Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration
Hardening Docker containers for production involves applying security best practices aligned with CIS Docker
Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant
Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and
Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding
Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,
Take over Active Directory user and computer accounts by writing alternate certificate keys to msDS-KeyCredentialLink (Shadow Credentials) with pyWhisker, Whisker, and Certipy,…
Wire Promptfoo and DeepTeam into CI/CD for automated regression red-teaming of LLM apps against OWASP LLM Top 10 and OWASP Agentic presets, failing the build when jailbreak or…
Implements strategies to reduce SOC alert fatigue by tuning detection rules, consolidating duplicate alerts,
Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,
Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,
Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized
Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven
Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations,
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms
Extract DPAPI-protected secrets such as credentials and browser data offline and online.
Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing
Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs,
Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect
Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.
Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring
Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,
Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity
Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin
Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated
Implement software supply chain integrity verification for container builds using the in-toto framework to create
Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning,
Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using
Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,
Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation,
Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social
Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks
Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction,
Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse,
Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel
Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies,
Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation,
Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3
Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,
Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,
Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards
Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,
Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine
Deploy Llama Guard, NeMo Guardrails, and LLM Guard input/output scanners as runtime defenses.
Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,
Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned
Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST
Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset
Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,
Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file
Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,
Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),
Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,