mukul975/anthropic-cybersecurity-skills

832 skills57.8K total installsGithubGithubGitHub

acquiring-disk-image-with-dd-and-dcfldd

431

analyzing-api-gateway-access-logs

420

analyzing-cyber-kill-chain

350

analyzing-android-malware-with-apktool

344

analyzing-email-headers-for-phishing-investigation

338

analyzing-browser-forensics-with-hindsight

336

analyzing-docker-container-forensics

322

analyzing-certificate-transparency-for-phishing

318

analyzing-cloud-storage-access-patterns

317

analyzing-active-directory-acl-abuse

316

analyzing-dns-logs-for-exfiltration

315

analyzing-apt-group-with-mitre-navigator

302

analyzing-command-and-control-communication

301

analyzing-linux-audit-logs-for-intrusion

295

conducting-api-security-testing

290

analyzing-network-traffic-with-wireshark

283

analyzing-bootkit-and-rootkit-samples

275

analyzing-azure-activity-logs-for-threats

275

testing-api-security-with-owasp-top-10

273

testing-for-xss-vulnerabilities

271

analyzing-indicators-of-compromise

271

analyzing-campaign-attribution-evidence

263

performing-web-application-penetration-test

261

analyzing-network-traffic-for-incidents

258

analyzing-ios-app-security-with-objection

257

testing-jwt-token-security

255

analyzing-disk-image-with-autopsy

254

analyzing-network-packets-with-scapy

253

analyzing-malicious-url-with-urlscan

253

analyzing-network-traffic-of-malware

251

analyzing-linux-kernel-rootkits

250

analyzing-linux-system-artifacts

248

analyzing-linux-elf-malware

245

analyzing-kubernetes-audit-logs

242

analyzing-golang-malware-with-ghidra

235

exploiting-sql-injection-vulnerabilities

231

analyzing-cobalt-strike-beacon-configuration

231

analyzing-web-server-logs-for-intrusion

228

analyzing-ethereum-smart-contract-vulnerabilities

227

analyzing-cobaltstrike-malleable-c2-profiles

226

testing-api-for-broken-object-level-authorization

225

analyzing-malicious-pdf-with-peepdf

223

analyzing-network-flow-data-with-netflow

220

analyzing-network-covert-channels-in-malware

219

testing-for-broken-access-control

218

analyzing-heap-spray-exploitation

217

testing-api-authentication-weaknesses

216

testing-cors-misconfiguration

215

analyzing-memory-dumps-with-volatility

215

analyzing-malware-behavior-with-cuckoo-sandbox

209

analyzing-malware-sandbox-evasion-techniques

208

testing-for-json-web-token-vulnerabilities

207

analyzing-sbom-for-supply-chain-vulnerabilities

207

testing-for-sensitive-data-exposure

206

analyzing-threat-intelligence-feeds

203

analyzing-pdf-malware-with-pdfid

199

analyzing-malware-persistence-with-autoruns

198

analyzing-macro-malware-in-office-documents

198

analyzing-malware-family-relationships-with-malpedia

197

testing-oauth2-implementation-flaws

196

analyzing-threat-actor-ttps-with-mitre-attack

196

analyzing-ransomware-encryption-mechanisms

193

analyzing-lnk-file-and-jump-list-artifacts

193

analyzing-ransomware-network-indicators

191

analyzing-powershell-script-block-logging

190

analyzing-memory-forensics-with-lime-and-volatility

189

analyzing-office365-audit-logs-for-compromise

188

testing-for-xxe-injection-vulnerabilities

187

testing-api-for-mass-assignment-vulnerability

187

analyzing-ransomware-leak-site-intelligence

187

analyzing-persistence-mechanisms-in-linux

187

analyzing-mft-for-deleted-file-recovery

186

auditing-aws-s3-bucket-permissions

184

conducting-network-penetration-test

182

analyzing-powershell-empire-artifacts

182

testing-for-open-redirect-vulnerabilities

179

testing-for-host-header-injection

179

testing-for-business-logic-vulnerabilities

179

conducting-external-reconnaissance-with-osint

179

analyzing-outlook-pst-for-email-forensics

179

testing-for-xss-vulnerabilities-with-burpsuite

175

analyzing-threat-actor-ttps-with-mitre-navigator

174

bypassing-authentication-with-forced-browsing

173

analyzing-supply-chain-malware-artifacts

171

analyzing-security-logs-with-splunk

170

analyzing-packed-malware-with-upx-unpacker

167

analyzing-tls-certificate-transparency-logs

166

collecting-open-source-intelligence

165

analyzing-windows-event-logs-in-splunk

164

analyzing-typosquatting-domains-with-dnstwist

164

analyzing-prefetch-files-for-execution-history

164

performing-web-application-vulnerability-triage

163

analyzing-threat-landscape-with-misp

163

conducting-mobile-app-penetration-test

161

building-incident-response-playbook

161

auditing-terraform-infrastructure-for-security

161

auditing-kubernetes-cluster-rbac

161

exploiting-sql-injection-with-sqlmap

160

testing-websocket-api-security

158

testing-for-xml-injection-vulnerabilities

158

analyzing-ransomware-payment-wallets

157

analyzing-usb-device-connection-history

155

testing-mobile-api-authentication

154

building-vulnerability-scanning-workflow

