GitHub
Skills harvested from GitHub repositories
14810 skills availableimplementing-dmarc-dkim-spf-email-security
SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate mes...
testing-oauth2-implementation-flaws
Assessing OAuth 2.0 authorization code flow for redirect URI validation weaknesses Testing OAuth client applications for...
exploiting-sql-injection-with-sqlmap
During authorized web application penetration testing engagements When manual testing reveals potential SQL injection po...
implementing-envelope-encryption-with-aws-kms
Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself is encryp...
performing-authenticated-scan-with-openvas
OpenVAS (Open Vulnerability Assessment Scanner) is the scanner component of the Greenbone Vulnerability Management (GVM)...
implementing-attack-surface-management
When building an external attack surface management (EASM) program from scratch When performing authorized external reco...
testing-cors-misconfiguration
During authorized penetration tests when assessing API endpoints for cross-origin access controls When testing single-pa...
performing-entitlement-review-with-sailpoint-iiq
Quarterly or annual access certification campaigns are required for compliance (SOX, HIPAA, PCI-DSS) Organization needs ...
building-incident-response-dashboard
Use this skill when: IR teams need real-time dashboards during active incidents for coordination and tracking SOC leader...
analyzing-heap-spray-exploitation
Heap spraying is an exploitation technique that fills large regions of a process's heap with attacker-controlled data (t...
performing-deception-technology-deployment
Use this skill when: SOC teams need high-fidelity detection of post-compromise lateral movement with near-zero false pos...
performing-web-application-penetration-test
Testing web applications before production deployment to identify exploitable vulnerabilities Conducting compliance-driv...
implementing-iso-27001-information-security-management
ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving ...
implementing-api-security-posture-management
API Security Posture Management (API-SPM) provides continuous visibility into an organization's API attack surface by au...
executing-red-team-engagement-planning
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat...
analyzing-windows-shellbag-artifacts
Shellbags are Windows registry artifacts that track how users interact with folders through Windows Explorer, storing vi...
implementing-privileged-access-management-with-cyberark
Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enter...
building-vulnerability-aging-and-sla-tracking
With over 30,000 new vulnerabilities identified in 2024 (a 17% increase from the prior year), organizations must track h...
exploiting-excessive-data-exposure-in-api
Testing APIs where the frontend displays a subset of data but the API response includes additional fields Assessing mobi...
hunting-for-data-staging-before-exfiltration
Before exfiltrating data, adversaries typically stage collected files in a central location (MITRE ATT&CK T1074). This i...
exploiting-idor-vulnerabilities
During authorized penetration tests when testing access control on resource endpoints When APIs or web pages use predict...
hardening-windows-endpoint-with-cis-benchmark
Use this skill when: Deploying new Windows 10/11 or Server 2019/2022 endpoints that require security hardening Establish...
performing-wireless-network-penetration-test
Wireless penetration testing evaluates the security of an organization's WiFi infrastructure including encryption streng...
containing-active-breach
A confirmed intrusion is in progress with an active adversary on the network Malware is spreading laterally across endpo...