Search Skills
Search across 54932 indexed skills
detecting-aws-guardduty-findings-automation
Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts for malicious activity and unauthorized behavior. By integratin...
detecting-container-escape-attempts
Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host system or other containers. De...
conducting-malware-incident-response
EDR or antivirus detects malware execution on one or more endpoints A user reports suspicious system behavior indicative of malware infection Threat i...
analyzing-tls-certificate-transparency-logs
When investigating security incidents that require analyzing tls certificate transparency logs When building detection rules or threat hunting queries...
detecting-bluetooth-low-energy-attacks
This skill is intended for authorized security testing, penetration testing engagements, CTF competitions, and educational purposes only. Sniffing, in...
implementing-api-threat-protection-with-apigee
Google Apigee is an enterprise API management platform that provides native security policies for threat protection, including JSON and XML content va...
implementing-policy-as-code-with-open-policy-agent
When enforcing organizational security policies across Kubernetes clusters programmatically When requiring admission control that blocks non-compliant...
securing-github-actions-workflows
When GitHub Actions is the CI/CD platform and workflows need hardening against supply chain attacks When workflows handle secrets, deploy to productio...
detecting-serverless-function-injection
Auditing Lambda/Cloud Functions for code injection vulnerabilities where unsanitized event data flows into dangerous runtime functions (eval, exec, ch...
testing-api-security-with-owasp-top-10
During authorized API penetration testing engagements When assessing REST, GraphQL, or gRPC APIs for security vulnerabilities Before deploying new API...
performing-service-account-credential-rotation
Service accounts are non-human identities used by applications, daemons, CI/CD pipelines, and automated processes to authenticate to systems and APIs....
analyzing-windows-event-logs-in-splunk
Use this skill when: SOC analysts investigate alerts related to Windows authentication, process execution, or AD changes Detection engineers build SPL...