154

auditing-cloud-with-cis-benchmarks

154

exploiting-server-side-request-forgery

151

analyzing-windows-registry-for-artifacts

149

exploiting-api-injection-vulnerabilities

148

exploiting-idor-vulnerabilities

147

building-attack-pattern-library-from-cti-reports

145

analyzing-windows-prefetch-with-python

144

performing-web-application-firewall-bypass

143

automating-ioc-enrichment

143

testing-for-email-header-injection

142

analyzing-slack-space-and-file-system-artifacts

142

auditing-azure-active-directory-configuration

141

performing-web-application-scanning-with-nikto

140

auditing-gcp-iam-permissions

140

analyzing-windows-lnk-files-for-artifacts

140

conducting-cloud-penetration-testing

139

analyzing-windows-amcache-artifacts

139

reverse-engineering-android-malware-with-jadx

137

auditing-tls-certificate-transparency-logs

137

analyzing-windows-shellbag-artifacts

136

building-adversary-infrastructure-tracking-system

134

exploiting-jwt-algorithm-confusion-attack

131

exploiting-http-request-smuggling

131

building-incident-response-dashboard

131

conducting-full-scope-red-team-engagement

130

analyzing-uefi-bootkit-persistence

128

exploiting-websocket-vulnerabilities

125

exploiting-oauth-misconfiguration

125

detecting-ai-model-prompt-injection-attacks

125

exploiting-template-injection-vulnerabilities

124

building-c2-infrastructure-with-sliver-framework

124

detecting-api-enumeration-attacks

122

conducting-internal-network-penetration-test

122

abusing-dpapi-for-credential-access

122

performing-web-cache-deception-attack

121

hardening-docker-containers-for-production

120

building-automated-malware-submission-pipeline

120

exploiting-race-condition-vulnerabilities

119

building-threat-intelligence-platform

119

performing-web-cache-poisoning-attack

118

building-vulnerability-dashboard-with-defectdojo

118

building-threat-actor-profile-from-osint

118

building-soc-escalation-matrix

118

building-devsecops-pipeline-with-gitlab-ci

118

building-detection-rules-with-sigma

118

triaging-security-incident

117

implementing-api-rate-limiting-and-throttling

117

configuring-oauth2-authorization-flow

117

building-soc-playbook-for-ransomware

117

building-soc-metrics-and-kpi-tracking

117

building-threat-intelligence-feed-integration

116

performing-csrf-attack-simulation

115

implementing-secret-scanning-with-gitleaks

115

exploiting-insecure-deserialization

115

exploiting-broken-function-level-authorization

115

collecting-threat-intelligence-with-misp

115

exploiting-nosql-injection-vulnerabilities

114

performing-ssrf-vulnerability-exploitation

113

collecting-indicators-of-compromise

113

building-detection-rule-with-splunk-spl

113

scanning-docker-images-with-trivy

112

building-cloud-siem-with-sentinel

112

performing-api-rate-limiting-bypass

111

building-vulnerability-exception-tracking-system

111

building-malware-incident-communication-template

111

building-threat-hunt-hypothesis-framework

109

building-red-team-c2-infrastructure-with-havoc

109

performing-api-security-testing-with-postman

108

building-incident-timeline-with-timesketch

107

building-identity-governance-lifecycle-process

107

scanning-network-with-nmap-advanced

106

building-ransomware-playbook-with-cisa-framework

106

exploiting-prototype-pollution-in-javascript

104

conducting-wireless-network-penetration-test

104

conducting-cloud-incident-response

104

building-ioc-enrichment-pipeline-with-opencti

104

performing-security-headers-audit

103

exploiting-mass-assignment-in-rest-apis

103

conducting-phishing-incident-response

102

building-vulnerability-aging-and-sla-tracking

101

deobfuscating-javascript-malware

100

building-phishing-reporting-button-workflow

100

conducting-man-in-the-middle-attack-simulation

99

building-threat-feed-aggregation-with-misp

99

building-ioc-defanging-and-sharing-pipeline

99

building-identity-federation-with-saml-azure-ad

99

conducting-internal-reconnaissance-with-bloodhound-ce

98

building-threat-intelligence-enrichment-in-splunk

97

securing-github-actions-workflows

96

implementing-jwt-signing-and-verification

96

exploiting-excessive-data-exposure-in-api

96

performing-api-inventory-and-discovery

94

implementing-api-schema-validation-security

94

exploiting-insecure-data-storage-in-mobile

94

testing-android-intents-for-vulnerabilities

92

reverse-engineering-ios-app-with-frida

92

conducting-malware-incident-response

92

implementing-api-key-security-controls

91

collecting-volatile-evidence-from-compromised-host

91

building-role-mining-for-rbac-optimization

91

performing-vulnerability-scanning-with-nessus

90

exploiting-type-juggling-vulnerabilities

90

reverse-engineering-malware-with-ghidra

89

