Search Skills
Search across 54932 indexed skills
exploiting-zerologon-vulnerability-cve-2020-1472
Zerologon (CVE-2020-1472) is a critical elevation of privilege vulnerability (CVSS 10.0) in the Microsoft Netlogon Remote Protocol (MS-NRPC). The flaw...
extracting-windows-event-logs-artifacts
When investigating security incidents on Windows systems through event log analysis For detecting lateral movement, privilege escalation, and persiste...
performing-indicator-lifecycle-management
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. Thi...
performing-initial-access-with-evilginx3
EvilGinx3 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, enabling bypass of multi-factor auth...
performing-kerberoasting-attack
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have wri...
performing-log-source-onboarding-in-siem
Log source onboarding is the systematic process of integrating new data sources into a SIEM platform to enable security monitoring and detection. Prop...
performing-malware-ioc-extraction
Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network i...
detecting-container-drift-at-runtime
Container drift occurs when running containers deviate from their original image state through unauthorized file modifications, unexpected binary exec...
detecting-container-escape-with-falco-rules
Falco is a CNCF-graduated runtime security tool that monitors Linux syscalls to detect anomalous container behavior. It uses a rules engine to identif...
detecting-dcsync-attack-in-active-directory
When hunting for credential theft in Active Directory environments After compromise of accounts with Replicating Directory Changes permissions When in...
detecting-anomalies-in-industrial-control-systems
When deploying continuous monitoring for OT environments that lack intrusion detection When building behavior-based detection to complement signature-...
detecting-api-enumeration-attacks
API enumeration attacks occur when attackers systematically probe API endpoints with sequential or predictable identifiers to discover and access unau...