Search Skills
Search across 54932 indexed skills
testing-cors-misconfiguration
During authorized penetration tests when assessing API endpoints for cross-origin access controls When testing single-page applications that make cros...
testing-oauth2-implementation-flaws
Assessing OAuth 2.0 authorization code flow for redirect URI validation weaknesses Testing OAuth client applications for CSRF protection (state parame...
implementing-dmarc-dkim-spf-email-security
SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define pol...
building-attack-pattern-library-from-cti-reports
Cyber threat intelligence (CTI) reports from vendors like Mandiant, CrowdStrike, Talos, and Microsoft contain detailed descriptions of adversary behav...
integrating-dast-with-owasp-zap-in-pipeline
When testing running web applications for vulnerabilities like XSS, SQLi, CSRF, and misconfigurations When SAST alone is insufficient and runtime beha...
analyzing-windows-shellbag-artifacts
Shellbags are Windows registry artifacts that track how users interact with folders through Windows Explorer, storing view settings such as icon size,...
securing-aws-lambda-execution-roles
When deploying new Lambda functions and defining their IAM execution roles When remediating overly permissive Lambda roles discovered during security ...
analyzing-command-and-control-communication
Reverse engineering a malware sample has revealed network communication that needs protocol analysis Building network-level detection signatures for a...
detecting-oauth-token-theft
Investigating alerts for impossible travel or anomalous token usage in Microsoft Entra ID Responding to a suspected session hijacking or pass-the-cook...
implementing-beyondcorp-zero-trust-access-model
When replacing traditional VPN infrastructure with identity-based application access When migrating to Google Cloud and requiring zero trust access fo...
performing-cloud-incident-containment-procedures
Cloud incident containment requires cloud-native approaches that differ significantly from traditional on-premises response. Containment procedures mu...
implementing-aes-encryption-for-data-at-rest
AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classified and sensitive data. This ski...