","domain":"cybersecurity","path":"skills/implementing-soar-automation-with-phantom"},{"name":"implementing-soar-playbook-for-phishing","description":"Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger playbooks","domain":"cybersecurity","path":"skills/implementing-soar-playbook-for-phishing"},{"name":"implementing-soar-playbook-with-palo-alto-xsoar","description":"Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC tools and reduce manual response time.","domain":"cybersecurity","path":"skills/implementing-soar-playbook-with-palo-alto-xsoar"},{"name":"implementing-stix-taxii-feed-integration","description":"STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.","domain":"cybersecurity","path":"skills/implementing-stix-taxii-feed-integration"},{"name":"implementing-supply-chain-security-with-in-toto","description":"Implement software supply chain integrity verification for container builds using the in-toto framework to create cryptographically signed attestations across CI/CD pipeline steps.","domain":"cybersecurity","path":"skills/implementing-supply-chain-security-with-in-toto"},{"name":"implementing-syslog-centralization-with-rsyslog","description":">-","domain":"cybersecurity","path":"skills/implementing-syslog-centralization-with-rsyslog"},{"name":"implementing-taxii-server-with-opentaxii","description":"Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using the TAXII 2.1 protocol for automated indicator exchange between organizations.","domain":"cybersecurity","path":"skills/implementing-taxii-server-with-opentaxii"},{"name":"implementing-threat-intelligence-lifecycle-management","description":"Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis, dissemination, and feedback stages to produce actionable intelligence for organizational decision-making.","domain":"cybersecurity","path":"skills/implementing-threat-intelligence-lifecycle-management"},{"name":"implementing-threat-modeling-with-mitre-attack","description":"'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,","domain":"cybersecurity","path":"skills/implementing-threat-modeling-with-mitre-attack"},{"name":"implementing-ticketing-system-for-incidents","description":">","domain":"cybersecurity","path":"skills/implementing-ticketing-system-for-incidents"},{"name":"implementing-usb-device-control-policy","description":">","domain":"cybersecurity","path":"skills/implementing-usb-device-control-policy"},{"name":"implementing-velociraptor-for-ir-collection","description":"","domain":"cybersecurity","path":"skills/implementing-velociraptor-for-ir-collection"},{"name":"implementing-vulnerability-management-with-greenbone","description":"Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.","domain":"cybersecurity","path":"skills/implementing-vulnerability-management-with-greenbone"},{"name":"implementing-vulnerability-remediation-sla","description":"Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs","domain":"cybersecurity","path":"skills/implementing-vulnerability-remediation-sla"},{"name":"implementing-vulnerability-sla-breach-alerting","description":"Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards.","domain":"cybersecurity","path":"skills/implementing-vulnerability-sla-breach-alerting"},{"name":"implementing-web-application-logging-with-modsecurity","description":"'Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false","domain":"cybersecurity","path":"skills/implementing-web-application-logging-with-modsecurity"},{"name":"implementing-zero-knowledge-proof-for-authentication","description":"Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati","domain":"cybersecurity","path":"skills/implementing-zero-knowledge-proof-for-authentication"},{"name":"implementing-zero-standing-privilege-with-cyberark","description":"Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.","domain":"cybersecurity","path":"skills/implementing-zero-standing-privilege-with-cyberark"},{"name":"implementing-zero-trust-dns-with-nextdns","description":"Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.","domain":"cybersecurity","path":"skills/implementing-zero-trust-dns-with-nextdns"},{"name":"implementing-zero-trust-for-saas-applications","description":">","domain":"cybersecurity","path":"skills/implementing-zero-trust-for-saas-applications"},{"name":"implementing-zero-trust-in-cloud","description":">","domain":"cybersecurity","path":"skills/implementing-zero-trust-in-cloud"},{"name":"implementing-zero-trust-network-access","description":">","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access"},{"name":"implementing-zero-trust-network-access-with-zscaler","description":"Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based, context-aware access to private applications through the Zscaler Zero Trust Exchange.","domain":"cybersecurity","path":"skills/implementing-zero-trust-network-access-with-zscaler"},{"name":"implementing-zero-trust-with-beyondcorp","description":"Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware access policies, device trust validation, and Access Context Manager to enforce identity and posture-based access to GCP resources and internal applications.","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-beyondcorp"},{"name":"implementing-zero-trust-with-hashicorp-boundary","description":"Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential brokering, session recording, and Vault integration.","domain":"cybersecurity","path":"skills/implementing-zero-trust-with-hashicorp-boundary"},{"name":"integrating-dast-with-owasp-zap-in-pipeline","description":">","domain":"cybersecurity","path":"skills/integrating-dast-with-owasp-zap-in-pipeline"},{"name":"integrating-sast-into-github-actions-pipeline","description":">","domain":"cybersecurity","path":"skills/integrating-sast-into-github-actions-pipeline"},{"name":"intercepting-mobile-traffic-with-burpsuite","description":">","domain":"cybersecurity","path":"skills/intercepting-mobile-traffic-with-burpsuite"},{"name":"investigating-insider-threat-indicators","description":">","domain":"cybersecurity","path":"skills/investigating-insider-threat-indicators"},{"name":"investigating-phishing-email-incident","description":">","domain":"cybersecurity","path":"skills/investigating-phishing-email-incident"},{"name":"investigating-ransomware-attack-artifacts","description":"Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption scope, and recovery