Skill UI

A comprehensive guide for conducting penetration testing on iOS and Android mobile applications, adhering to the OWASP MASTG. This skill covers the full mobile attack surface, including static analysis of binaries, dynamic runtime testing, and deep API security assessment. Techniques taught include bypassing certificate pinning, analyzing local data storage (Keychain, SQLite), and identifying vulnerabilities in authentication and network communication.

This comprehensive skill guides users through designing and executing advanced social engineering penetration tests. It covers simulating real-world attacks, including phishing (email), vishing (voice), smishing (SMS), and physical pretexting. The goal is to measure an organization's human security resilience, identify training gaps, and test security controls across multiple vectors using tools like GoPhish and SET.

This skill guides the setup of Host-Based Intrusion Detection Systems (HIDS) using industry-standard tools like Wazuh, OSSEC, or AIDE. It covers essential security practices, including File Integrity Monitoring (FIM) for critical directories, monitoring system calls, detecting configuration changes, and identifying rootkits. It is crucial for meeting regulatory compliance requirements (e.g., PCI DSS) and significantly enhancing overall endpoint security posture.

This skill provides a comprehensive guide to configuring Hardware Security Modules (HSMs) using the industry-standard PKCS#11 interface. It details best practices for key generation, secure key storage, and cryptographic operations (signing, encryption, decryption). Learn how to manage keys in a tamper-resistant environment, ensuring private keys never leave the device boundary. Applicable for building compliance-grade security architectures across finance and government sectors.

TLS 1.3 is the latest Transport Layer Security protocol, offering significant security and performance improvements over TLS 1.2. This guide details how to configure and validate TLS 1.3 on various environments, including Nginx, Apache, and Python applications. It covers advanced topics such as Perfect Forward Secrecy (PFS), HSTS implementation, modern cipher suites, and best practices for securing modern web services.

Guides SOC teams through validating alerts, isolating networks and endpoints, preserving evidence, and disabling compromised accounts to rapidly contain an active breach while minimizing business impact.

A comprehensive toolkit designed for cybersecurity professionals to deobfuscate malicious JavaScript code. It reverses complex encoding layers (Base64, Hex, Unicode), eval chains, and control flow obfuscation techniques found in phishing pages, web skimmers, and dropper scripts, revealing the original malicious logic for thorough forensic analysis and threat intelligence gathering.

This tool deploys decoy canary files in critical system directories to provide early warning against ransomware attacks. Utilizing Python's watchdog library, it monitors for any read, modify, rename, or delete operations on these decoy files. Detection triggers immediate alerts via multiple channels (Email, Slack, Syslog), helping security teams identify and respond to malicious activity before full data encryption occurs. It serves as a crucial detection layer in a layered security defense.

This skill analyzes AWS CloudTrail logs to detect suspicious API call patterns, such as new event sources, geographic anomalies, or high-frequency usage. It establishes a statistical baseline of normal activity and flags deviations indicative of compromised credentials, privilege escalation, or insider threats, providing a detailed JSON report for security investigation and threat hunting.

A comprehensive solution for identifying and preventing the accidental commitment of exposed AWS credentials, API keys, and session tokens within source code, configuration files, and git history. It integrates TruffleHog and git-secrets into CI/CD pipelines and pre-commit hooks, providing critical protection against credential theft and unauthorized cloud access in a DevSecOps environment. Essential for security auditing and compliance.

This skill analyzes AWS IAM policies using boto3 and Cloudsplaining principles to detect potential privilege escalation paths in AWS accounts. It identifies overly permissive policies, dangerous permission combinations (such as combining role passing and resource creation), and violations of least-privilege principles. It is designed for security incident investigation, threat hunting, and validating overall cloud security posture.

This skill uses the Python azure-mgmt-storage SDK to perform comprehensive security audits on Azure Blob and ADLS storage accounts. It detects critical misconfigurations, including public access exposure, weak or long-lived SAS tokens, lack of encryption at rest, failure to enforce HTTPS, and outdated TLS versions. The output is a detailed, risk-scored report with remediation recommendations, essential for SOC analysts and security posture management.