Search Skills
Search across 54932 indexed skills
analyzing-memory-dumps-with-volatility
A compromised system's RAM has been captured and needs forensic analysis for malware artifacts Detecting fileless malware that exists only in memory w...
analyzing-disk-image-with-autopsy
When you have a forensic disk image and need structured analysis of its contents During investigations requiring file recovery, keyword searching, and...
analyzing-dns-logs-for-exfiltration
Use this skill when: SOC teams suspect data exfiltration through DNS tunneling to bypass firewall/proxy controls Threat intelligence indicates adversa...
analyzing-linux-audit-logs-for-intrusion
Investigating suspected unauthorized access or privilege escalation on Linux hosts Hunting for evidence of exploitation, backdoor installation, or per...
analyzing-linux-elf-malware
A Linux server or container has been compromised and suspicious ELF binaries are found Analyzing Linux botnets (Mirai, Gafgyt, XorDDoS), cryptominers,...
conducting-external-reconnaissance-with-osint
Performing the initial reconnaissance phase of a penetration test to gather intelligence before active scanning Mapping an organization's external att...
analyzing-cobalt-strike-beacon-configuration
Cobalt Strike is a commercial adversary simulation tool widely abused by threat actors for post-exploitation operations. Beacon payloads contain embed...
analyzing-cloud-storage-access-patterns
When investigating security incidents that require analyzing cloud storage access patterns When building detection rules or threat hunting queries for...
configuring-hsm-for-key-storage
Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and perform cryptographic operations in a har...
hunting-for-data-exfiltration-indicators
When hunting for data theft in compromised environments After detecting unusual outbound data volumes or patterns When investigating potential insider...
analyzing-android-malware-with-apktool
Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadcast receivers, and suspicious ...
analyzing-api-gateway-access-logs
When investigating security incidents that require analyzing api gateway access logs When building detection rules or threat hunting queries for this ...