Search Skills
Search across 54932 indexed skills
extracting-browser-history-artifacts
When investigating user web activity as part of a forensic examination During insider threat investigations to establish patterns of data exfiltration...
hardening-linux-endpoint-with-cis-benchmark
Use this skill when: Hardening Linux servers (Ubuntu, RHEL, CentOS, Debian) against CIS benchmarks Automating Linux security baselines using Ansible, ...
hunting-for-cobalt-strike-beacons
Cobalt Strike is the most prevalent command-and-control framework used by both red teams and threat actors. Beacon, its primary payload, communicates ...
detecting-dll-sideloading-attacks
When investigating potential DLL hijacking in enterprise environments After EDR alerts on unsigned DLLs loaded by signed applications When hunting for...
detecting-insider-data-exfiltration-via-dlp
When investigating security incidents that require detecting insider data exfiltration via dlp When building detection rules or threat hunting queries...
detecting-suspicious-oauth-application-consent
Illicit consent grant attacks trick users into granting excessive permissions to malicious OAuth applications in Azure AD / Microsoft Entra ID. This s...
eradicating-malware-from-infected-systems
Malware infection confirmed and containment is in place Forensic investigation has identified all persistence mechanisms All compromised systems have ...
performing-insider-threat-investigation
DLP (Data Loss Prevention) alerts on large data transfers to personal cloud storage or USB devices User behavior analytics (UBA) detects anomalous acc...
performing-gcp-security-assessment-with-forseti
When conducting periodic security assessments of GCP organizations and projects When onboarding new GCP projects and establishing security baselines W...
performing-graphql-introspection-attack
Testing GraphQL endpoints for exposed introspection that reveals the complete API schema Mapping the attack surface of a GraphQL API to identify sensi...
performing-docker-bench-security-assessment
Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based...
performing-aws-privilege-escalation-assessment
When conducting authorized penetration testing of AWS IAM configurations When validating that IAM policies follow the principle of least privilege Whe...