Search Skills
Search across 54932 indexed skills
extracting-config-from-agent-tesla-rat
Agent Tesla is a .NET-based Remote Access Trojan (RAT) and keylogger that ranked among the top 10 malware variants in 2024, impacting 6.3% of corporat...
detecting-malicious-scheduled-tasks-with-sysmon
Adversaries abuse Windows Task Scheduler (schtasks.exe, at.exe) for persistence (T1053.005) and lateral movement. Sysmon Event ID 1 captures schtasks....
detecting-misconfigured-azure-storage
When performing a security audit of Azure Storage accounts across subscriptions When responding to Microsoft Defender for Storage alerts about anonymo...
hunting-for-dcom-lateral-movement
Authorized Testing Disclaimer: The offensive techniques and attack simulations described in this skill are intended exclusively for authorized penetra...
hunting-for-lateral-movement-via-wmi
Windows Management Instrumentation (WMI) is commonly abused for lateral movement via wmic process call create or Win32Process.Create() to execute comm...
hunting-for-persistence-via-wmi-subscriptions
When proactively searching for fileless persistence mechanisms in Windows environments After threat intelligence reports indicate WMI-based persistenc...
hunting-for-scheduled-task-persistence
When proactively hunting for indicators of hunting for scheduled task persistence in the environment After threat intelligence indicates active campai...
hunting-for-supply-chain-compromise
When proactively hunting for indicators of hunting for supply chain compromise in the environment After threat intelligence indicates active campaigns...
implementing-anti-phishing-training-program
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interact...
exploiting-jwt-algorithm-confusion-attack
Testing APIs that use RS256 (asymmetric) JWT tokens for authentication to check for algorithm downgrade to HS256 Assessing JWT implementations for alg...
exploiting-nosql-injection-vulnerabilities
During web application penetration testing of applications using NoSQL databases When testing authentication mechanisms backed by MongoDB or similar d...
performing-graphql-security-assessment
During authorized penetration tests when the target application uses a GraphQL API When assessing single-page applications (React, Vue, Angular) that ...