GitHub
Skills harvested from GitHub repositories
14810 skills availableperforming-security-headers-audit
During authorized web application security assessments as a standard configuration review When evaluating browser-level ...
implementing-purdue-model-network-segmentation
When designing or retrofitting network architecture for an ICS/SCADA environment When implementing IEC 62443 zone and co...
performing-malware-persistence-investigation
When investigating how malware maintains presence on a compromised system after reboots During incident response to iden...
performing-malware-hash-enrichment-with-virustotal
VirusTotal is the world's largest crowdsourced malware corpus, scanning files with 70+ antivirus engines and providing b...
analyzing-windows-event-logs-in-splunk
Use this skill when: SOC analysts investigate alerts related to Windows authentication, process execution, or AD changes...
implementing-syslog-centralization-with-rsyslog
When deploying or configuring implementing syslog centralization with rsyslog capabilities in your environment When esta...
implementing-cloud-workload-protection
When deploying or configuring implementing cloud workload protection capabilities in your environment When establishing ...
building-incident-timeline-with-timesketch
Timesketch is an open-source collaborative forensic timeline analysis tool developed by Google that enables security tea...
performing-arp-spoofing-attack-simulation
Testing whether network switches and infrastructure properly implement Dynamic ARP Inspection (DAI) Demonstrating man-in...
building-vulnerability-exception-tracking-system
A vulnerability exception tracking system manages cases where vulnerabilities cannot be remediated within SLA timelines....
implementing-gdpr-data-subject-access-request
When building automated DSAR processing pipelines for GDPR/UK GDPR compliance When implementing PII discovery across str...
exploiting-bgp-hijacking-vulnerabilities
Assessing an organization's exposure to BGP prefix hijacking and route leak attacks Testing RPKI (Resource Public Key In...
implementing-gcp-vpc-firewall-rules
When deploying new GCP workloads that require network-level access controls When auditing existing firewall configuratio...
hunting-for-startup-folder-persistence
Attackers use Windows startup folders for persistence (MITRE ATT&CK T1547.001 — Boot or Logon Autostart Execution: Regis...
performing-jwt-none-algorithm-attack
The JWT none algorithm attack exploits a vulnerability in JSON Web Token libraries that accept tokens with the alg heade...
conducting-malware-incident-response
EDR or antivirus detects malware execution on one or more endpoints A user reports suspicious system behavior indicative...
detecting-container-escape-attempts
Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host ...
detecting-aws-guardduty-findings-automation
Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts for malicious activity and unauth...
testing-api-for-broken-object-level-authorization
Assessing REST or GraphQL APIs that use object identifiers in URL paths, query parameters, or request bodies Performing ...
performing-privilege-escalation-on-linux
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against syst...
performing-linux-log-forensics-investigation
Linux systems maintain extensive logs that serve as primary evidence sources in forensic investigations. Unlike Windows ...
analyzing-browser-forensics-with-hindsight
Hindsight is an open-source browser forensics tool designed to parse artifacts from Google Chrome and other Chromium-bas...
conducting-social-engineering-penetration-test
Social engineering penetration testing assesses an organization's human attack surface through controlled simulation of ...
implementing-endpoint-dlp-controls
Use this skill when: Deploying endpoint DLP to prevent sensitive data (PII, PHI, PCI) from leaving the organization Conf...