options.","domain":"cybersecurity","path":"skills/investigating-ransomware-attack-artifacts"},{"name":"managing-cloud-identity-with-okta","description":">","domain":"cybersecurity","path":"skills/managing-cloud-identity-with-okta"},{"name":"managing-intelligence-lifecycle","description":">","domain":"cybersecurity","path":"skills/managing-intelligence-lifecycle"},{"name":"mapping-mitre-attack-techniques","description":"'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques","domain":"cybersecurity","path":"skills/mapping-mitre-attack-techniques"},{"name":"monitoring-darkweb-sources","description":"'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational","domain":"cybersecurity","path":"skills/monitoring-darkweb-sources"},{"name":"monitoring-scada-modbus-traffic-anomalies","description":">","domain":"cybersecurity","path":"skills/monitoring-scada-modbus-traffic-anomalies"},{"name":"performing-access-recertification-with-saviynt","description":"Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user entitlements, revoke excessive access, and maintain compliance with SOX, SOC2, and HIPAA.","domain":"cybersecurity","path":"skills/performing-access-recertification-with-saviynt"},{"name":"performing-access-review-and-certification","description":"Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p","domain":"cybersecurity","path":"skills/performing-access-review-and-certification"},{"name":"performing-active-directory-bloodhound-analysis","description":"Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised","domain":"cybersecurity","path":"skills/performing-active-directory-bloodhound-analysis"},{"name":"performing-active-directory-compromise-investigation","description":"","domain":"cybersecurity","path":"skills/performing-active-directory-compromise-investigation"},{"name":"performing-active-directory-forest-trust-attack","description":"Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.","domain":"cybersecurity","path":"skills/performing-active-directory-forest-trust-attack"},{"name":"performing-active-directory-penetration-test","description":"Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.","domain":"cybersecurity","path":"skills/performing-active-directory-penetration-test"},{"name":"performing-active-directory-vulnerability-assessment","description":"Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,","domain":"cybersecurity","path":"skills/performing-active-directory-vulnerability-assessment"},{"name":"performing-adversary-in-the-middle-phishing-detection","description":"Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.","domain":"cybersecurity","path":"skills/performing-adversary-in-the-middle-phishing-detection"},{"name":"performing-agentless-vulnerability-scanning","description":"Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and","domain":"cybersecurity","path":"skills/performing-agentless-vulnerability-scanning"},{"name":"performing-ai-driven-osint-correlation","description":"Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources\u2014username enumeration, email","domain":"cybersecurity","path":"skills/performing-ai-driven-osint-correlation"},{"name":"performing-alert-triage-with-elastic-siem","description":"Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security","domain":"cybersecurity","path":"skills/performing-alert-triage-with-elastic-siem"},{"name":"performing-android-app-static-analysis-with-mobsf","description":">","domain":"cybersecurity","path":"skills/performing-android-app-static-analysis-with-mobsf"},{"name":"performing-api-fuzzing-with-restler","description":">","domain":"cybersecurity","path":"skills/performing-api-fuzzing-with-restler"},{"name":"performing-api-inventory-and-discovery","description":">","domain":"cybersecurity","path":"skills/performing-api-inventory-and-discovery"},{"name":"performing-api-rate-limiting-bypass","description":">","domain":"cybersecurity","path":"skills/performing-api-rate-limiting-bypass"},{"name":"performing-api-security-testing-with-postman","description":">","domain":"cybersecurity","path":"skills/performing-api-security-testing-with-postman"},{"name":"performing-arp-spoofing-attack-simulation","description":">","domain":"cybersecurity","path":"skills/performing-arp-spoofing-attack-simulation"},{"name":"performing-asset-criticality-scoring-for-vulns","description":"Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based on business impact, data sensitivity, and operational importance.","domain":"cybersecurity","path":"skills/performing-asset-criticality-scoring-for-vulns"},{"name":"performing-authenticated-scan-with-openvas","description":"Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.","domain":"cybersecurity","path":"skills/performing-authenticated-scan-with-openvas"},{"name":"performing-authenticated-vulnerability-scan","description":"Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett","domain":"cybersecurity","path":"skills/performing-authenticated-vulnerability-scan"},{"name":"performing-automated-malware-analysis-with-cape","description":"Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction, configuration parsing, and anti-evasion capabilities.","domain":"cybersecurity","path":"skills/performing-automated-malware-analysis-with-cape"},{"name":"performing-aws-account-enumeration-with-scout-suite","description":"Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify misconfigurations, and generate actionable security reports.","domain":"cybersecurity","path":"skills/performing-aws-account-enumeration-with-scout-suite"},{"name":"performing-aws-privilege-escalation-assessment","description":">","domain":"cybersecurity","path":"skills/performing-aws-privilege-escalation-assessment"},{"name":"performing-bandwidth-throttling-attack-simulation","description":">","domain":"cybersecurity","path":"skills/performing-bandwidth-throttling-attack-simulation"},{"name":"performing-binary-exploitation-analysis","description":">","domain":"cybersecurity","path":"skills/performing-binary-exploitation-analysis"},{"name":"performing-blind-ssrf-exploitation","description":"Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.","domain":"cybersecurity","path":"skills/performing-blind-ssrf-exploitation"},{"name":"performing-bluetooth-security-assessment","description":"Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities","domain":"cybersecurity","path":"skills/performing-bluetooth-security-assessment"},{"name":"performing-brand-monitoring-for-impersonation","description":"Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect phishing campaigns, fake sites, and unauthorized brand usage targeting your