GitHub
Skills harvested from GitHub repositories
14810 skills availableimplementing-deception-based-detection-with-canarytoken
Canary Tokens are lightweight tripwire mechanisms that alert when an attacker accesses a resource. This skill uses the T...
performing-web-cache-deception-attack
When testing applications behind CDNs or reverse proxies (Cloudflare, Akamai, Varnish, Nginx) During assessment of authe...
implementing-zero-standing-privilege-with-cyberark
Zero Standing Privileges (ZSP) is a security model where no user or identity retains persistent privileged access. Inste...
analyzing-active-directory-acl-abuse
Active Directory Access Control Lists (ACLs) define permissions on AD objects through Discretionary Access Control Lists...
configuring-identity-aware-proxy-with-google-iap
When protecting Google Cloud applications (App Engine, Cloud Run, GKE, Compute Engine) with identity-based access When i...
implementing-conditional-access-policies-azure-ad
Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based p...
performing-hardware-security-module-integration
Hardware Security Modules (HSMs) provide tamper-resistant cryptographic key storage and operations. This skill covers in...
performing-endpoint-forensics-investigation
Use this skill when: Investigating a confirmed or suspected endpoint compromise requiring forensic analysis Collecting v...
performing-sqlite-database-forensics
SQLite is the most widely deployed database engine in the world, used by virtually every mobile application, web browser...
performing-vlan-hopping-attack
Testing the effectiveness of VLAN-based network segmentation during authorized penetration tests Validating that switch ...
detecting-azure-service-principal-abuse
Azure service principals are identity objects used by applications, services, and automation tools to access Azure resou...
implementing-ot-incident-response-playbook
When building OT-specific incident response procedures for the first time When existing IT IR playbooks do not address I...
implementing-ransomware-kill-switch-detection
Analyzing a ransomware sample to determine if it contains a kill switch mechanism (mutex, domain, registry) Deploying pr...
implementing-canary-tokens-for-network-intrusion
When deploying deception-based tripwires across network infrastructure to detect intrusions When building early warning ...
detecting-supply-chain-attacks-in-ci-cd
When investigating security incidents that require detecting supply chain attacks in ci cd When building detection rules...
implementing-aws-config-rules-for-compliance
When establishing continuous compliance monitoring for AWS resources against regulatory standards When implementing auto...
detecting-modbus-protocol-anomalies
When deploying Modbus-specific intrusion detection in an OT environment When building baseline models for deterministic ...
implementing-azure-ad-privileged-identity-management
Microsoft Entra Privileged Identity Management (PIM) provides time-based and approval-based role activation to mitigate ...
performing-content-security-policy-bypass
When XSS is found but execution is blocked by Content Security Policy During web application security assessments to eva...
detecting-stuxnet-style-attacks
When implementing advanced threat detection for high-value OT targets (nuclear, chemical, critical infrastructure) When ...
performing-ip-reputation-analysis-with-shodan
Shodan is the world's first search engine for internet-connected devices, continuously scanning the IPv4 and IPv6 addres...
analyzing-windows-lnk-files-for-artifacts
When reconstructing user file access history from Windows shortcut files For tracking accessed files, network shares, an...
hunting-for-shadow-copy-deletion
When proactively hunting for indicators of hunting for shadow copy deletion in the environment After threat intelligence...
correlating-threat-campaigns
Use this skill when: Multiple unrelated-appearing incidents share IOCs (same C2 IP, same malware hash, similar TTPs) An ...