Analyzes events through computer science lens using computational complexity, algorithms, data structures, systems architecture, information theory, and software engineer — from…
Analyzes events through computer science lens using computational complexity, algorithms, data structures, systems architecture, information theory, and software engineer — from…
Build AI agents that interact with computers like humans do - viewing screens, moving cursors, clicking buttons, and typing text.
Build AI agents that interact with computers like humans do - viewing screens, moving cursors, clicking buttons, and typing text.
Build production computer vision pipelines for object detection, tracking, and video analysis. Handles drone footage, wildlife monitoring, and real-time detection.
TOCTOU prevention, distributed locking, idempotency keys, race condition detection for Node.js and serverless environments.
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,
Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,
Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting
Identifies fulcrum securities in distressed capital structures with enterprise value allocation and recovery sensitivity analysis.
Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using
Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify
Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify
Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection
Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,
Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,
Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate
Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,
Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.
Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing
Produces structured legal conference summaries capturing session substance, speaker credentials, cited authorities, and practical takeaways.
Drafts enforceable U.S. Employee Confidentiality and Security Agreements protecting proprietary information, trade secrets, and digital assets, with layered…
Scan .claude/ directory for security misconfigurations, exposed secrets, unsafe permissions
Kubernetes-Ingress-Networking mit NGINX-Ingress-Controller, cert-manager fuer automatisiertes TLS-Zertifikat-Management, pfadbasiertes Routing, Rate-Limiting und…
Configure code scanning in Harness pipelines using STO security scanners. Helps identify where to inject SAST/SCA scanning steps into existing pipelines, recommends appropriate…
Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.
Configures SQL audit logging on CockroachDB clusters to capture security-relevant events including authentication, privilege changes, and sensitive data access.
Configure host-based firewalls (iptables, nftables, UFW) and cloud security groups (AWS, GCP, Azure) with practical rules for common scenarios like web servers, databases, and…
Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and
Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and
Configures and hardens IP allowlists for CockroachDB Cloud clusters to restrict network access to authorized CIDR ranges.
Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous
Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and
Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,
Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious
Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for
Configure Tauri v2 capabilities to bind permissions to specific windows and webviews for access control.
Configure Content Security Policy (CSP) in Tauri v2 apps to prevent XSS and restrict where the webview loads resources.
Configure HTTP response headers in Tauri v2.1+ webview responses, covering security headers, custom headers, and CORS from the allowlist.
TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements
Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction
Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for
Conjur integration. Manage security and secrets-management data, records, and workflows. Use when the user wants to interact with Conjur data.
Connect to an AWS account, validate credentials, and discover what services are in use.
Connect to an Azure subscription, validate credentials, and discover what services are in use.
Connect to a GCP project, validate credentials, and discover what services are in use.
Guide for connecting MCP (Model Context Protocol) servers to Claude Code with HTTP, stdio, and SSE transports.
Managing OAuth policies, IP relaxation, session security, PKCE, and credential rotation for Salesforce Connected Apps.
Use when designing, reviewing, or troubleshooting Salesforce connected apps, Named Credentials, External Credentials, and OAuth-based integration access.
Analyze cryptographic code to detect operations that leak secret data through execution timing variations.
Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or…
Establish project governing principles including dev guidelines, code quality standards, testing policies, UX requirements, performance benchmarks, and security constraints.
Drafts U.S. consumer-facing data breach notification letters compliant with state statutes. Use when a security incident involving personal information requires consumer notice —…
Router skill for classifying Contabo tasks and delegating to the narrowest specialist for cost analysis, capacity planning, security hardening, VPS/VDS lifecycle operations, or…
Advisory skill for hardening Contabo infrastructure security: SSH key management via secret IDs, default root and admin user policy, firewall posture review, OAuth2 credential…
Docker, containerd/CRI-O, and Kubernetes forensic investigation covering container inventory (docker and crictl), privilege checks, image verification, layer analysis (dive),…
Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators.
Dockerfile security linting and best practice validation using Hadolint with 100+ built-in rules aligned to CIS Docker Benchmark.
Scans Docker and OCI container images for vulnerabilities using Trivy JSON output and the Docker Hub API v2 for image metadata.