performing-wifi-password-cracking-with-aircrack

89

exploiting-deeplink-vulnerabilities

89

conducting-pass-the-ticket-attack

89

conducting-domain-persistence-with-dcsync

89

building-patch-tuesday-response-process

89

achieving-cmmc-level-2-compliance

88

triaging-vulnerabilities-with-ssvc-framework

87

performing-sca-dependency-scanning-with-snyk

86

performing-jwt-none-algorithm-attack

86

conducting-social-engineering-penetration-test

86

performing-api-fuzzing-with-restler

85

exploiting-broken-link-hijacking

85

executing-red-team-exercise

85

validating-backup-integrity-for-recovery

84

exploiting-vulnerabilities-with-metasploit-framework

84

executing-red-team-engagement-planning

84

tracking-threat-actor-infrastructure

83

configuring-tls-1-3-for-secure-communications

83

detecting-sql-injection-via-waf-logs

82

testing-ransomware-recovery-procedures

81

scanning-containers-with-trivy-in-cicd

81

conducting-memory-forensics-with-volatility

81

triaging-security-incident-with-ir-playbook

80

performing-threat-modeling-with-owasp-threat-dragon

80

conducting-post-incident-lessons-learned

80

abusing-shadow-credentials-for-privesc

80

performing-soc2-type2-audit-preparation

79

detecting-shadow-api-endpoints

78

detecting-attacks-on-scada-systems

78

implementing-api-gateway-security-controls

76

hardening-docker-daemon-configuration

76

detecting-anomalous-authentication-patterns

75

performing-subdomain-enumeration-with-subfinder

74

prioritizing-vulnerabilities-with-cvss-scoring

73

extracting-browser-history-artifacts

73

exploiting-ipv6-vulnerabilities

73

performing-second-order-sql-injection

72

performing-graphql-security-assessment

72

implementing-api-security-posture-management

72

implementing-api-abuse-detection-with-rate-limiting

72

exploiting-smb-vulnerabilities-with-metasploit

72

detecting-broken-object-property-level-authorization

72

securing-serverless-functions

71

performing-directory-traversal-testing

71

triaging-security-alerts-in-splunk

70

implementing-secrets-scanning-in-ci-cd

70

detecting-oauth-token-theft

70

conducting-spearphishing-simulation-campaign

70

performing-ssl-tls-security-assessment

68

configuring-pfsense-firewall-rules

68

configuring-network-segmentation-with-vlans

68

conducting-social-engineering-pretext-call

68

securing-container-registry-images

67

scanning-container-images-with-grype

67

performing-content-security-policy-bypass

67

performing-clickjacking-attack-test

67

detecting-aws-credential-exposure-with-trufflehog

67

reverse-engineering-dotnet-malware-with-dnspy

66

performing-wireless-security-assessment-with-kismet

66

exploiting-bgp-hijacking-vulnerabilities

66

performing-http-parameter-pollution-attack

65

configuring-host-based-intrusion-detection

65

securing-api-gateway-with-aws-waf

64

performing-android-app-static-analysis-with-mobsf

64

implementing-devsecops-security-scanning

64

hardening-linux-endpoint-with-cis-benchmark

64

deobfuscating-powershell-obfuscated-malware

64

securing-aws-iam-permissions

63

remediating-s3-bucket-misconfiguration

63

performing-network-traffic-analysis-with-tshark

63

exploiting-active-directory-with-bloodhound

63

exploiting-active-directory-certificate-services-esc1

63

performing-wireless-network-penetration-test

62

performing-blind-ssrf-exploitation

62

extracting-credentials-from-memory-dump

62

detecting-supply-chain-attacks-in-ci-cd

62

configuring-certificate-authority-with-openssl

62

reverse-engineering-rust-malware

61

reverse-engineering-ransomware-encryption-routine

61

exploiting-kerberoasting-with-impacket

61

performing-osint-with-spiderfoot

60

performing-graphql-introspection-attack

60

integrating-sast-into-github-actions-pipeline

60

scanning-kubernetes-manifests-with-kubesec

59

performing-oauth-scope-minimization-review

59

performing-authenticated-vulnerability-scan

59

hunting-credential-stuffing-attacks

59

exploiting-zerologon-vulnerability-cve-2020-1472

59

detecting-email-account-compromise

59

configuring-windows-event-logging-for-detection

59

configuring-windows-defender-advanced-settings

59

performing-privilege-escalation-on-linux

58

performing-ai-driven-osint-correlation

58

monitoring-darkweb-sources

58

scanning-infrastructure-with-nessus

57

performing-mobile-app-certificate-pinning-bypass

57

performing-container-security-scanning-with-trivy

57

implementing-api-security-testing-with-42crunch

57

generating-threat-intelligence-reports

57

performing-open-source-intelligence-gathering

56

exploiting-nopac-cve-2021-42278-42287

56

detecting-aws-iam-privilege-escalation

56

securing-kubernetes-on-cloud

55

performing-network-forensics-with-wireshark

55

performing-cryptographic-audit-of-application

55

performing-active-directory-penetration-test

