GitHub
Skills harvested from GitHub repositories
14810 skills availabledetecting-shadow-it-cloud-usage
Shadow IT refers to unauthorized SaaS applications and cloud services used without IT approval. This skill analyzes prox...
configuring-pfsense-firewall-rules
Deploying a perimeter or internal firewall to segment and protect network zones (DMZ, internal, guest, IoT) Creating gra...
implementing-bgp-security-with-rpki
Resource Public Key Infrastructure (RPKI) provides cryptographic validation of BGP route origins to prevent route hijack...
detecting-azure-storage-account-misconfigurations
Azure Storage accounts are a frequent target for attackers due to misconfigured public access, long-lived SAS tokens, mi...
detecting-pass-the-ticket-attacks
Pass-the-Ticket (PtT) is a credential theft technique (MITRE ATT&CK T1550.003) where adversaries steal Kerberos tickets ...
performing-threat-landscape-assessment-for-sector
A sector-specific threat landscape assessment analyzes the cyber threat environment facing a particular industry vertica...
implementing-aws-security-hub
When establishing a centralized security findings dashboard across multiple AWS accounts When enabling automated complia...
building-identity-governance-lifecycle-process
Organization lacks automated joiner-mover-leaver (JML) processes for identity management Access provisioning is manual a...
hunting-for-unusual-service-installations
Attackers frequently install malicious Windows services for persistence and privilege escalation (MITRE ATT&CK T1543.003...
performing-alert-triage-with-elastic-siem
Alert triage in Elastic Security is the systematic process of reviewing, classifying, and prioritizing security alerts t...
implementing-zero-trust-with-beyondcorp
Google BeyondCorp Enterprise implements the zero trust security model by eliminating the concept of a trusted network pe...
prioritizing-vulnerabilities-with-cvss-scoring
The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident...
detecting-golden-ticket-attacks-in-kerberos-logs
When KRBTGT account hash may have been compromised via DCSync or NTDS.dit extraction When hunting for forged Kerberos ti...
deploying-tailscale-for-zero-trust-vpn
Tailscale is a zero trust mesh VPN built on WireGuard that creates encrypted peer-to-peer connections between devices wi...
performing-yara-rule-development-for-detection
YARA is the pattern matching swiss knife for malware researchers, enabling identification and classification of malware ...
building-threat-feed-aggregation-with-misp
MISP is the leading open-source threat intelligence platform for collecting, storing, distributing, and sharing cybersec...
performing-web-cache-poisoning-attack
During authorized penetration tests when the application uses CDN or reverse proxy caching (Cloudflare, Akamai, Varnish,...
performing-dynamic-analysis-with-any-run
Interactive malware analysis is needed where the analyst must click dialogs, enter credentials, or navigate installer sc...
implementing-disk-encryption-with-bitlocker
Use this skill when: Encrypting Windows endpoints to protect data at rest for compliance (PCI DSS, HIPAA, GDPR) Deployin...
analyzing-linux-system-artifacts
When investigating a compromised Linux server or workstation For identifying persistence mechanisms (cron, systemd, SSH ...
performing-cloud-forensics-with-aws-cloudtrail
When investigating suspected AWS account compromise After detecting unauthorized API calls or credential exposure During...
executing-phishing-simulation-campaign
Measuring employee susceptibility to phishing attacks as part of a security awareness program Testing the effectiveness ...
performing-log-analysis-for-forensic-investigation
When reconstructing the timeline of a security incident from available log sources During post-breach investigation to i...
performing-csrf-attack-simulation
During authorized web application penetration tests to identify state-changing actions vulnerable to CSRF When testing t...