Search Skills
Search across 54932 indexed skills
implementing-aws-nitro-enclave-security
Processing sensitive data (PII, PHI, financial records, cryptographic secrets) that must be isolated from EC2 instance operators and administrators Bu...
performing-active-directory-vulnerability-assessment
Active Directory (AD) is the primary identity and access management system in most enterprise environments, making it a critical attack target. This s...
performing-container-escape-detection
When conducting security assessments that involve performing container escape detection When following incident response procedures for related securi...
performing-threat-modeling-with-owasp-threat-dragon
OWASP Threat Dragon is an open-source threat modeling tool that enables security teams and developers to create threat model diagrams, identify threat...
performing-cloud-asset-inventory-with-cartography
Cartography is a CNCF sandbox project (originally created at Lyft) that consolidates infrastructure assets and their relationships into a Neo4j graph ...
performing-android-app-static-analysis-with-mobsf
Use this skill when: Conducting security assessment of Android APK or AAB files before production release Integrating automated mobile security scanni...
implementing-secret-scanning-with-gitleaks
When developers may accidentally commit API keys, passwords, tokens, or private keys to repositories When establishing pre-commit gates that prevent s...
collecting-threat-intelligence-with-misp
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators...
building-ioc-enrichment-pipeline-with-opencti
OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers bui...
building-devsecops-pipeline-with-gitlab-ci
GitLab provides an integrated DevSecOps platform that embeds security testing directly into the CI/CD pipeline. By leveraging GitLab's built-in securi...
building-incident-timeline-with-timesketch
Timesketch is an open-source collaborative forensic timeline analysis tool developed by Google that enables security teams to visualize and analyze ch...
exploiting-bgp-hijacking-vulnerabilities
Assessing an organization's exposure to BGP prefix hijacking and route leak attacks Testing RPKI (Resource Public Key Infrastructure) deployment and r...