55

detecting-aws-cloudtrail-anomalies

55

deploying-tailscale-for-zero-trust-vpn

55

configuring-suricata-for-network-monitoring

55

securing-remote-access-to-ot-environment

54

securing-aws-lambda-execution-roles

54

performing-privilege-escalation-assessment

54

performing-kubernetes-penetration-testing

54

performing-hash-cracking-with-hashcat

54

hunting-advanced-persistent-threats

54

detecting-s3-data-exfiltration-attempts

54

configuring-microsegmentation-for-zero-trust

54

auditing-mcp-servers-for-tool-poisoning

54

securing-helm-chart-deployments

53

performing-network-packet-capture-analysis

53

performing-graphql-depth-limit-attack

53

configuring-ldap-security-hardening

53

performing-dark-web-monitoring-for-threats

52

exploiting-constrained-delegation-abuse

52

deploying-cloudflare-access-for-zero-trust

52

containing-active-breach

52

performing-ssl-certificate-lifecycle-management

51

performing-container-image-hardening

51

detecting-typosquatting-packages-in-npm-pypi

51

detecting-network-scanning-with-ids-signatures

51

performing-docker-bench-security-assessment

50

integrating-dast-with-owasp-zap-in-pipeline

50

hunting-for-webshell-activity

50

detecting-privilege-escalation-attempts

50

detecting-business-email-compromise

50

detecting-arp-poisoning-in-network-traffic

50

performing-ssl-tls-inspection-configuration

49

hardening-windows-endpoint-with-cis-benchmark

49

detecting-email-forwarding-rules-attack

49

configuring-hsm-for-key-storage

49

performing-red-team-phishing-with-gophish

48

mapping-mitre-attack-techniques

48

implementing-llm-guardrails-for-security

48

implementing-api-threat-protection-with-apigee

48

exploiting-ms17-010-eternalblue-vulnerability

48

detecting-container-escape-attempts

48

correlating-threat-campaigns

48

configuring-active-directory-tiered-model

48

attacking-oauth-with-device-code-phishing

48

securing-container-registry-with-harbor

47

performing-threat-hunting-with-elastic-siem

47

performing-ssl-stripping-attack

47

performing-ios-app-security-assessment

47

performing-cve-prioritization-with-kev-catalog

47

intercepting-mobile-traffic-with-burpsuite

47

implementing-semgrep-for-custom-sast-rules

47

detecting-dns-exfiltration-with-dns-query-analysis

47

configuring-snort-ids-for-intrusion-detection

47

configuring-aws-verified-access-for-ztna

47

performing-yara-rule-development-for-detection

46

performing-privileged-account-discovery

46

performing-external-network-penetration-test

46

detecting-credential-dumping-techniques

46

detecting-anomalies-in-industrial-control-systems

46

performing-serverless-function-security-review

45

performing-memory-forensics-with-volatility3

45

performing-cloud-penetration-testing-with-pacu

45

implementing-gdpr-data-protection-controls

45

extracting-iocs-from-malware-samples

45

detecting-pass-the-hash-attacks

45

detecting-lateral-movement-in-network

45

detecting-compromised-cloud-credentials

45

deploying-ransomware-canary-files

45

profiling-threat-actor-groups

44

performing-agentless-vulnerability-scanning

44

implementing-web-application-logging-with-modsecurity

44

implementing-aes-encryption-for-data-at-rest

44

hunting-for-unusual-network-connections

44

hunting-for-anomalous-powershell-execution

44

extracting-windows-event-logs-artifacts

44

executing-phishing-simulation-campaign

44

detecting-aws-guardduty-findings-automation

44

configuring-multi-factor-authentication-with-duo

44

securing-historian-server-in-ot-environment

43

performing-threat-hunting-with-yara-rules

43

performing-soap-web-service-security-testing

43

performing-red-team-with-covenant

43

performing-endpoint-forensics-investigation

43

performing-binary-exploitation-analysis

43

detecting-suspicious-oauth-application-consent

43

assessing-vector-and-embedding-weaknesses

43

securing-azure-with-microsoft-defender

42

performing-user-behavior-analytics

42

performing-threat-landscape-assessment-for-sector

42

performing-sqlite-database-forensics

42

performing-privacy-impact-assessment

42

performing-mobile-device-forensics-with-cellebrite

42

performing-active-directory-vulnerability-assessment

42

implementing-github-advanced-security-for-code-scanning

42

hunting-for-dns-based-persistence

42

hunting-for-data-exfiltration-indicators

42

detecting-port-scanning-with-fail2ban

42

detecting-deepfake-audio-in-vishing-attacks

42

detecting-azure-storage-account-misconfigurations

42

detecting-attacks-on-historian-servers

42

performing-threat-emulation-with-atomic-red-team

41

performing-supply-chain-attack-simulation

41

performing-service-account-audit

41

performing-privileged-account-access-review

41

performing-linux-log-forensics-investigation

41

performing-endpoint-vulnerability-remediation

