Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like
Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified
Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,
Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses,
Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including
Reverse engineers .NET malware using dnSpy decompiler and debugger to analyze C#/VB.NET source code, identify
BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and
Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious
Detects rootkit presence on compromised systems by identifying hidden processes, hooked system calls, modified
Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation
Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying
Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation
Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create
Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized
Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate
Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis,
Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine
Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC
Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure
Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows
Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection
Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents
Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,
Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities,
Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript,
Reduce container attack surface by building application images on Google distroless base images that contain
Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify
Hunt AADGraphActivityLogs and MicrosoftGraphActivityLogs in Microsoft Sentinel/Log Analytics for fingerprints of offensive Entra ID tools such as ROADtools, AADInternals, and…
Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,
Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,
Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,
Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through
Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies, — from Undermybelt/hermes-skills
Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification
Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,
Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs,
Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives
Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems
Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak
Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries,
Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,
Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication,
Baseline the EFI System Partition and hunt malicious EFI binaries (ESPecter, BlackLotus, Bootkitty, Glupteba) by mounting the ESP, hashing and verifying boot loaders, scanning…
Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing
Test vector stores for embedding inversion, cross-tenant leakage, and poisoning.
Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit
Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring
Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations
Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,
Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user
Patch management is the systematic process of identifying, testing, deploying, and verifying software updates
Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,
Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure,
Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test
Systematically testing web applications for broken access control vulnerabilities including privilege escalation,
Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and