GitHub
Skills harvested from GitHub repositories
14810 skills availableconducting-mobile-app-penetration-test
Testing mobile applications before release to identify security vulnerabilities and data protection issues Conducting co...
conducting-man-in-the-middle-attack-simulation
Testing whether applications properly validate TLS certificates and enforce encrypted communications Demonstrating the r...
conducting-internal-network-penetration-test
An internal network penetration test simulates an attacker who has already gained access to the internal network or a ma...
conducting-full-scope-red-team-engagement
A full-scope red team engagement simulates real-world adversary behavior across all phases of the cyber kill chain — fro...
conducting-domain-persistence-with-dcsync
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against syst...
conducting-cloud-incident-response
Cloud security posture management (CSPM) alerts on unauthorized resource changes CloudTrail, Azure Activity Logs, or GCP...
collecting-threat-intelligence-with-misp
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, stori...
collecting-indicators-of-compromise
During active incident response to identify and block adversary infrastructure Post-incident to document all observed ad...
bypassing-authentication-with-forced-browsing
During authorized penetration tests to discover hidden or unprotected administrative pages When testing whether authenti...
building-vulnerability-scanning-workflow
Use this skill when: SOC teams need to establish or improve recurring vulnerability scanning programs Scan results requi...
building-threat-intelligence-enrichment-in-splunk
Splunk's Threat Intelligence Framework in Enterprise Security enables SOC teams to automatically correlate indicators of...
building-threat-hunt-hypothesis-framework
When proactively hunting for indicators of building threat hunt hypothesis framework in the environment After threat int...
building-threat-actor-profile-from-osint
Threat actor profiling using OSINT systematically gathers and analyzes publicly available information to build comprehen...
building-soc-playbook-for-ransomware
Use this skill when: SOC teams need a standardized ransomware response playbook for Tier 1-3 analysts An organization la...
building-soc-escalation-matrix
A SOC escalation matrix defines how security incidents move through the organization based on severity, impact, and resp...
building-ransomware-playbook-with-cisa-framework
An organization needs to create or update its ransomware incident response playbook following CISA guidelines A security...
building-malware-incident-communication-template
Effective communication during malware incidents is critical for coordinated response, stakeholder management, and regul...
building-ioc-enrichment-pipeline-with-opencti
OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native dat...
building-ioc-defanging-and-sharing-pipeline
IOC defanging modifies potentially malicious indicators (URLs, IP addresses, domains, email addresses) to prevent accide...
building-incident-response-playbook
Establishing or maturing an incident response program from scratch Documenting procedures for a new incident type after ...
building-devsecops-pipeline-with-gitlab-ci
GitLab provides an integrated DevSecOps platform that embeds security testing directly into the CI/CD pipeline. By lever...
building-cloud-siem-with-sentinel
When establishing a centralized security operations center for multi-cloud environments When migrating from legacy SIEM ...
building-c2-infrastructure-with-sliver-framework
Sliver is an open-source, cross-platform adversary emulation framework developed by BishopFox, written in Go. It provide...
automating-ioc-enrichment
Use this skill when: Building a SOAR playbook that automatically enriches SIEM alerts with threat intelligence context b...