Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket
TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements
Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates
Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs
Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network
Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible
Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace
Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive
Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,
Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web
Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting
Detects DNS tunneling by computing Shannon entropy of DNS query names, analyzing query length distributions,
Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached
Build structured communication templates for malware incidents including stakeholder notifications, executive
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary
Detects insider data exfiltration by analyzing DLP policy violations, file access patterns, upload volume anomalies,
Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms
Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception,
Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,
Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for
Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,
Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators,
Patch management is the systematic process of identifying, testing, deploying, and verifying software updates
Performs initial triage of security incidents to determine severity, scope, and required response actions using
Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and
Implement software supply chain integrity verification for container builds using the in-toto framework to create
Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,
Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,
Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation
Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported
Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates
A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and
Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification
Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service
Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised
Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and
Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management,
Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD
SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,
Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent
Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed
Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,
Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives
Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,
Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,
Implementing Google''s BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter,
Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify
Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing
Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,
Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence
Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,
Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying