Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,
Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege
Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed
Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,
Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies,
Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra
Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS
Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security
Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent
Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,
Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty
Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics,
Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence
Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,
Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local
Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod
Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for
Run ntlmrelayx into ADCS web enrollment to obtain a domain controller certificate via ESC8.
Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences
Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral
Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests
Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat
The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing
Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions
Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image
Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,
Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential
Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD
Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security
Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors,
Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while
Detect model stealing, model inversion, and membership inference performed through inference-API abuse by monitoring query patterns, applying output perturbation, and red-teaming…
Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit
Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,
Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,
Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets,
Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework
Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,
Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption
Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.
Performs Linux memory acquisition using LiME (Linux Memory Extractor) kernel module and analysis with Volatility
Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated
Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,
Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
Enumerate and exploit Active Directory Certificate Services ESC1 through ESC16 misconfigurations with Certipy, including SAN abuse, NTLM relay to web enrollment (ESC8), and golden…
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported
Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent
Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation
Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization
Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral
Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using
Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,