organization.","domain":"cybersecurity","path":"skills/performing-brand-monitoring-for-impersonation"},{"name":"performing-clickjacking-attack-test","description":"Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting","domain":"cybersecurity","path":"skills/performing-clickjacking-attack-test"},{"name":"performing-cloud-asset-inventory-with-cartography","description":"Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security graph of infrastructure assets, IAM permissions, and attack paths across AWS, GCP, and Azure.","domain":"cybersecurity","path":"skills/performing-cloud-asset-inventory-with-cartography"},{"name":"performing-cloud-forensics-investigation","description":"Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.","domain":"cybersecurity","path":"skills/performing-cloud-forensics-investigation"},{"name":"performing-cloud-forensics-with-aws-cloudtrail","description":"Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.","domain":"cybersecurity","path":"skills/performing-cloud-forensics-with-aws-cloudtrail"},{"name":"performing-cloud-incident-containment-procedures","description":"","domain":"cybersecurity","path":"skills/performing-cloud-incident-containment-procedures"},{"name":"performing-cloud-log-forensics-with-athena","description":">","domain":"cybersecurity","path":"skills/performing-cloud-log-forensics-with-athena"},{"name":"performing-cloud-native-forensics-with-falco","description":">","domain":"cybersecurity","path":"skills/performing-cloud-native-forensics-with-falco"},{"name":"performing-cloud-native-threat-hunting-with-aws-detective","description":"Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty finding correlation, and automated entity profiling across IAM users, EC2 instances, and IP addresses.","domain":"cybersecurity","path":"skills/performing-cloud-native-threat-hunting-with-aws-detective"},{"name":"performing-cloud-penetration-testing-with-pacu","description":">","domain":"cybersecurity","path":"skills/performing-cloud-penetration-testing-with-pacu"},{"name":"performing-cloud-storage-forensic-acquisition","description":"Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,","domain":"cybersecurity","path":"skills/performing-cloud-storage-forensic-acquisition"},{"name":"performing-container-escape-detection","description":">","domain":"cybersecurity","path":"skills/performing-container-escape-detection"},{"name":"performing-container-image-hardening","description":">","domain":"cybersecurity","path":"skills/performing-container-image-hardening"},{"name":"performing-container-security-scanning-with-trivy","description":"Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.","domain":"cybersecurity","path":"skills/performing-container-security-scanning-with-trivy"},{"name":"performing-content-security-policy-bypass","description":"Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations, JSONP endpoints, unsafe directives, and policy injection techniques.","domain":"cybersecurity","path":"skills/performing-content-security-policy-bypass"},{"name":"performing-credential-access-with-lazagne","description":"Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords","domain":"cybersecurity","path":"skills/performing-credential-access-with-lazagne"},{"name":"performing-cryptographic-audit-of-application","description":"A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco","domain":"cybersecurity","path":"skills/performing-cryptographic-audit-of-application"},{"name":"performing-csrf-attack-simulation","description":"Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.","domain":"cybersecurity","path":"skills/performing-csrf-attack-simulation"},{"name":"performing-cve-prioritization-with-kev-catalog","description":"Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation","domain":"cybersecurity","path":"skills/performing-cve-prioritization-with-kev-catalog"},{"name":"performing-dark-web-monitoring-for-threats","description":"Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre","domain":"cybersecurity","path":"skills/performing-dark-web-monitoring-for-threats"},{"name":"performing-deception-technology-deployment","description":">","domain":"cybersecurity","path":"skills/performing-deception-technology-deployment"},{"name":"performing-directory-traversal-testing","description":"Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on the server by manipulating file path parameters.","domain":"cybersecurity","path":"skills/performing-directory-traversal-testing"},{"name":"performing-disk-forensics-investigation","description":">","domain":"cybersecurity","path":"skills/performing-disk-forensics-investigation"},{"name":"performing-dmarc-policy-enforcement-rollout","description":"Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.","domain":"cybersecurity","path":"skills/performing-dmarc-policy-enforcement-rollout"},{"name":"performing-dns-enumeration-and-zone-transfer","description":">","domain":"cybersecurity","path":"skills/performing-dns-enumeration-and-zone-transfer"},{"name":"performing-dns-tunneling-detection","description":">","domain":"cybersecurity","path":"skills/performing-dns-tunneling-detection"},{"name":"performing-docker-bench-security-assessment","description":"Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi","domain":"cybersecurity","path":"skills/performing-docker-bench-security-assessment"},{"name":"performing-dynamic-analysis-of-android-app","description":">","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-of-android-app"},{"name":"performing-dynamic-analysis-with-any-run","description":"'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution","domain":"cybersecurity","path":"skills/performing-dynamic-analysis-with-any-run"},{"name":"performing-endpoint-forensics-investigation","description":">","domain":"cybersecurity","path":"skills/performing-endpoint-forensics-investigation"},{"name":"performing-endpoint-vulnerability-remediation","description":">","domain":"cybersecurity","path":"skills/performing-endpoint-vulnerability-remediation"},{"name":"performing-entitlement-review-with-sailpoint-iiq","description":">","domain":"cybersecurity","path":"skills/performing-entitlement-review-with-sailpoint-iiq"},{"name":"performing-external-network-penetration-test","description":"Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure using PTES methodology, reconnaissance, scanning, exploitation, and reporting.","domain":"cybersecurity","path":"skills/performing-external-network-penetration-test"},{"name":"performing-false-positive-reduction-in-siem","description":"Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,","domain":"cybersecurity","path":"skills/performing-false-positive-reduction-in-siem"},{"name":"performing-file-carving-with-foremost","description":"Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.","domain":"cybersecurity","path":"skills/performing-file-carving-with-foremost"},{"name":"performing-firmware-extraction-with-binwalk","description":">","domain":"cybersecurity","path":"skills/performing-firmware-extraction-with-binwalk"},{"name":"performing-firmware-malware-analysis","description":">","domain":"cybersecurity","path":"skills/performing-firmware-malware-analysis"},{"name":"performing-fuzzing-with-aflplusplus","description":"'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover","domain":"cybersecurity","path":"skills/performing-fuzzing-with-aflplusplus"},{"name":"performing-gcp-penetration-testing-with-gcpbucketbrute","description":"Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation","domain":"cybersecurity","path":"skills/performing-gcp-penetration-testing-with-gcpbucketbrute"},{"name":"performing-gcp-security-assessment-with-forseti","description":"'Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,","domain":"cybersecurity","path":"skills/performing-gcp-security-assessment-with-forseti"},{"name":"performing-graphql-depth-limit-attack","description":"Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service vulnerabilities in GraphQL APIs.","domain":"cybersecurity","path":"skills/performing-graphql-depth-limit-attack"},{"name":"performing-graphql-introspection-attack","description":">","domain":"cybersecurity","path":"skills/performing-graphql-introspection-attack"},{"name":"performing-graphql-security-assessment","description":"Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.","domain":"cybersecurity","path":"skills/performing-graphql-security-assessment"},{"name":"performing-hardware-security-module-integration","description":"Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing","domain":"cybersecurity","path":"skills/performing-hardware-security-module-integration"},{"name":"performing-hash-cracking-with-hashcat","description":"Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w","domain":"cybersecurity","path":"skills/performing-hash-cracking-with-hashcat"},{"name":"performing-http-parameter-pollution-attack","description":"Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting duplicate parameters that are processed differently by front-end and back-end systems.","domain":"cybersecurity","path":"skills/performing-http-parameter-pollution-attack"},{"name":"performing-ics-asset-discovery-with-claroty","description":"'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty","domain":"cybersecurity","path":"skills/performing-ics-asset-discovery-with-claroty"},{"name":"performing-indicator-lifecycle-management","description":"Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f","domain":"cybersecurity","path":"skills/performing-indicator-lifecycle-management"},{"name":"performing-initial-access-with-evilginx3","description":"Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session","domain":"cybersecurity","path":"skills/performing-initial-access-with-evilginx3"},{"name":"performing-insider-threat-investigation","description":">","domain":"cybersecurity","path":"skills/performing-insider-threat-investigation"},{"name":"performing-ioc-enrichment-automation","description":">","domain":"cybersecurity","path":"skills/performing-ioc-enrichment-automation"},{"name":"performing-ios-app-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-ios-app-security-assessment"},{"name":"performing-iot-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-iot-security-assessment"},{"name":"performing-ip-reputation-analysis-with-shodan","description":"Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.","domain":"cybersecurity","path":"skills/performing-ip-reputation-analysis-with-shodan"},{"name":"performing-jwt-none-algorithm-attack","description":"Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.","domain":"cybersecurity","path":"skills/performing-jwt-none-algorithm-attack"},{"name":"performing-kerberoasting-attack","description":"Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting","domain":"cybersecurity","path":"skills/performing-kerberoasting-attack"},{"name":"performing-kubernetes-cis-benchmark-with-kube-bench","description":"Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.","domain":"cybersecurity","path":"skills/performing-kubernetes-cis-benchmark-with-kube-bench"},{"name":"performing-kubernetes-etcd-security-assessment","description":"Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.","domain":"cybersecurity","path":"skills/performing-kubernetes-etcd-security-assessment"},{"name":"performing-kubernetes-penetration-testing","description":"Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools","domain":"cybersecurity","path":"skills/performing-kubernetes-penetration-testing"},{"name":"performing-lateral-movement-detection","description":"'Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based","domain":"cybersecurity","path":"skills/performing-lateral-movement-detection"},{"name":"performing-lateral-movement-with-wmiexec","description":"Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket","domain":"cybersecurity","path":"skills/performing-lateral-movement-with-wmiexec"},{"name":"performing-linux-log-forensics-investigation","description":"Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.","domain":"cybersecurity","path":"skills/performing-linux-log-forensics-investigation"},{"name":"performing-log-analysis-for-forensic-investigation","description":"Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.","domain":"cybersecurity","path":"skills/performing-log-analysis-for-forensic-investigation"},{"name":"performing-log-source-onboarding-in-siem","description":"Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.","domain":"cybersecurity","path":"skills/performing-log-source-onboarding-in-siem"},{"name":"performing-malware-hash-enrichment-with-virustotal","description":"Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.","domain":"cybersecurity","path":"skills/performing-malware-hash-enrichment-with-virustotal"},{"name":"performing-malware-ioc-extraction","description":"Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist","domain":"cybersecurity","path":"skills/performing-malware-ioc-extraction"},{"name":"performing-malware-persistence-investigation","description":"Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.","domain":"cybersecurity","path":"skills/performing-malware-persistence-investigation"},{"name":"performing-malware-triage-with-yara","description":">","domain":"cybersecurity","path":"skills/performing-malware-triage-with-yara"},{"name":"performing-memory-forensics-with-volatility3","description":"Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3"},{"name":"performing-memory-forensics-with-volatility3-plugins","description":"Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware","domain":"cybersecurity","path":"skills/performing-memory-forensics-with-volatility3-plugins"},{"name":"performing-mobile-app-certificate-pinning-bypass","description":">","domain":"cybersecurity","path":"skills/performing-mobile-app-certificate-pinning-bypass"},{"name":"performing-mobile-device-forensics-with-cellebrite","description":"Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.","domain":"cybersecurity","path":"skills/performing-mobile-device-forensics-with-cellebrite"},{"name":"performing-network-forensics-with-wireshark","description":"Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.","domain":"cybersecurity","path":"skills/performing-network-forensics-with-wireshark"},{"name":"performing-network-packet-capture-analysis","description":"Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.","domain":"cybersecurity","path":"skills/performing-network-packet-capture-analysis"},{"name":"performing-network-traffic-analysis-with-tshark","description":"Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-tshark"},{"name":"performing-network-traffic-analysis-with-zeek","description":"Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.","domain":"cybersecurity","path":"skills/performing-network-traffic-analysis-with-zeek"},{"name":"performing-nist-csf-maturity-assessment","description":">-","domain":"cybersecurity","path":"skills/performing-nist-csf-maturity-assessment"},{"name":"performing-oauth-scope-minimization-review","description":">","domain":"cybersecurity","path":"skills/performing-oauth-scope-minimization-review"},{"name":"performing-oil-gas-cybersecurity-assessment","description":">","domain":"cybersecurity","path":"skills/performing-oil-gas-cybersecurity-assessment"},{"name":"performing-open-source-intelligence-gathering","description":"Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s","domain":"cybersecurity","path":"skills/performing-open-source-intelligence-gathering"},{"name":"performing-osint-with-spiderfoot","description":"Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance, and structured result analysis across 200+ data sources","domain":"cybersecurity","path":"skills/performing-osint-with-spiderfoot"},{"name":"performing-ot-network-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-ot-network-security-assessment"},{"name":"performing-ot-vulnerability-assessment-with-claroty","description":">","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-assessment-with-claroty"},{"name":"performing-ot-vulnerability-scanning-safely","description":">","domain":"cybersecurity","path":"skills/performing-ot-vulnerability-scanning-safely"},{"name":"performing-packet-injection-attack","description":">","domain":"cybersecurity","path":"skills/performing-packet-injection-attack"},{"name":"performing-paste-site-monitoring-for-credentials","description":"Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps using automated scraping and keyword matching to detect breaches early.","domain":"cybersecurity","path":"skills/performing-paste-site-monitoring-for-credentials"},{"name":"performing-phishing-simulation-with-gophish","description":"GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing pag","domain":"cybersecurity","path":"skills/performing-phishing-simulation-with-gophish"},{"name":"performing-physical-intrusion-assessment","description":"Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device","domain":"cybersecurity","path":"skills/performing-physical-intrusion-assessment"},{"name":"performing-plc-firmware-security-analysis","description":">","domain":"cybersecurity","path":"skills/performing-plc-firmware-security-analysis"},{"name":"performing-post-quantum-cryptography-migration","description":">","domain":"cybersecurity","path":"skills/performing-post-quantum-cryptography-migration"},{"name":"performing-power-grid-cybersecurity-assessment","description":">","domain":"cybersecurity","path":"skills/performing-power-grid-cybersecurity-assessment"},{"name":"performing-privacy-impact-assessment","description":">","domain":"cybersecurity","path":"skills/performing-privacy-impact-assessment"},{"name":"performing-privilege-escalation-assessment","description":"'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege","domain":"cybersecurity","path":"skills/performing-privilege-escalation-assessment"},{"name":"performing-privilege-escalation-on-linux","description":"Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised","domain":"cybersecurity","path":"skills/performing-privilege-escalation-on-linux"},{"name":"performing-privileged-account-access-review","description":"Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.","domain":"cybersecurity","path":"skills/performing-privileged-account-access-review"},{"name":"performing-privileged-account-discovery","description":"Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local admins, service accounts, database admins, cloud IAM roles, and application admin account","domain":"cybersecurity","path":"skills/performing-privileged-account-discovery"},{"name":"performing-purple-team-atomic-testing","description":"'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the","domain":"cybersecurity","path":"skills/performing-purple-team-atomic-testing"},{"name":"performing-purple-team-exercise","description":"'Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation","domain":"cybersecurity","path":"skills/performing-purple-team-exercise"},{"name":"performing-ransomware-response","description":">","domain":"cybersecurity","path":"skills/performing-ransomware-response"},{"name":"performing-ransomware-tabletop-exercise","description":">","domain":"cybersecurity","path":"skills/performing-ransomware-tabletop-exercise"},{"name":"performing-red-team-phishing-with-gophish","description":">-","domain":"cybersecurity","path":"skills/performing-red-team-phishing-with-gophish"},{"name":"performing-red-team-with-covenant","description":"Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener setup, grunt deployment, task execution, and lateral movement