GitHub
Skills harvested from GitHub repositories
14810 skills availabledetecting-anomalies-in-industrial-control-systems
When deploying continuous monitoring for OT environments that lack intrusion detection When building behavior-based dete...
implementing-aws-macie-for-data-classification
Amazon Macie is a fully managed data security and privacy service that uses machine learning and pattern matching to dis...
detecting-anomalous-authentication-patterns
Security operations needs to identify compromised accounts from authentication log analysis Implementing impossible trav...
analyzing-golang-malware-with-ghidra
Go (Golang) has become a popular language for malware authors due to its cross-compilation capabilities, static linking ...
implementing-cloud-security-posture-management
When establishing continuous security monitoring across AWS, Azure, and GCP environments When compliance requirements de...
detecting-dnp3-protocol-anomalies
When monitoring SCADA systems in the energy sector where DNP3 is the primary protocol When building detection rules for ...
analyzing-azure-activity-logs-for-threats
When investigating security incidents that require analyzing azure activity logs for threats When building detection rul...
performing-threat-modeling-with-owasp-threat-dragon
OWASP Threat Dragon is an open-source threat modeling tool that enables security teams and developers to create threat m...
implementing-zero-trust-in-cloud
When migrating from traditional perimeter-based security to identity-centric access controls When eliminating VPN depend...
building-patch-tuesday-response-process
Microsoft releases security updates on the second Tuesday of each month ("Patch Tuesday"), addressing vulnerabilities ac...
performing-ios-app-security-assessment
This skill is intended for authorized security testing, penetration testing engagements, CTF competitions, and education...
building-adversary-infrastructure-tracking-system
Adversary infrastructure tracking uses passive DNS records, certificate transparency logs, WHOIS registration data, and ...
performing-active-directory-vulnerability-assessment
Active Directory (AD) is the primary identity and access management system in most enterprise environments, making it a ...
performing-kubernetes-etcd-security-assessment
etcd is the distributed key-value store that serves as Kubernetes' backing store for all cluster data, including Secrets...
profiling-threat-actor-groups
Use this skill when: Updating the organization's threat model with profiles of adversary groups recently observed target...
performing-container-image-hardening
When building production container images that need minimal attack surface When compliance requires CIS Docker Benchmark...
recovering-deleted-files-with-photorec
When recovering deleted files from a forensic disk image or storage device When the file system is corrupted, formatted,...
performing-active-directory-penetration-test
Active Directory (AD) penetration testing targets the central identity and access management system used by over 95% of ...
hunting-for-process-injection-techniques
Process injection (MITRE ATT&CK T1055) allows adversaries to execute code in the address space of another process, enabl...
implementing-passwordless-authentication-with-fido2
Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn API i...
implementing-cisa-zero-trust-maturity-model
The CISA Zero Trust Maturity Model (ZTMM) Version 2.0, released in April 2023, provides federal agencies and organizatio...
hunting-for-living-off-the-cloud-techniques
When proactively hunting for indicators of hunting for living off the cloud techniques in the environment After threat i...
performing-container-escape-detection
When conducting security assessments that involve performing container escape detection When following incident response...
performing-cloud-log-forensics-with-athena
When investigating AWS security incidents that require querying massive volumes of cloud logs When performing forensic a...