Search Skills
Search across 54932 indexed skills
performing-clickjacking-attack-test
During authorized penetration tests when assessing UI redressing vulnerabilities When testing whether sensitive actions (delete account, transfer fund...
detecting-business-email-compromise
Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors, or trusted partners to trick employee...
detecting-command-and-control-over-dns
Investigating suspected DNS tunneling used for C2 communication or data exfiltration Analyzing DNS query logs for signs of encoded payloads in subdoma...
detecting-compromised-cloud-credentials
When investigating alerts about unusual cloud API activity from unfamiliar locations When building detection rules for credential theft and abuse acro...
deploying-ransomware-canary-files
Deploying proactive ransomware detection on file servers, NAS devices, or endpoint systems Building an early-warning system that detects ransomware be...
deploying-software-defined-perimeter
Understanding of zero trust principles (NIST SP 800-207) Knowledge of CSA Software-Defined Perimeter specification Familiarity with PKI and mutual TLS...
detecting-ai-model-prompt-injection-attacks
Scanning user inputs to LLM-powered applications before they are forwarded to the model Building an input validation layer for chatbots, AI agents, or...
correlating-security-events-in-qradar
Use this skill when: SOC analysts need to investigate QRadar offenses and correlate events across multiple log sources Detection engineers build custo...
deploying-active-directory-honeytokens
When deploying deception-based detection in Active Directory environments When detecting Kerberoasting attacks via fake SPN honeytokens (honeyroasting...
detecting-arp-poisoning-in-network-traffic
ARP poisoning (ARP spoofing) is a Layer 2 attack where an adversary sends falsified ARP messages to associate their MAC address with the IP address of...
detecting-attacks-on-scada-systems
When deploying intrusion detection capabilities in a SCADA environment for the first time When investigating suspected cyber attacks against industria...
detecting-aws-cloudtrail-anomalies
AWS CloudTrail records API calls across AWS services. This skill covers querying CloudTrail events with boto3's lookupevents API, building statistical...