GitHub
Skills harvested from GitHub repositories
14810 skills availablebuilding-red-team-c2-infrastructure-with-havoc
Havoc is a modern, open-source post-exploitation command and control (C2) framework created by C5pider. It provides a co...
implementing-code-signing-for-artifacts
When establishing artifact integrity verification to prevent supply chain tampering When compliance requires cryptograph...
detecting-credential-dumping-techniques
Credential dumping (MITRE ATT&CK T1003) is a post-exploitation technique where adversaries extract authentication creden...
detecting-dns-exfiltration-with-dns-query-analysis
DNS exfiltration exploits the Domain Name System as a covert channel to extract data from compromised networks. Attacker...
detecting-kerberoasting-attacks
When proactively hunting for indicators of detecting kerberoasting attacks in the environment After threat intelligence ...
configuring-multi-factor-authentication-with-duo
Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill...
analyzing-threat-landscape-with-misp
When investigating security incidents that require analyzing threat landscape with misp When building detection rules or...
investigating-ransomware-attack-artifacts
Immediately after discovering ransomware encryption on systems When performing forensic analysis to understand the full ...
analyzing-slack-space-and-file-system-artifacts
When searching for hidden or residual data in file system slack space For analyzing NTFS Master File Table (MFT) entries...
detecting-process-hollowing-technique
When investigating suspected fileless malware or in-memory threats After EDR alerts on process injection or suspicious m...
performing-ai-driven-osint-correlation
You have collected raw OSINT data from multiple tools and sources but need to identify connections, contradictions, and ...
securing-github-actions-workflows
When GitHub Actions is the CI/CD platform and workflows need hardening against supply chain attacks When workflows handl...
detecting-cloud-threats-with-guardduty
When establishing continuous threat detection for new or existing AWS accounts When investigating GuardDuty findings rel...
intercepting-mobile-traffic-with-burpsuite
Use this skill when: Testing mobile application API endpoints for authentication, authorization, and injection vulnerabi...
implementing-zero-trust-network-access-with-zscaler
Understanding of zero trust principles (NIST SP 800-207) Familiarity with identity providers (Okta, Azure AD, Ping Ident...
building-threat-intelligence-platform
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified syste...
performing-oil-gas-cybersecurity-assessment
When conducting a cybersecurity assessment of a refinery, pipeline, or production facility When preparing for TSA Pipeli...
performing-dns-enumeration-and-zone-transfer
Mapping the external attack surface of a target organization during authorized penetration tests Discovering hidden subd...
implementing-container-network-policies-with-calico
Calico provides Kubernetes-native and extended network policy enforcement through its CNI plugin. This skill covers crea...
performing-ransomware-tabletop-exercise
Testing organizational ransomware response procedures annually or after major infrastructure changes Validating decision...
hunting-for-domain-fronting-c2-traffic
Domain fronting (MITRE ATT&CK T1090.004) is a technique where attackers use different domain names in the TLS SNI field ...
performing-packet-injection-attack
Testing IDS/IPS rules by injecting traffic that should trigger specific detection signatures Validating firewall rules b...
implementing-stix-taxii-feed-integration
STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are O...
building-automated-malware-submission-pipeline
Use this skill when: SOC teams face high volume of suspicious file alerts requiring sandbox analysis Manual sandbox subm...