tracking.","domain":"cybersecurity","path":"skills/performing-red-team-with-covenant"},{"name":"performing-s7comm-protocol-security-analysis","description":">","domain":"cybersecurity","path":"skills/performing-s7comm-protocol-security-analysis"},{"name":"performing-sca-dependency-scanning-with-snyk","description":">","domain":"cybersecurity","path":"skills/performing-sca-dependency-scanning-with-snyk"},{"name":"performing-scada-hmi-security-assessment","description":">","domain":"cybersecurity","path":"skills/performing-scada-hmi-security-assessment"},{"name":"performing-second-order-sql-injection","description":"Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.","domain":"cybersecurity","path":"skills/performing-second-order-sql-injection"},{"name":"performing-security-headers-audit","description":"Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.","domain":"cybersecurity","path":"skills/performing-security-headers-audit"},{"name":"performing-serverless-function-security-review","description":">","domain":"cybersecurity","path":"skills/performing-serverless-function-security-review"},{"name":"performing-service-account-audit","description":"Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl","domain":"cybersecurity","path":"skills/performing-service-account-audit"},{"name":"performing-service-account-credential-rotation","description":"Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases to eliminate stale secrets and reduce compromise risk.","domain":"cybersecurity","path":"skills/performing-service-account-credential-rotation"},{"name":"performing-soap-web-service-security-testing","description":"Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE, WS-Security bypass, and SOAPAction spoofing.","domain":"cybersecurity","path":"skills/performing-soap-web-service-security-testing"},{"name":"performing-soc-tabletop-exercise","description":">","domain":"cybersecurity","path":"skills/performing-soc-tabletop-exercise"},{"name":"performing-soc2-type2-audit-preparation","description":">","domain":"cybersecurity","path":"skills/performing-soc2-type2-audit-preparation"},{"name":"performing-sqlite-database-forensics","description":"Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.","domain":"cybersecurity","path":"skills/performing-sqlite-database-forensics"},{"name":"performing-ssl-certificate-lifecycle-management","description":"SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring, renewing, and revoking X.509 certificates. Poor certificate management is a leading","domain":"cybersecurity","path":"skills/performing-ssl-certificate-lifecycle-management"},{"name":"performing-ssl-stripping-attack","description":">","domain":"cybersecurity","path":"skills/performing-ssl-stripping-attack"},{"name":"performing-ssl-tls-inspection-configuration","description":"Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.","domain":"cybersecurity","path":"skills/performing-ssl-tls-inspection-configuration"},{"name":"performing-ssl-tls-security-assessment","description":"Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains, protocol versions, HSTS headers, and known vulnerabilities like Heartbleed and ROBOT.","domain":"cybersecurity","path":"skills/performing-ssl-tls-security-assessment"},{"name":"performing-ssrf-vulnerability-exploitation","description":">-","domain":"cybersecurity","path":"skills/performing-ssrf-vulnerability-exploitation"},{"name":"performing-static-malware-analysis-with-pe-studio","description":">","domain":"cybersecurity","path":"skills/performing-static-malware-analysis-with-pe-studio"},{"name":"performing-steganography-detection","description":"Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover covert communication channels.","domain":"cybersecurity","path":"skills/performing-steganography-detection"},{"name":"performing-subdomain-enumeration-with-subfinder","description":"Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.","domain":"cybersecurity","path":"skills/performing-subdomain-enumeration-with-subfinder"},{"name":"performing-supply-chain-attack-simulation","description":"Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.","domain":"cybersecurity","path":"skills/performing-supply-chain-attack-simulation"},{"name":"performing-thick-client-application-penetration-test","description":"Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,","domain":"cybersecurity","path":"skills/performing-thick-client-application-penetration-test"},{"name":"performing-threat-emulation-with-atomic-red-team","description":"'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.","domain":"cybersecurity","path":"skills/performing-threat-emulation-with-atomic-red-team"},{"name":"performing-threat-hunting-with-elastic-siem","description":"'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-elastic-siem"},{"name":"performing-threat-hunting-with-yara-rules","description":"'Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems","domain":"cybersecurity","path":"skills/performing-threat-hunting-with-yara-rules"},{"name":"performing-threat-intelligence-sharing-with-misp","description":"Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.","domain":"cybersecurity","path":"skills/performing-threat-intelligence-sharing-with-misp"},{"name":"performing-threat-landscape-assessment-for-sector","description":"Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack","domain":"cybersecurity","path":"skills/performing-threat-landscape-assessment-for-sector"},{"name":"performing-threat-modeling-with-owasp-threat-dragon","description":"Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,","domain":"cybersecurity","path":"skills/performing-threat-modeling-with-owasp-threat-dragon"},{"name":"performing-timeline-reconstruction-with-plaso","description":"Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems, logs, and artifacts into a unified chronological view.","domain":"cybersecurity","path":"skills/performing-timeline-reconstruction-with-plaso"},{"name":"performing-user-behavior-analytics","description":">","domain":"cybersecurity","path":"skills/performing-user-behavior-analytics"},{"name":"performing-vlan-hopping-attack","description":">","domain":"cybersecurity","path":"skills/performing-vlan-hopping-attack"},{"name":"performing-vulnerability-scanning-with-nessus","description":">","domain":"cybersecurity","path":"skills/performing-vulnerability-scanning-with-nessus"},{"name":"performing-web-application-firewall-bypass","description":"Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution, and payload obfuscation to deliver