Search Skills
Search across 54932 indexed skills
exploiting-prototype-pollution-in-javascript
When testing Node.js or JavaScript-heavy web applications During assessment of APIs accepting deep-merged JSON objects When testing client-side JavaSc...
implementing-gcp-organization-policy-constraints
The GCP Organization Policy Service provides centralized and programmatic control over cloud resources. Organization policies configure constraints th...
detecting-shadow-api-endpoints
Shadow APIs are API endpoints operating within an organization's environment that are not tracked, documented, or secured. They emerge from rapid deve...
implementing-api-abuse-detection-with-rate-limiting
API rate limiting is a critical security control that restricts the number of requests a client can make within a defined time period. It defends agai...
detecting-ransomware-precursors-in-network
Building detection rules for pre-ransomware network activity (the average time from Cobalt Strike deployment to encryption is 17 minutes) Monitoring f...
performing-kubernetes-penetration-testing
Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods...
performing-container-security-scanning-with-trivy
Trivy is an open-source security scanner by Aqua Security that detects vulnerabilities in OS packages and language-specific dependencies, infrastructu...
performing-file-carving-with-foremost
When recovering files from unallocated disk space or corrupted file systems For extracting evidence from formatted or wiped storage media When file sy...
performing-api-fuzzing-with-restler
Performing automated security testing of REST APIs using their OpenAPI/Swagger specifications Discovering bugs that only manifest through specific seq...
performing-api-inventory-and-discovery
Mapping the complete API attack surface of an organization before a security assessment Identifying shadow APIs deployed by development teams without ...
performing-automated-malware-analysis-with-cape
CAPE (Config And Payload Extraction) is an open-source malware sandbox derived from Cuckoo that automates behavioral analysis, payload dumping, and co...
monitoring-darkweb-sources
Use this skill when: Establishing continuous monitoring for organizational domain names, executive names, and product brands on dark web forums Invest...