Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution
Score 70/100
Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,
Score 70/100
Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure
Score 70/100
Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,
Score 70/100
Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,
Score 70/100
Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,
Score 70/100
Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service
Score 70/100
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,
Score 70/100
Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service
Score 70/100
Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing
Score 70/100
Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.
Score 70/100
Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting
Score 70/100
Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session
Score 70/100
Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized
Score 70/100
Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,
Score 70/100
Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection
Score 70/100
Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,
Score 70/100
Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities,
Score 70/100
Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header
Score 70/100
Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting
Score 70/100
Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,
Score 70/100
Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines
Score 70/100
Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,
Score 70/100
Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,
Score 70/100
Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise
Score 70/100
Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives
Score 70/100
Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,
Score 70/100
Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware
Score 70/100
Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,
Score 70/100
Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct
Score 70/100
Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,
Score 70/100
Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,
Score 70/100
Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,
Score 70/100
Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments
Score 70/100
Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps
Score 70/100
GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing
Score 70/100
Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device
Score 70/100
Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards.
Score 70/100
Executes a structured ransomware incident response from initial detection through containment, forensic analysis,
Score 70/100
Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,
Score 70/100
Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with
Score 70/100
Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener
Score 70/100
Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities
Score 70/100
Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based
Score 70/100
Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and
Score 70/100
Analyze code, infrastructure, and configurations by conducting comprehensive security audits. It leverages tools within the security-pro-pack plugin, including vulnerability…
Score 70/100
Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing
Score 70/100
Test automate security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues.
Score 70/100
Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions
Score 70/100
Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,
Score 70/100
Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to
Score 70/100
Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode
Score 70/100
SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,
Score 70/100
Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test
Score 70/100
Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for
Score 70/100
Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains,
Score 70/100
Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,
Score 70/100
Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file
Score 70/100
Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance,
Score 70/100
Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,
Score 70/100