41

detecting-rootkit-activity

41

configuring-identity-aware-proxy-with-google-iap

41

recovering-from-ransomware-attack

40

performing-windows-artifact-analysis-with-eric-zimmerman-tools

40

performing-vlan-hopping-attack

40

performing-purple-team-exercise

40

performing-dns-enumeration-and-zone-transfer

40

hunting-for-supply-chain-compromise

40

detecting-serverless-function-injection

40

detecting-dll-sideloading-attacks

40

detecting-cryptomining-in-cloud

40

detecting-business-email-compromise-with-ai

40

performing-thick-client-application-penetration-test

39

performing-steganography-detection

39

performing-service-account-credential-rotation

39

performing-packet-injection-attack

39

performing-ot-vulnerability-scanning-safely

39

performing-nist-csf-maturity-assessment

39

performing-aws-privilege-escalation-assessment

39

performing-authenticated-scan-with-openvas

39

executing-active-directory-attack-simulation

39

detecting-qr-code-phishing-with-email-security

39

detecting-process-injection-techniques

39

detecting-mobile-malware-behavior

39

detecting-fileless-attacks-on-endpoints

39

detecting-container-escape-with-falco-rules

39

detecting-container-drift-at-runtime

39

auditing-kubernetes-rbac-privilege-escalation

39

performing-threat-intelligence-sharing-with-misp

38

performing-ot-vulnerability-assessment-with-claroty

38

performing-ot-network-security-assessment

38

performing-network-traffic-analysis-with-zeek

38

performing-malware-triage-with-yara

38

performing-dynamic-analysis-of-android-app

38

performing-arp-spoofing-attack-simulation

38

implementing-cloud-waf-rules

38

hunting-for-unusual-service-installations

38

detecting-network-anomalies-with-zeek

38

detecting-kerberoasting-attacks

38

detecting-insider-threat-behaviors

38

detecting-golden-ticket-attacks-in-kerberos-logs

38

detecting-cloud-threats-with-guardduty

38

detecting-bluetooth-low-energy-attacks

38

detecting-azure-lateral-movement

38

auditing-foundry-smart-contract-security

38

auditing-entra-id-with-aadinternals

38

performing-static-malware-analysis-with-pe-studio

37

performing-power-grid-cybersecurity-assessment

37

performing-phishing-simulation-with-gophish

37

performing-malware-hash-enrichment-with-virustotal

37

performing-kubernetes-cis-benchmark-with-kube-bench

37

performing-firmware-malware-analysis

37

performing-dns-tunneling-detection

37

performing-active-directory-bloodhound-analysis

37

implementing-zero-trust-network-access

37

implementing-secrets-management-with-vault

37

implementing-dmarc-dkim-spf-email-security

37

hunting-for-dns-tunneling-with-zeek

37

detecting-dcsync-attack-in-active-directory

37

performing-plc-firmware-security-analysis

36

performing-log-analysis-for-forensic-investigation

36

performing-aws-account-enumeration-with-scout-suite

36

performing-asset-criticality-scoring-for-vulns

36

investigating-phishing-email-incident

36

implementing-zero-trust-for-saas-applications

36

implementing-network-access-control

36

implementing-kubernetes-pod-security-standards

36

implementing-aws-iam-permission-boundaries

36

implementing-attack-surface-management

36

extracting-memory-artifacts-with-rekall

36

detecting-ransomware-precursors-in-network

36

detecting-azure-service-principal-abuse

36

auditing-uefi-firmware-with-chipsec

36

performing-ransomware-response

35

performing-ip-reputation-analysis-with-shodan

35

performing-active-directory-compromise-investigation

35

hunting-for-command-and-control-beaconing

35

detecting-rdp-brute-force-attacks

35

detecting-privilege-escalation-in-kubernetes-pods

35

detecting-command-and-control-over-dns

35

deploying-software-defined-perimeter

35

benchmarking-kubernetes-with-kube-bench

35

attacking-entra-id-with-roadtools

35

performing-malware-ioc-extraction

34

performing-lateral-movement-with-wmiexec

34

performing-kubernetes-etcd-security-assessment

34

performing-kerberoasting-attack

34

performing-disk-forensics-investigation

34

implementing-zero-trust-in-cloud

34

implementing-threat-modeling-with-mitre-attack

34

implementing-infrastructure-as-code-security-scanning

34

implementing-gdpr-data-subject-access-request

34

hunting-for-registry-run-key-persistence

34

hunting-for-persistence-mechanisms-in-windows

34

hunting-for-domain-fronting-c2-traffic

34

detecting-service-account-abuse

34

detecting-pass-the-ticket-attacks

34

deploying-osquery-for-endpoint-monitoring

34

performing-ransomware-tabletop-exercise

33

performing-memory-forensics-with-volatility3-plugins

33

performing-malware-persistence-investigation

33

implementing-mitre-attack-coverage-mapping

33

implementing-end-to-end-encryption-for-messaging

33

hunting-for-spearphishing-indicators

33

