GitHub
Skills harvested from GitHub repositories
14810 skills availableimplementing-aws-security-hub-compliance
When establishing centralized security posture management across multiple AWS accounts When compliance requirements dema...
implementing-aws-nitro-enclave-security
Processing sensitive data (PII, PHI, financial records, cryptographic secrets) that must be isolated from EC2 instance o...
implementing-aws-iam-permission-boundaries
IAM permission boundaries are an advanced AWS feature that sets the maximum permissions an identity-based policy can gra...
implementing-attack-path-analysis-with-xm-cyber
XM Cyber is a continuous exposure management platform that uses attack graph analysis to identify how adversaries can ch...
implementing-aqua-security-for-container-scanning
Aqua Security provides Trivy, the world's most popular open-source universal security scanner, designed to find vulnerab...
implementing-application-whitelisting-with-applocker
Use this skill when: Implementing application control to prevent unauthorized software execution on Windows endpoints Me...
implementing-api-security-testing-with-42crunch
42Crunch is an API security platform that combines Shift-Left security testing with Shield-Right runtime protection. It ...
implementing-api-schema-validation-security
API schema validation enforces that all data exchanged through APIs conforms to a predefined structure defined in OpenAP...
implementing-api-rate-limiting-and-throttling
Protecting authentication endpoints against brute force and credential stuffing attacks Preventing API abuse and resourc...
implementing-api-key-security-controls
Designing secure API key generation with sufficient entropy and identifiable prefixes for leak detection Implementing se...
implementing-api-abuse-detection-with-rate-limiting
API rate limiting is a critical security control that restricts the number of requests a client can make within a define...
implementing-anti-phishing-training-program
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines...
implementing-alert-fatigue-reduction
Use this skill when: SOC analysts face more alerts than they can reasonably investigate (>100 alerts/analyst/shift) Fals...
hunting-for-webshell-activity
When proactively hunting for indicators of hunting for webshell activity in the environment After threat intelligence in...
hunting-for-t1098-account-manipulation
MITRE ATT&CK T1098 (Account Manipulation) covers adversary actions to maintain or expand access to compromised accounts,...
hunting-for-supply-chain-compromise
When proactively hunting for indicators of hunting for supply chain compromise in the environment After threat intellige...
hunting-for-spearphishing-indicators
When proactively hunting for indicators of hunting for spearphishing indicators in the environment After threat intellig...
hunting-for-scheduled-task-persistence
When proactively hunting for indicators of hunting for scheduled task persistence in the environment After threat intell...
hunting-for-registry-run-key-persistence
Registry Run keys (T1547.001) are one of the most commonly used persistence mechanisms by adversaries. When a program is...
hunting-for-persistence-via-wmi-subscriptions
When proactively searching for fileless persistence mechanisms in Windows environments After threat intelligence reports...
hunting-for-persistence-mechanisms-in-windows
During periodic proactive threat hunts for dormant backdoors After an incident to identify all persistence mechanisms an...
hunting-for-lolbins-execution-in-endpoint-logs
When hunting for fileless attack techniques that abuse built-in Windows binaries After threat intelligence indicates LOL...
hunting-for-lateral-movement-via-wmi
Windows Management Instrumentation (WMI) is commonly abused for lateral movement via wmic process call create or Win32Pr...
hunting-for-dns-based-persistence
Attackers establish DNS-based persistence by hijacking DNS records, creating unauthorized subdomains, abusing wildcard D...