Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based
Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin
Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,
Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.
Executes a structured ransomware incident response from initial detection through containment, forensic analysis,
Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit
Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised
Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud
Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy
Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous
Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create
Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing
Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud
Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service
Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol
Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity
Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,
Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and
Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control
Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous
Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for
Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs,
Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets,
Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration
Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring
Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and
Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege
Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert
Reduce container attack surface by building application images on Google distroless base images that contain
Implements strategies to reduce SOC alert fatigue by tuning detection rules, consolidating duplicate alerts,
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,
Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases
Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon
Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit
Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance,
Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat
Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine
Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract
Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization
Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying
Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,
Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,
Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,
Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce
Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child
Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps
Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process
Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement,
Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,
Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD
Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST
Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers
Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,
Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,