hunting-for-process-injection-techniques

33

hunting-for-data-staging-before-exfiltration

33

detecting-suspicious-powershell-execution

33

detecting-shadow-it-cloud-usage

33

detecting-ransomware-encryption-behavior

33

detecting-modbus-command-injection-attacks

33

detecting-fileless-malware-techniques

33

detecting-beaconing-patterns-with-zeek

33

deploying-palo-alto-prisma-access-zero-trust

33

deploying-edr-agent-with-crowdstrike

33

deploying-active-directory-honeytokens

33

building-c2-redirector-infrastructure

33

performing-timeline-reconstruction-with-plaso

32

performing-purple-team-atomic-testing

32

performing-paste-site-monitoring-for-credentials

32

performing-firmware-extraction-with-binwalk

32

performing-container-escape-detection

32

performing-cloud-asset-inventory-with-cartography

32

implementing-pci-dss-compliance-controls

32

implementing-google-workspace-phishing-protection

32

hunting-for-suspicious-scheduled-tasks

32

hunting-for-scheduled-task-persistence

32

hunting-for-registry-persistence-mechanisms

32

hunting-for-living-off-the-cloud-techniques

32

hunting-for-lateral-movement-via-wmi

32

detecting-process-hollowing-technique

32

correlating-security-events-in-qradar

32

conducting-cyber-risk-assessment-with-nist-800-30

32

performing-soc-tabletop-exercise

31

performing-scada-hmi-security-assessment

31

performing-credential-access-with-lazagne

31

implementing-vulnerability-management-with-greenbone

31

implementing-hashicorp-vault-dynamic-secrets

31

implementing-endpoint-detection-with-wazuh

31

implementing-aqua-security-for-container-scanning

31

hunting-for-shadow-copy-deletion

31

hunting-for-dcsync-attacks

31

hunting-for-cobalt-strike-beacons

31

extracting-config-from-agent-tesla-rat

31

detecting-living-off-the-land-with-lolbas

31

detecting-exfiltration-over-dns-with-zeek

31

detecting-evasion-techniques-in-endpoint-logs

31

recovering-deleted-files-with-photorec

30

processing-stix-taxii-feeds

30

performing-physical-intrusion-assessment

30

performing-gcp-penetration-testing-with-gcpbucketbrute

30

performing-cloud-native-forensics-with-falco

30

performing-cloud-forensics-investigation

30

performing-adversary-in-the-middle-phishing-detection

30

performing-active-directory-forest-trust-attack

30

implementing-zero-knowledge-proof-for-authentication

30

implementing-ransomware-backup-strategy

30

implementing-ddos-mitigation-with-cloudflare

30

hunting-for-ntlm-relay-attacks

30

hunting-for-lolbins-execution-in-endpoint-logs

30

hunting-for-beaconing-with-frequency-analysis

30

detecting-stuxnet-style-attacks

30

detecting-ntlm-relay-with-event-correlation

30

detecting-living-off-the-land-attacks

30

detecting-insider-data-exfiltration-via-dlp

30

detecting-golden-ticket-forgery

30

detecting-dnp3-protocol-anomalies

30

configuring-zscaler-private-access-for-ztna

30

performing-post-quantum-cryptography-migration

29

performing-fuzzing-with-aflplusplus

29

performing-false-positive-reduction-in-siem

29

performing-cloud-log-forensics-with-athena

29

implementing-iso-27001-information-security-management

29

implementing-google-workspace-admin-security

29

implementing-digital-signatures-with-ed25519

29

implementing-cloud-vulnerability-posture-management

29

implementing-anti-phishing-training-program

29

hunting-for-persistence-via-wmi-subscriptions

29

hunting-for-defense-evasion-via-timestomping

29

eradicating-malware-from-infected-systems

29

detecting-mimikatz-execution-patterns

29

detecting-malicious-scheduled-tasks-with-sysmon

29

detecting-lateral-movement-with-splunk

29

detecting-insider-threat-with-ueba

29

deploying-decoy-files-for-ransomware-detection

29

testing-prompt-injection-in-rag-pipelines

28

performing-oil-gas-cybersecurity-assessment

28

performing-gcp-security-assessment-with-forseti

28

performing-dynamic-analysis-with-any-run

28

performing-cloud-storage-forensic-acquisition

28

implementing-network-policies-for-kubernetes

28

implementing-mobile-application-management

28

implementing-container-image-minimal-base-with-distroless

28

implementing-aws-security-hub

28

implementing-aws-config-rules-for-compliance

28

hunting-for-dcom-lateral-movement

28

detecting-spearphishing-with-email-gateway

28

detecting-modbus-protocol-anomalies

28

performing-dmarc-policy-enforcement-rollout

27

implementing-vulnerability-remediation-sla

27

implementing-security-chaos-engineering

27

implementing-pam-for-database-access

27

implementing-network-intrusion-prevention-with-suricata

27

implementing-code-signing-for-artifacts

27

hunting-for-startup-folder-persistence

27

hunting-for-living-off-the-land-binaries

27

evaluating-threat-intelligence-platforms

27

testing-for-system-prompt-leakage

26

performing-s7comm-protocol-security-analysis

26

performing-cloud-native-threat-hunting-with-aws-detective

26

performing-cloud-incident-containment-procedures

26

performing-brand-monitoring-for-impersonation

26

performing-automated-malware-analysis-with-cape

26

investigating-ransomware-attack-artifacts

26

implementing-threat-intelligence-lifecycle-management

26

implementing-rsa-key-pair-management

26

implementing-kubernetes-network-policy-with-calico

26

implementing-google-workspace-sso-configuration

26

detecting-lateral-movement-with-zeek

26

building-super-timelines-with-plaso

26

performing-lateral-movement-detection

25

performing-deception-technology-deployment

25

performing-bluetooth-security-assessment

25

implementing-privileged-session-monitoring

25

implementing-network-segmentation-with-firewall-zones

25

implementing-fuzz-testing-in-cicd-with-aflplusplus

25

implementing-aws-security-hub-compliance

25

implementing-anti-ransomware-group-policy

25

detecting-t1003-credential-dumping-with-edr

25

detecting-misconfigured-azure-storage

25

implementing-supply-chain-security-with-in-toto

24

implementing-rbac-hardening-for-kubernetes

24

implementing-network-traffic-analysis-with-arkime

24

implementing-hardware-security-key-authentication

24

implementing-gcp-vpc-firewall-rules

24

implementing-file-integrity-monitoring-with-aide

24

implementing-cloud-security-posture-management

24

hunting-for-t1098-account-manipulation

24

detecting-wmi-persistence

24

detecting-t1548-abuse-elevation-control-mechanism

24

performing-iot-security-assessment

23

performing-ioc-enrichment-automation

23

performing-entitlement-review-with-sailpoint-iiq

23

performing-cloud-forensics-with-aws-cloudtrail

23

performing-bandwidth-throttling-attack-simulation

23

investigating-insider-threat-indicators

23

implementing-policy-as-code-with-open-policy-agent

23

implementing-pod-security-admission-controller

23

implementing-passwordless-authentication-with-fido2

23

implementing-identity-verification-for-zero-trust

23

implementing-endpoint-dlp-controls

23

implementing-browser-isolation-for-zero-trust

23

implementing-alert-fatigue-reduction

23

detecting-t1055-process-injection-with-sysmon

23

performing-log-source-onboarding-in-siem

22

implementing-vulnerability-sla-breach-alerting

22

implementing-patch-management-workflow

22

implementing-passwordless-auth-with-microsoft-entra

22

implementing-network-access-control-with-cisco-ise

22

implementing-honeypot-for-ransomware-detection

22

implementing-gcp-binary-authorization

22

implementing-epss-score-for-vulnerability-prioritization

22

implementing-email-sandboxing-with-proofpoint

22

implementing-cloud-workload-protection

22

implementing-cloud-dlp-for-data-protection

22

implementing-cisa-zero-trust-maturity-model

22

implementing-attack-path-analysis-with-xm-cyber

22

implementing-application-whitelisting-with-applocker

22

coercing-authentication-with-coercer-petitpotam

22

performing-hardware-security-module-integration

21

performing-access-review-and-certification

21

managing-intelligence-lifecycle

21

managing-cloud-identity-with-okta

21

implementing-zero-standing-privilege-with-cyberark

21

implementing-syslog-centralization-with-rsyslog

21

implementing-siem-use-cases-for-detection

21

implementing-saml-sso-with-okta

21

implementing-runtime-application-self-protection

21

implementing-network-segmentation-for-ot

21

implementing-mtls-for-zero-trust-services

21

implementing-immutable-backup-with-restic

21

implementing-image-provenance-verification-with-cosign

21

implementing-envelope-encryption-with-aws-kms

21

implementing-aws-nitro-enclave-security

21

implementing-aws-macie-for-data-classification

21

detecting-dependency-confusion

21

performing-insider-threat-investigation

20

performing-indicator-lifecycle-management

20

performing-file-carving-with-foremost

20

implementing-soar-playbook-for-phishing

20

implementing-sigstore-for-software-signing

20

implementing-siem-use-case-tuning

20

implementing-network-traffic-baselining

20

implementing-disk-encryption-with-bitlocker

20

implementing-continuous-security-validation-with-bas

20

implementing-azure-ad-privileged-identity-management

20

verifying-build-provenance-with-slsa-sigstore

19

performing-alert-triage-with-elastic-siem

19

performing-access-recertification-with-saviynt

19

implementing-zero-trust-dns-with-nextdns

19

implementing-stix-taxii-feed-integration

19

implementing-siem-correlation-rules-for-apt

19

implementing-ransomware-kill-switch-detection

19

implementing-privileged-access-workstation

19

implementing-privileged-access-management-with-cyberark

19

implementing-ot-network-traffic-analysis-with-nozomi

19

implementing-network-deception-with-honeypots

19

implementing-gcp-organization-policy-constraints

19

implementing-data-loss-prevention-with-microsoft-purview

19

implementing-conduit-security-for-ot-remote-access

19

implementing-conditional-access-policies-azure-ad

19

implementing-canary-tokens-for-network-intrusion

19

implementing-zero-trust-with-hashicorp-boundary

18

implementing-soar-playbook-with-palo-alto-xsoar

18

implementing-patch-management-for-ot-systems

18

implementing-ot-incident-response-playbook

18

implementing-memory-protection-with-dep-aslr

18

implementing-honeytokens-for-breach-detection

18

implementing-ebpf-security-monitoring

18

implementing-dragos-platform-for-ot-monitoring

18

implementing-diamond-model-analysis

18

implementing-device-posture-assessment-in-zero-trust

18

implementing-delinea-secret-server-for-pam

18

implementing-container-network-policies-with-calico

18

implementing-cloud-trail-log-analysis

18

performing-initial-access-with-evilginx3

17

implementing-ticketing-system-for-incidents

17

implementing-taxii-server-with-opentaxii

17

implementing-soar-automation-with-phantom

17

implementing-security-monitoring-with-datadog

17

implementing-proofpoint-email-security-gateway

17

implementing-next-generation-firewall-with-palo-alto

17

implementing-log-integrity-with-blockchain

17

implementing-log-forwarding-with-fluentd

17

implementing-iec-62443-security-zones

17

implementing-identity-governance-with-sailpoint

17

implementing-deception-based-detection-with-canarytoken

17

implementing-beyondcorp-zero-trust-access-model

17

performing-ics-asset-discovery-with-claroty

16

implementing-zero-trust-network-access-with-zscaler

16

implementing-velociraptor-for-ir-collection

16

implementing-usb-device-control-policy

16

implementing-scim-provisioning-with-okta

16

implementing-opa-gatekeeper-for-policy-enforcement

16

implementing-bgp-security-with-rpki

16

implementing-azure-defender-for-cloud

16

detecting-malicious-npm-packages

16

validating-tpm-measured-boot-attestation

15

monitoring-scada-modbus-traffic-anomalies

15

implementing-security-information-sharing-with-stix2

15

implementing-runtime-security-with-tetragon

15

implementing-purdue-model-network-segmentation

15

implementing-nerc-cip-compliance-controls

15

implementing-mimecast-targeted-attack-protection

15

implementing-just-in-time-access-provisioning

15

detecting-indirect-prompt-injection

15

analyzing-cobalt-strike-malleable-profiles

15

scanning-iac-and-images-with-trivy

14

red-teaming-llms-with-garak

14

implementing-zero-trust-with-beyondcorp

14

implementing-rapid7-insightvm-for-scanning

14

implementing-microsegmentation-with-guardicore

14

implementing-ics-firewall-with-tofino

14

defending-llms-with-guardrails

14

continuous-llm-red-teaming-with-promptfoo

14

securing-agentic-ai-tool-invocation

13

building-cloud-security-posture-management

13

analyzing-phishing-email-headers

13

triaging-windows-with-kape

12

conducting-mobile-application-penetration-test

12

conducting-cloud-infrastructure-penetration-test

11

detecting-secure-boot-bypass

10

generating-and-analyzing-sboms

9

exploiting-aws-with-pacu

9

exploiting-adcs-with-certipy

9

post-exploiting-microsoft-graph-with-graphrunner

8

hunting-evtx-with-chainsaw

8

auditing-kubernetes-rbac-permissions

8

executing-nist-rmf-authorization-to-operate

7

emulating-cloud-attacks-with-stratus-red-team

7

detecting-model-extraction-attacks

7

deploying-cloud-deception-with-decoy-resources

7

relaying-ntlm-for-adcs-esc8

6

performing-cloud-penetration-testing

6

detecting-data-and-model-poisoning

6

orchestrating-llm-attacks-with-pyrit

5

modeling-threats-with-opencti

5

migrating-to-post-quantum-cryptography

5

hunting-bootkits-in-efi-system-partition

5

escaping-containers-to-host

5

enumerating-cloud-with-cloudfox

5

detecting-entra-offensive-tools-in-graph-logs

5

detecting-container-runtime-threats-with-falco

5

containing-active-security-breach

5

parsing-artifacts-with-eric-zimmerman-tools

4

operating-sliver-c2

4

moving-laterally-with-netexec

4

mapping-attack-paths-with-bloodhound-ce

4

implementing-hipaa-security-rule-safeguards

4

hunting-saas-sso-token-abuse

4

designing-adversary-engagement-with-mitre-engage

4

deploying-honeytokens-and-canarytokens

4

performing-ransomware-incident-response

3

managing-third-party-vendor-risk

3

hunting-living-off-the-land-binaries

3

detecting-cloud-cryptomining-activity

3

operationalizing-misp-threat-feeds

2

operating-havoc-c2

2

implementing-threat-intelligence-platform

2

implementing-rbac-for-kubernetes-cluster

2

hunting-for-webshells-in-web-servers

2

fleet-hunting-with-velociraptor

2

executing-diamond-model-analysis

2

detecting-typosquatting-packages

2

detecting-golden-ticket-attacks

2