Search Skills
Search across 54932 indexed skills
automating-ioc-enrichment
Use this skill when: Building a SOAR playbook that automatically enriches SIEM alerts with threat intelligence context before routing to analysts Crea...
building-c2-infrastructure-with-sliver-framework
Sliver is an open-source, cross-platform adversary emulation framework developed by BishopFox, written in Go. It provides red teams with implant gener...
auditing-kubernetes-cluster-rbac
When performing security assessments of Kubernetes clusters (EKS, GKE, AKS, or self-managed) When validating that RBAC policies enforce least privileg...
building-cloud-siem-with-sentinel
When establishing a centralized security operations center for multi-cloud environments When migrating from legacy SIEM platforms (Splunk, QRadar) to ...
building-incident-timeline-with-timesketch
Timesketch is an open-source collaborative forensic timeline analysis tool developed by Google that enables security teams to visualize and analyze ch...
implementing-cloud-workload-protection
When deploying or configuring implementing cloud workload protection capabilities in your environment When establishing security controls aligned to c...
performing-jwt-none-algorithm-attack
The JWT none algorithm attack exploits a vulnerability in JSON Web Token libraries that accept tokens with the alg header set to none, effectively byp...
hunting-for-startup-folder-persistence
Attackers use Windows startup folders for persistence (MITRE ATT&CK T1547.001 — Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder)...
implementing-gcp-vpc-firewall-rules
When deploying new GCP workloads that require network-level access controls When auditing existing firewall configurations for overly permissive rules...
building-vulnerability-exception-tracking-system
A vulnerability exception tracking system manages cases where vulnerabilities cannot be remediated within SLA timelines. It provides structured workfl...
performing-arp-spoofing-attack-simulation
Testing whether network switches and infrastructure properly implement Dynamic ARP Inspection (DAI) Demonstrating man-in-the-middle attack risks to st...
exploiting-bgp-hijacking-vulnerabilities
Assessing an organization's exposure to BGP prefix hijacking and route leak attacks Testing RPKI (Resource Public Key Infrastructure) deployment and r...