Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,
Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware
Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,
Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct
Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,
Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,
Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,
Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments
Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps
GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing
Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device
Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards.
Executes a structured ransomware incident response from initial detection through containment, forensic analysis,
Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,
Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with
Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener
Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities
Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based
Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and
Analyze code, infrastructure, and configurations by conducting comprehensive security audits. It leverages tools within the security-pro-pack plugin, including vulnerability…
Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing
Test automate security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues.
Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions
Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,
Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to
Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode
SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,
Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test
Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for
Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains,
Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,
Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file
Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance,
Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,
Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.
Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline
Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems
Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management,
Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack
Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,
Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments
Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,
Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,
Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)
Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to
Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers
Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through
Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3
Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak
Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral
Use when Jared asks about selling or positioning the PerformOS agent package to clients. Covers cloud (Orgo) and local editions, two-tier Standard/Advanced pricing, "up to 10…
Genera fragmentos de código inicial funcionales para Arduino IDE y ESP-IDF a partir del mapeo de pines y periféricos de un microcontrolador ESP32.
中文优先:用于Perl安全相关任务,帮助识别、设计、实现或验证对应工作流。English keywords: Comprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web…
Use when designing or reviewing permission-set-group architecture, especially profile minimization, group composition, muting strategy, and migration away from profile-heavy…
Use when designing or auditing Salesforce access control — deciding between Profiles, Permission Sets, and Permission Set Groups.
Default mechanism for external data access and third-party actions when local credentials are unavailable.
Apply Perplexity security best practices for API key management and query safety. Use when securing API keys, implementing query sanitization, or auditing Perplexity security…
Keep searchable long-term memory for coding agents in a local SQLite store and expose it through MCP when sessions keep forgetting prior decisions, conventions, and useful…
Audit SQLite persistence layer for unused tables and broken integrations. Trigger when: (1) checking database usage, (2) cleaning up schema, (3) finding missing methods.
Configure Persona API authentication with sandbox and production API keys. Use when setting up identity verification, configuring API credentials, or initializing Persona in your…