GitHub
Skills harvested from GitHub repositories
14810 skills availableprocessing-stix-taxii-feeds
Use this skill when: Onboarding a new TAXII 2.1 collection from a government feed (CISA AIS, FS-ISAC) or commercial prov...
auditing-gcp-iam-permissions
When performing security assessments of GCP organization or project IAM configurations When identifying service accounts...
testing-for-json-web-token-vulnerabilities
When testing applications using JWT for authentication and session management During API security assessments where JWTs...
performing-dynamic-analysis-of-android-app
Use this skill when: Static analysis results need runtime validation on an actual Android device The target app uses obf...
performing-blind-ssrf-exploitation
When testing URL/webhook input parameters where server-side responses are not reflected During assessment of application...
analyzing-docker-container-forensics
When investigating a compromised Docker container or container host For analyzing malicious Docker images pulled from re...
conducting-memory-forensics-with-volatility
An endpoint has been contained during an active incident and volatile evidence must be preserved EDR alerts suggest proc...
scanning-docker-images-with-trivy
Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages,...
deobfuscating-powershell-obfuscated-malware
PowerShell is heavily abused by malware authors due to its deep Windows integration and powerful scripting capabilities....
extracting-credentials-from-memory-dump
During incident response to determine what credentials an attacker had access to When assessing the scope of credential ...
performing-ot-network-security-assessment
When conducting an initial security baseline of an OT/ICS environment for a new client When evaluating the security post...
scanning-container-images-with-grype
Grype is an open-source vulnerability scanner from Anchore that inspects container images, filesystems, and SBOMs for kn...
performing-cryptographic-audit-of-application
A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key manage...
configuring-suricata-for-network-monitoring
Deploying a high-performance IDS/IPS capable of multi-threaded packet processing for 10+ Gbps network links Monitoring n...
performing-lateral-movement-with-wmiexec
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against syst...
configuring-microsegmentation-for-zero-trust
Understanding of zero trust principles (NIST SP 800-207) Knowledge of network segmentation concepts Familiarity with fir...
detecting-sql-injection-via-waf-logs
When investigating security incidents that require detecting sql injection via waf logs When building detection rules or...
implementing-ebpf-security-monitoring
When deploying kernel-level runtime security monitoring on Linux hosts or Kubernetes clusters When you need sub-millisec...
performing-s7comm-protocol-security-analysis
When assessing the security posture of Siemens SIMATIC S7 PLC environments When building detection rules for S7comm-base...
hunting-for-dns-tunneling-with-zeek
When hunting for data exfiltration over DNS covert channels After threat intelligence indicates DNS-based C2 frameworks ...
hardening-docker-containers-for-production
Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v...
extracting-memory-artifacts-with-rekall
When performing authorized security testing that involves extracting memory artifacts with rekall When analyzing malware...
performing-binary-exploitation-analysis
For authorized security testing and CTF challenges only. Analyze ELF binaries for exploitation vectors using checksec, R...
extracting-iocs-from-malware-samples
A malware analysis (static or dynamic) is complete and actionable indicators need to be extracted for defense teams Buil...