Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with
Securing API Gateway endpoints with AWS WAF by configuring managed rule groups for OWASP Top 10 protection,
Write and deploy Falco rules with the modern eBPF driver to detect container escape, namespace abuse, privileged mounts, and anomalous syscalls at runtime in Kubernetes and Docker.
Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.
Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points.
Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications
Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate
Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation
Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for
Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task
Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time
Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private
Detects and analyzes malicious behavior in mobile applications through behavioral analysis, permission abuse
Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp
Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to
Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,
Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate
Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM
Produce and ingest CycloneDX and SPDX SBOMs and correlate them to vulnerability intelligence.
TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements
Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting
Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program
Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,
Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,
Run Microsoft Entra ID tenant reconnaissance, token acquisition and manipulation, and federation backdoor testing with the AADInternals PowerShell toolkit to validate…
Develops comprehensive threat actor profiles for APT groups, criminal organizations, and hacktivist collectives
Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns,
Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,
Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,
Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify
Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration,
Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware
SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,
Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based
Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,
Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords
Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies
Find over-permissive RBAC roles and service-account token abuse paths in Kubernetes using kubectl auth can-i, rbac-police, kubectl-who-can, and rakkess during authorized cluster…
PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data.
Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to
Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control
Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce
Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map
Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance,
Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,
Run OAuth 2.0 device-code and illicit-consent phishing against Microsoft Entra ID to steal access and refresh tokens, bypass MFA, and pivot across Microsoft 365 services.
Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover
Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,
Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect,
Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source
Performs statistical analysis of Zeek conn.log connection intervals to detect C2 beaconing patterns. Uses the
Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised
Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,
Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal,
Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates
Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata