GitHub
Skills harvested from GitHub repositories
14810 skills availablebuilding-threat-intelligence-feed-integration
Use this skill when: SOC teams need automated ingestion of threat intelligence feeds into SIEM platforms Multiple TI sou...
performing-android-app-static-analysis-with-mobsf
Use this skill when: Conducting security assessment of Android APK or AAB files before production release Integrating au...
performing-subdomain-enumeration-with-subfinder
During the reconnaissance phase of penetration testing or bug bounty hunting When mapping the external attack surface of...
performing-cve-prioritization-with-kev-catalog
The CISA Known Exploited Vulnerabilities (KEV) catalog, established through Binding Operational Directive (BOD) 22-01, i...
analyzing-cyber-kill-chain
Use this skill when: Conducting post-incident analysis to determine how far an adversary progressed through an attack se...
evaluating-threat-intelligence-platforms
Use this skill when: Conducting a formal RFP or vendor evaluation for a TIP solution Assessing whether the current TIP (...
implementing-network-access-control-with-cisco-ise
Cisco Identity Services Engine (ISE) provides centralized network access control through 802.1X authentication, MAC Auth...
performing-physical-intrusion-assessment
Physical intrusion assessment evaluates an organization's physical security controls by attempting to gain unauthorized ...
detecting-cryptomining-in-cloud
When cloud billing alerts indicate unexpected compute cost spikes When GuardDuty generates CryptoCurrency or Impact find...
performing-paste-site-monitoring-for-credentials
Paste sites (Pastebin, GitHub Gists, Ghostbin, Dpaste, Hastebin) are frequently used as staging areas for leaked credent...
performing-cloud-native-threat-hunting-with-aws-detective
AWS Detective automatically collects and analyzes log data from AWS CloudTrail, VPC Flow Logs, GuardDuty findings, and E...
detecting-broken-object-property-level-authorization
Broken Object Property Level Authorization (BOPLA), classified as API3:2023 in the OWASP API Security Top 10, combines t...
implementing-vulnerability-sla-breach-alerting
Vulnerability remediation SLAs define maximum timeframes for addressing security findings based on severity. This skill ...
implementing-network-access-control
Enforcing identity-based network access where only authenticated and compliant devices connect to the network Implementi...
configuring-oauth2-authorization-flow
Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Au...
detecting-insider-threat-with-ueba
User and Entity Behavior Analytics (UEBA) moves beyond static rule-based detection to model normal behavior for users, h...
performing-disk-forensics-investigation
A security incident requires forensic analysis of a system's persistent storage Evidence preservation is needed for pote...
implementing-browser-isolation-for-zero-trust
When deploying remote browser isolation as part of a Zero Trust security architecture When protecting users from zero-da...
performing-network-traffic-analysis-with-tshark
This skill automates packet capture analysis using tshark (Wireshark CLI) and pyshark (Python wrapper). It extracts prot...
hunting-for-living-off-the-land-binaries
When investigating fileless malware campaigns that bypass traditional AV During proactive threat hunts targeting defense...
analyzing-indicators-of-compromise
Use this skill when: A phishing email or alert generates IOCs (URLs, IP addresses, file hashes) requiring rapid triage A...
testing-for-email-header-injection
When testing contact forms, feedback forms, or "email a friend" functionality During assessment of password reset email ...
securing-azure-with-microsoft-defender
When deploying cloud workload protection across Azure subscriptions and resource groups When establishing a Secure Score...
detecting-mobile-malware-behavior
Use this skill when: Analyzing suspicious mobile applications submitted by users or discovered during incident response ...