Skill UI

This tool helps detect Broken Object Property Level Authorization (BOPLA) vulnerabilities, which are critical security flaws detailed in OWASP API3:2023. It scans APIs for excessive data exposure (reading sensitive fields) and mass assignment risks (modifying unintended properties) by simulating malicious requests and analyzing responses. Ideal for security testing, threat hunting, and implementing robust API security controls.

This guide teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous, comprehensive threat detection across entire AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting various finding severity levels, and building robust, automated incident response playbooks using EventBridge and AWS Lambda for immediate containment actions.

This guide provides a comprehensive methodology and technical approach for detecting malicious email forwarding rules. It is crucial for threat hunting, incident response, and proactive security assessments to identify persistent access mechanisms used by adversaries for intelligence collection and Business Email Compromise (BEC) attacks. It outlines necessary prerequisites, workflow steps, and key threat indicators (T1114).

This skill provides comprehensive guidance and detection rules for identifying fileless malware, in-memory attacks, and living-off-the-land techniques. It covers detecting PowerShell exploitation, reflective DLL injection, WMI abuse, and registry-resident threats, enabling security teams to build robust detections when traditional antivirus fails.

A comprehensive guide and framework for detecting attacker lateral movement within enterprise networks. It details the use of network flow analysis (Zeek), authentication log review (Windows Event Logs, Kerberos), and dedicated SIEM correlation rules (Splunk, Elastic) to identify techniques like Pass-the-Hash and RDP hopping. Ideal for threat hunters and security engineers building detection pipelines.

This comprehensive guide configures Fail2ban to implement a robust, layered defense mechanism for network security. It sets up custom filters and actions to automatically detect and mitigate threats such as port scanning, SSH brute force attempts, and network reconnaissance. By dynamically banning malicious IP addresses and providing security alerts, this skill significantly enhances the host-based intrusion prevention capabilities of your system.

This skill provides comprehensive methods for detecting and preventing privilege escalation within Kubernetes pods and containers. It details using runtime tools like Falco for monitoring syscalls and capabilities, and implementing admission controls via OPA Gatekeeper or Pod Security Admission to enforce security best practices, thereby hardening the cluster against unauthorized access and dangerous configurations.

This tool analyzes Web Application Firewall (WAF) logs (ModSecurity, AWS WAF, Cloudflare) to detect sophisticated SQL injection attack campaigns. It parses diverse log formats, identifies common SQLi payloads (UNION SELECT, OR 1=1), correlates multi-stage attacks, tracks source IPs, and generates detailed incident reports classified by OWASP standards for SOC analysts and security researchers.

This utility provides a comprehensive framework for proactive threat hunting, focusing on detecting advanced and suspicious PowerShell execution patterns. It covers common attacker techniques such as encoded command usage, download cradles (IEX), AMSI bypass attempts, and constrained language mode evasion. It is designed for security analysts during incident response and threat intelligence validation, requiring EDR and SIEM telemetry.

A comprehensive framework for penetration testing APIs, designed to detect and exploit critical injection flaws. It covers SQL injection (SQLi), NoSQL injection, OS command injection, LDAP injection, and Server-Side Request Forgery (SSRF). This skill guides the testing of all input vectors—including path parameters, headers, query strings, and request bodies—to assess input validation and backend security posture against industry standards like OWASP.

A comprehensive guide for discovering and exploiting broken link hijacking vulnerabilities. This skill focuses on identifying references to expired domains, decommissioned cloud resources (like S3 buckets), and dead external services. It covers advanced techniques such as subdomain takeover, supply chain security assessment, and resource claiming for authorized penetration testing.

A detailed guide on discovering and exploiting Mass Assignment vulnerabilities in REST APIs. Users learn to inject unexpected parameters into API requests (POST, PUT, PATCH) to bypass authorization controls, escalate privileges (e.g., changing 'role'), and modify sensitive fields (e.g., 'balance', 'isAdmin') during security assessments and bug bounty hunting.