Skill UI

A comprehensive guide covering methodologies for conducting authorized penetration testing across major cloud platforms, including AWS, Azure, and GCP. It details the shared responsibility model, techniques for exploiting IAM misconfigurations, testing for SSRF vulnerabilities to cloud metadata services, and utilizing industry tools like Pacu and ScoutSuite. Findings are mapped to the MITRE ATT&CK Cloud matrix for robust reporting.

This comprehensive guide outlines techniques for authorized penetration testing of real-time web applications using WebSocket connections. It covers discovering various WebSocket endpoints, testing for authentication bypass, identifying Cross-Site WebSocket Hijacking (CSWSH) vulnerabilities, and assessing message handling for injection flaws (SQLi, XSS). Essential for securing chat, trading, and live notification platforms.

This comprehensive guide details how to implement centralized security controls at the API gateway layer. It covers critical functionalities such as JWT authentication enforcement, advanced rate limiting, request/response validation against OpenAPI specs, and integrating Web Application Firewalls (WAF). The process is applicable across major platforms like Kong, AWS API Gateway, and Azure APIM, ensuring robust defense in depth for microservices architecture.

This skill provides a comprehensive guide for designing and deploying Privileged Access Workstations (PAWs). It covers critical security controls such as device hardening, Zero Trust principles, and integrating Just-in-Time (JIT) access management. Learn how to enforce compliance using tools like Intune/GPO and secure credentials using leading PAM platforms like CyberArk or BeyondTrust, ensuring secure administrative operations.

Learn how to implement Runtime Application Self-Protection (RASP) agents for Java and Python web applications. This skill covers deploying OpenRASP, detecting OWASP Top 10 attacks (SQLi, XSS, RCE), configuring security policies, and integrating real-time security alerts with SIEM platforms for comprehensive defense in depth.

This guide demonstrates how to programmatically create, validate, and exchange complex structured threat intelligence objects (Indicators, Malware, Campaigns) using the STIX 2.1 standard and the stix2 Python library. It covers the full lifecycle of intelligence sharing, including defining patterns and publishing data via TAXII 2.1, making it essential for building sophisticated Threat Intelligence Platforms (TIPs) and integrating with SIEM/SOAR systems.

This skill guides the process of designing, implementing, and validating advanced security detection use cases for Security Information and Event Management (SIEM) platforms like Splunk, Elastic, and Microsoft Sentinel. It focuses on mapping organizational threat profiles to the MITRE ATT&CK framework to build formal, high-fidelity detection rules, thereby strengthening Security Operations Center (SOC) coverage and reducing blind spots.

This skill provides a comprehensive guide to integrating STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information). It covers using Python to consume and produce cyber threat intelligence feeds, including server discovery, object fetching, and parsing of STIX 2.1 objects for integration into SIEM and TIP platforms.

Implements a comprehensive incident ticketing system that connects SIEM alerts to major ITSM platforms like ServiceNow, Jira, or TheHive. This solution formalizes incident tracking, automates ticket creation, and manages critical processes such as Service Level Agreement (SLA) tracking, complex escalation workflows, and compliance documentation throughout the entire incident lifecycle.

This skill guides the integration of OWASP ZAP for Dynamic Application Security Testing (DAST) directly into CI/CD pipelines. Learn how to perform baseline, full, and API scans against running applications, interpret complex security findings, tune scan policies, and establish automated security quality gates in modern CI/CD platforms like GitHub Actions and GitLab CI. Essential for DevSecOps practices.

Zeek is a powerful, open-source network security monitoring framework that generates high-fidelity structured logs and metadata from raw network traffic. This skill covers deploying Zeek, analyzing various protocol logs (HTTP, DNS, TLS, etc.), writing custom detection scripts to identify anomalies, and integrating resulting security insights with SIEM platforms for comprehensive threat detection and forensic investigation.

This skill details how to conduct comprehensive Operational Technology (OT) vulnerability assessments using platforms like Claroty xDome. It covers passive asset discovery, correlating vulnerabilities against CISA/ICS-CERT advisories, calculating risk scores, and prioritizing remediation based on operational impact and compliance standards (e.g., IEC 62443, NERC CIP). The provided workflow uses Python to manage asset inventory and vulnerability matching for highly regulated industrial environments.