Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and
Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,
Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant
Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security
Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure
Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event
Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.
Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug
Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual
Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover
Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory,
Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible
Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned
Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,
Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS
Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application
Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response
Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel
Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting
Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable
Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious
Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset
Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and
Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors,
Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying
Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers
Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory
Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin
Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to
Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps
Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,
Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and
Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and
Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows,
Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract
Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing
Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules,
Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing
Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities
Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.
Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,
Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues
Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,
Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through
Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity,
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,
Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and
Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing
Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate
Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and
Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying
Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized
Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify
Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,
Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell