Skill UI

Systematically map Windows and Linux persistence vectors to reveal how malware survives reboots, enumerating autoruns, services, scheduled tasks, and WMI entries during incident response and threat hunting.

Guide for acquiring and analyzing smartphone data with Cellebrite UFED plus ALEAPP/iLEAPP and libimobiledevice, covering device prep, logical/physical dumps, and messaging extraction for investigations.

Capture and analyze PCAP traffic with Wireshark/tshark to reconstruct suspicious sessions, extract artifacts, and detect malicious communications during incident response and malware investigations.

Use Wireshark, tshark, tcpdump, and Python tooling to inspect PCAP/PCAPNG data, reconstruct communications, surface malicious traffic, and support incident investigations with evidence of exfiltration or C2 activity.

This skill covers the comprehensive automation of X.509 certificate lifecycle management, including requesting, issuing, deploying, monitoring, renewing, and revoking certificates. Utilizing Python and the ACME protocol (like Let's Encrypt), it helps organizations mitigate security risks and prevent service outages caused by expired or poorly managed certificates. Ideal for security auditing, incident response, and continuous security testing.

Use steganalysis and metadata tools to detect concealed payloads inside images, audio, and video, guiding investigators through metadata review, automated scans, LSB statistics, and extraction attempts for covert channel detection.

Performs proactive threat hunting inside Elastic Security SIEM by crafting KQL/EQL hunting queries, translating findings into detection rules, and using Timelines to investigate anomalies that evade automated alerts.

Performs UEBA-driven anomaly detection in SIEM environments to flag impossible travel, privilege abuse, anomalous timing, and data access deviations so SOC teams can investigate compromised accounts or insider threats.

Guides SOC analysts through triaging Splunk ES notable events by prioritizing queues, investigating context, correlating telemetry, enriching with threat intelligence, and documenting disposition for escalation or closure.

An advanced debugging skill designed for AI agents. It utilizes gdb-cli to provide intelligent assistance for C/C++ programs, enabling the analysis of core dumps, debugging live processes, and investigating complex issues like crashes, deadlocks, and memory corruption. It correlates runtime state inspection with source code context for deeper insights.

A comprehensive guide detailing proven patterns for building robust and scalable SwiftUI applications. Covers modern state management (@State, @Observable), advanced navigation (Sheets, NavigationStack), handling asynchronous data flows, and adhering to architectural best practices to create maintainable, performant UIs.

Uses AWS Athena to define forensic tables and run queries against CloudTrail, VPC Flow, S3 access, and ALB logs, helping security teams detect unauthorized access, data exfiltration, lateral movement, and privilege escalation during incident investigations.