GitHub
Skills harvested from GitHub repositories
14810 skills availableperforming-cloud-storage-forensic-acquisition
Cloud storage forensic acquisition involves collecting digital evidence from services like Google Drive, OneDrive, Dropb...
performing-ot-vulnerability-assessment-with-claroty
When conducting scheduled OT vulnerability assessments per IEC 62443 or NERC CIP requirements When deploying Claroty xDo...
implementing-aes-encryption-for-data-at-rest
AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classifie...
implementing-network-traffic-analysis-with-arkime
When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment When es...
implementing-epss-score-for-vulnerability-prioritization
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST (Forum of Incident Response and S...
performing-adversary-in-the-middle-phishing-detection
Adversary-in-the-Middle (AiTM) phishing attacks use reverse-proxy infrastructure to sit between the victim and the legit...
conducting-internal-reconnaissance-with-bloodhound-ce
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against syst...
implementing-device-posture-assessment-in-zero-trust
When enforcing device health as a prerequisite for accessing corporate applications When integrating CrowdStrike ZTA sco...
performing-service-account-audit
Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant account...
detecting-wmi-persistence
When hunting for WMI event subscription persistence (MITRE ATT&CK T1546.003) After detecting suspicious WMI activity in ...
analyzing-kubernetes-audit-logs
When investigating security incidents that require analyzing kubernetes audit logs When building detection rules or thre...
analyzing-macro-malware-in-office-documents
A suspicious Office document (.doc, .docm, .xls, .xlsm, .ppt) has been flagged by email security Investigating phishing ...
detecting-ransomware-encryption-behavior
Building or tuning a behavioral detection layer for ransomware that catches unknown/zero-day variants Monitoring file se...
performing-cloud-incident-containment-procedures
Cloud incident containment requires cloud-native approaches that differ significantly from traditional on-premises respo...
implementing-beyondcorp-zero-trust-access-model
When replacing traditional VPN infrastructure with identity-based application access When migrating to Google Cloud and ...
performing-soc-tabletop-exercise
Use this skill when: Annual or semi-annual incident response testing is required (NIST, ISO 27001, PCI DSS compliance) N...
integrating-dast-with-owasp-zap-in-pipeline
When testing running web applications for vulnerabilities like XSS, SQLi, CSRF, and misconfigurations When SAST alone is...
building-attack-pattern-library-from-cti-reports
Cyber threat intelligence (CTI) reports from vendors like Mandiant, CrowdStrike, Talos, and Microsoft contain detailed d...
detecting-oauth-token-theft
Investigating alerts for impossible travel or anomalous token usage in Microsoft Entra ID Responding to a suspected sess...
analyzing-command-and-control-communication
Reverse engineering a malware sample has revealed network communication that needs protocol analysis Building network-le...
securing-aws-lambda-execution-roles
When deploying new Lambda functions and defining their IAM execution roles When remediating overly permissive Lambda rol...
performing-credential-access-with-lazagne
LaZagne is an open-source post-exploitation tool designed to retrieve credentials stored on local systems. It supports W...
performing-ssl-tls-security-assessment
Assess SSL/TLS server configurations using sslyze, a fast Python-based scanning library. This skill covers evaluating su...
testing-android-intents-for-vulnerabilities
Use this skill when: Assessing Android app exported activities, services, receivers, and content providers Testing for i...