SQL injection, XSS, and other attack payloads past WAF detection rules.","domain":"cybersecurity","path":"skills/performing-web-application-firewall-bypass"},{"name":"performing-web-application-penetration-test","description":">","domain":"cybersecurity","path":"skills/performing-web-application-penetration-test"},{"name":"performing-web-application-scanning-with-nikto","description":"Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies ve","domain":"cybersecurity","path":"skills/performing-web-application-scanning-with-nikto"},{"name":"performing-web-application-vulnerability-triage","description":"Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.","domain":"cybersecurity","path":"skills/performing-web-application-vulnerability-triage"},{"name":"performing-web-cache-deception-attack","description":"Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers and origin servers to cache and retrieve sensitive authenticated content.","domain":"cybersecurity","path":"skills/performing-web-cache-deception-attack"},{"name":"performing-web-cache-poisoning-attack","description":"Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through unkeyed headers and parameters during authorized security tests.","domain":"cybersecurity","path":"skills/performing-web-cache-poisoning-attack"},{"name":"performing-wifi-password-cracking-with-aircrack","description":">","domain":"cybersecurity","path":"skills/performing-wifi-password-cracking-with-aircrack"},{"name":"performing-windows-artifact-analysis-with-eric-zimmerman-tools","description":"Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including KAPE, MFTECmd, PECmd, LECmd, JLECmd, and Timeline Explorer for parsing registry hives, prefetch files, event logs, and file system metadata.","domain":"cybersecurity","path":"skills/performing-windows-artifact-analysis-with-eric-zimmerman-tools"},{"name":"performing-wireless-network-penetration-test","description":"Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3 keys, detecting rogue access points, and testing wireless segmentation using Aircrack-ng and related tools.","domain":"cybersecurity","path":"skills/performing-wireless-network-penetration-test"},{"name":"performing-wireless-security-assessment-with-kismet","description":"Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak encryption, and unauthorized clients through passive RF monitoring.","domain":"cybersecurity","path":"skills/performing-wireless-security-assessment-with-kismet"},{"name":"performing-yara-rule-development-for-detection","description":"Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.","domain":"cybersecurity","path":"skills/performing-yara-rule-development-for-detection"},{"name":"prioritizing-vulnerabilities-with-cvss-scoring","description":"The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident Response and Security Teams) for assessing vulnerability severity. CVSS v4.0 (r","domain":"cybersecurity","path":"skills/prioritizing-vulnerabilities-with-cvss-scoring"},{"name":"processing-stix-taxii-feeds","description":">","domain":"cybersecurity","path":"skills/processing-stix-taxii-feeds"},{"name":"profiling-threat-actor-groups","description":">","domain":"cybersecurity","path":"skills/profiling-threat-actor-groups"},{"name":"recovering-deleted-files-with-photorec","description":"Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine","domain":"cybersecurity","path":"skills/recovering-deleted-files-with-photorec"},{"name":"recovering-from-ransomware-attack","description":">","domain":"cybersecurity","path":"skills/recovering-from-ransomware-attack"},{"name":"remediating-s3-bucket-misconfiguration","description":">","domain":"cybersecurity","path":"skills/remediating-s3-bucket-misconfiguration"},{"name":"reverse-engineering-android-malware-with-jadx","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-android-malware-with-jadx"},{"name":"reverse-engineering-dotnet-malware-with-dnspy","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-dotnet-malware-with-dnspy"},{"name":"reverse-engineering-ios-app-with-frida","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-ios-app-with-frida"},{"name":"reverse-engineering-malware-with-ghidra","description":">","domain":"cybersecurity","path":"skills/reverse-engineering-malware-with-ghidra"},{"name":"reverse-engineering-ransomware-encryption-routine","description":"Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and","domain":"cybersecurity","path":"skills/reverse-engineering-ransomware-encryption-routine"},{"name":"reverse-engineering-rust-malware","description":"Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated strings, crate dependency extraction, and Rust-specific control flow analysis.","domain":"cybersecurity","path":"skills/reverse-engineering-rust-malware"},{"name":"scanning-container-images-with-grype","description":"Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.","domain":"cybersecurity","path":"skills/scanning-container-images-with-grype"},{"name":"scanning-containers-with-trivy-in-cicd","description":">","domain":"cybersecurity","path":"skills/scanning-containers-with-trivy-in-cicd"},{"name":"scanning-docker-images-with-trivy","description":"Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati","domain":"cybersecurity","path":"skills/scanning-docker-images-with-trivy"},{"name":"scanning-infrastructure-with-nessus","description":"Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrastructure including servers, workstations, network devices, and operating systems.","domain":"cybersecurity","path":"skills/scanning-infrastructure-with-nessus"},{"name":"scanning-kubernetes-manifests-with-kubesec","description":"Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.","domain":"cybersecurity","path":"skills/scanning-kubernetes-manifests-with-kubesec"},{"name":"scanning-network-with-nmap-advanced","description":">","domain":"cybersecurity","path":"skills/scanning-network-with-nmap-advanced"},{"name":"securing-api-gateway-with-aws-waf","description":">","domain":"cybersecurity","path":"skills/securing-api-gateway-with-aws-waf"},{"name":"securing-aws-iam-permissions","description":">","domain":"cybersecurity","path":"skills/securing-aws-iam-permissions"},{"name":"securing-aws-lambda-execution-roles","description":">","domain":"cybersecurity","path":"skills/securing-aws-lambda-execution-roles"},{"name":"securing-azure-with-microsoft-defender","description":"'This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application","domain":"cybersecurity","path":"skills/securing-azure-with-microsoft-defender"},{"name":"securing-container-registry-images","description":">","domain":"cybersecurity","path":"skills/securing-container-registry-images"},{"name":"securing-container-registry-with-harbor","description":"Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated Trivy), image signing (Notary/Cosign), RBAC, content trust policies, replicatio","domain":"cybersecurity","path":"skills/securing-container-registry-with-harbor"},{"name":"securing-github-actions-workflows","description":">","domain":"cybersecurity","path":"skills/securing-github-actions-workflows"},{"name":"securing-helm-chart-deployments","description":"Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing security contexts in Kubernetes releases.","domain":"cybersecurity","path":"skills/securing-helm-chart-deployments"},{"name":"securing-historian-server-in-ot-environment","description":">","domain":"cybersecurity","path":"skills/securing-historian-server-in-ot-environment"},{"name":"securing-kubernetes-on-cloud","description":">","domain":"cybersecurity","path":"skills/securing-kubernetes-on-cloud"},{"name":"securing-remote-access-to-ot-environment","description":">","domain":"cybersecurity","path":"skills/securing-remote-access-to-ot-environment"},{"name":"securing-serverless-functions","description":">","domain":"cybersecurity","path":"skills/securing-serverless-functions"},{"name":"testing-android-intents-for-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/testing-android-intents-for-vulnerabilities"},{"name":"testing-api-authentication-weaknesses","description":">","domain":"cybersecurity","path":"skills/testing-api-authentication-weaknesses"},{"name":"testing-api-for-broken-object-level-authorization","description":">","domain":"cybersecurity","path":"skills/testing-api-for-broken-object-level-authorization"},{"name":"testing-api-for-mass-assignment-vulnerability","description":">","domain":"cybersecurity","path":"skills/testing-api-for-mass-assignment-vulnerability"},{"name":"testing-api-security-with-owasp-top-10","description":"Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.","domain":"cybersecurity","path":"skills/testing-api-security-with-owasp-top-10"},{"name":"testing-cors-misconfiguration","description":"Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.","domain":"cybersecurity","path":"skills/testing-cors-misconfiguration"},{"name":"testing-for-broken-access-control","description":"Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.","domain":"cybersecurity","path":"skills/testing-for-broken-access-control"},{"name":"testing-for-business-logic-vulnerabilities","description":"Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.","domain":"cybersecurity","path":"skills/testing-for-business-logic-vulnerabilities"},{"name":"testing-for-email-header-injection","description":"Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject additional email headers, modify recipients, and abuse contact forms for spam relay.","domain":"cybersecurity","path":"skills/testing-for-email-header-injection"},{"name":"testing-for-host-header-injection","description":"Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.","domain":"cybersecurity","path":"skills/testing-for-host-header-injection"},{"name":"testing-for-json-web-token-vulnerabilities","description":"Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.","domain":"cybersecurity","path":"skills/testing-for-json-web-token-vulnerabilities"},{"name":"testing-for-open-redirect-vulnerabilities","description":"Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.","domain":"cybersecurity","path":"skills/testing-for-open-redirect-vulnerabilities"},{"name":"testing-for-sensitive-data-exposure","description":"Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,","domain":"cybersecurity","path":"skills/testing-for-sensitive-data-exposure"},{"name":"testing-for-xml-injection-vulnerabilities","description":"Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.","domain":"cybersecurity","path":"skills/testing-for-xml-injection-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities","description":">","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities"},{"name":"testing-for-xss-vulnerabilities-with-burpsuite","description":"Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.","domain":"cybersecurity","path":"skills/testing-for-xss-vulnerabilities-with-burpsuite"},{"name":"testing-for-xxe-injection-vulnerabilities","description":"Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.","domain":"cybersecurity","path":"skills/testing-for-xxe-injection-vulnerabilities"},{"name":"testing-jwt-token-security","description":"Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.","domain":"cybersecurity","path":"skills/testing-jwt-token-security"},{"name":"testing-mobile-api-authentication","description":">","domain":"cybersecurity","path":"skills/testing-mobile-api-authentication"},{"name":"testing-oauth2-implementation-flaws","description":">","domain":"cybersecurity","path":"skills/testing-oauth2-implementation-flaws"},{"name":"testing-ransomware-recovery-procedures","description":">-","domain":"cybersecurity","path":"skills/testing-ransomware-recovery-procedures"},{"name":"testing-websocket-api-security","description":">","domain":"cybersecurity","path":"skills/testing-websocket-api-security"},{"name":"tracking-threat-actor-infrastructure","description":"Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a","domain":"cybersecurity","path":"skills/tracking-threat-actor-infrastructure"},{"name":"triaging-security-alerts-in-splunk","description":">","domain":"cybersecurity","path":"skills/triaging-security-alerts-in-splunk"},{"name":"triaging-security-incident","description":"","domain":"cybersecurity","path":"skills/triaging-security-incident"},{"name":"triaging-security-incident-with-ir-playbook","description":"Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response teams, and initiate appropriate response procedures.","domain":"cybersecurity","path":"skills/triaging-security-incident-with-ir-playbook"},{"name":"triaging-vulnerabilities-with-ssvc-framework","description":"Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree framework to produce actionable remediation priorities.","domain":"cybersecurity","path":"skills/triaging-vulnerabilities-with-ssvc-framework"},{"name":"validating-backup-integrity-for-recovery","description":">-","domain":"cybersecurity","path":"skills/validating-backup-integrity-for-recovery"}]}
Reference in New Issue View Git Blame Copy Permalink