GitHub
Skills harvested from GitHub repositories
14810 skills availableauditing-terraform-infrastructure-for-security
When integrating security scanning into CI/CD pipelines for Terraform deployments When reviewing Terraform plans and mod...
auditing-kubernetes-cluster-rbac
When performing security assessments of Kubernetes clusters (EKS, GKE, AKS, or self-managed) When validating that RBAC p...
auditing-cloud-with-cis-benchmarks
When performing initial security audits of cloud environments against industry-standard benchmarks When preparing for SO...
auditing-azure-active-directory-configuration
When performing a security assessment of an Azure tenant's identity configuration When compliance audits require review ...
analyzing-windows-prefetch-with-python
Windows Prefetch files (.pf) record application execution data including executable names, run counts, timestamps, loade...
analyzing-windows-amcache-artifacts
Determining which programs have existed or executed on a Windows system during incident response Correlating SHA-1 hashe...
analyzing-usb-device-connection-history
When investigating potential data exfiltration via removable storage devices During insider threat investigations to tra...
analyzing-uefi-bootkit-persistence
A compromised system re-establishes C2 communication after OS reinstallation or disk replacement Secure Boot has been ta...
analyzing-typosquatting-domains-with-dnstwist
DNSTwist is a domain name permutation engine that generates similar-looking domain names to detect typosquatting, homogr...
analyzing-threat-intelligence-feeds
Use this skill when: Ingesting new commercial or OSINT threat feeds and assessing their signal-to-noise ratio Normalizin...
analyzing-threat-actor-ttps-with-mitre-attack
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on re...
analyzing-ransomware-payment-wallets
An organization has been hit by ransomware and the ransom note contains a Bitcoin or cryptocurrency wallet address that ...
analyzing-ransomware-network-indicators
Before and during ransomware execution, adversaries establish C2 channels, exfiltrate data, and download encryption keys...
analyzing-ransomware-leak-site-intelligence
Ransomware groups operating under double-extortion models maintain data leak sites (DLS) on Tor hidden services where th...
analyzing-powershell-script-block-logging
When investigating security incidents that require analyzing powershell script block logging When building detection rul...
analyzing-packed-malware-with-upx-unpacker
Static analysis reveals high entropy sections and minimal imports indicating the binary is packed PEiD, Detect It Easy, ...
analyzing-outlook-pst-for-email-forensics
Microsoft Outlook PST (Personal Storage Table) and OST (Offline Storage Table) files are critical evidence sources in di...
analyzing-network-traffic-of-malware
Sandbox execution has captured a PCAP file and the network behavior needs detailed analysis Identifying the C2 protocol ...
analyzing-network-traffic-for-incidents
SIEM alerts on anomalous network traffic patterns requiring deeper investigation C2 beaconing is suspected and needs con...
analyzing-network-packets-with-scapy
Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets a...
analyzing-network-flow-data-with-netflow
When investigating security incidents that require analyzing network flow data with netflow When building detection rule...
analyzing-network-covert-channels-in-malware
Malware uses covert channels to disguise C2 communication and data exfiltration within legitimate-looking network traffi...
analyzing-memory-forensics-with-lime-and-volatility
When investigating security incidents that require analyzing memory forensics with lime and volatility When building det...
analyzing-memory-dumps-with-volatility
A compromised system's RAM has been captured and needs forensic analysis for malware artifacts Detecting fileless malwar...