GitHub
Skills harvested from GitHub repositories
14810 skills availableexploiting-vulnerabilities-with-metasploit-framework
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains...
detecting-rdp-brute-force-attacks
RDP brute force attacks target Windows Remote Desktop Protocol services by attempting rapid credential guessing against ...
analyzing-certificate-transparency-for-phishing
Certificate Transparency (CT) is an Internet security standard that creates a public, append-only log of all issued SSL/...
exploiting-kerberoasting-with-impacket
Kerberoasting (MITRE ATT&CK T1558.003) is a credential access technique that targets Active Directory service accounts b...
performing-sca-dependency-scanning-with-snyk
When applications use open-source packages that may contain known vulnerabilities When compliance requires tracking and ...
performing-thick-client-application-penetration-test
Thick client (fat client) penetration testing assesses the security of desktop applications that run locally on user mac...
analyzing-malware-persistence-with-autoruns
Sysinternals Autoruns extracts data from hundreds of Auto-Start Extensibility Points (ASEPs) on Windows, scanning 18+ ca...
implementing-soar-automation-with-phantom
Use this skill when: SOC teams need to automate repetitive triage and enrichment tasks for high-volume alerts Manual res...
implementing-privileged-access-workstation
A Privileged Access Workstation (PAW) is a hardened device dedicated to performing sensitive administrative tasks. This ...
deploying-edr-agent-with-crowdstrike
Use this skill when: Deploying CrowdStrike Falcon sensors to Windows, macOS, or Linux endpoints Configuring Falcon preve...
detecting-suspicious-powershell-execution
When proactively hunting for indicators of detecting suspicious powershell execution in the environment After threat int...
exploiting-broken-link-hijacking
When auditing web applications for references to expired or unclaimed external resources During supply chain security as...
collecting-open-source-intelligence
Use this skill when: Investigating external infrastructure associated with a phishing campaign targeting your organizati...
detecting-process-injection-techniques
EDR alerts on suspicious API call sequences (VirtualAllocEx + WriteProcessMemory + CreateRemoteThread) A legitimate proc...
scanning-infrastructure-with-nessus
Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrast...
detecting-qr-code-phishing-with-email-security
QR code phishing (quishing) is a rapidly growing attack vector where malicious URLs are embedded in QR code images withi...
recovering-from-ransomware-attack
After ransomware has encrypted production systems and the decision has been made to recover from backups When building o...
implementing-hardware-security-key-authentication
Deploying phishing-resistant multi-factor authentication (MFA) using FIDO2 hardware security keys for high-value account...
performing-oauth-scope-minimization-review
Annual or quarterly review of third-party application OAuth permissions After a security incident involving compromised ...
exploiting-mass-assignment-in-rest-apis
When testing REST APIs that accept JSON input for creating or updating resources During API security assessments of appl...
performing-active-directory-compromise-investigation
Active Directory (AD) compromise investigation is a critical incident response capability that focuses on identifying ho...
hunting-for-ntlm-relay-attacks
NTLM relay attacks intercept and forward NTLM authentication messages to gain unauthorized access to network resources. ...
detecting-email-account-compromise
Email account compromise (EAC) is a prevalent attack vector where adversaries gain unauthorized access to mailboxes to e...
building-soc-metrics-and-kpi-tracking
Use this skill when: SOC leadership needs data-driven visibility into operational performance Continuous improvement pro...