Skill UI

This skill guides the comprehensive hardening of LDAP directory services. It addresses common vulnerabilities such as LDAP injection, anonymous binding, and credential harvesting. Users can enforce strong security controls, including LDAPS, channel binding, and granular access control lists (ACLs). It is essential when establishing robust identity access management (IAM) architecture or meeting stringent compliance requirements like NIST standards.

This guide details the architecture and implementation of a ransomware-resilient backup strategy, adhering to the extended 3-2-1-1-0 methodology. It covers critical steps including defining RPO/RTO, establishing immutable/air-gapped copies, isolating backup credentials from the production domain, and automating periodic restore testing. Use this framework to ensure business continuity against sophisticated cyberattacks.

A comprehensive guide to deploying cloud-native deception across AWS, Azure, and GCP. This skill utilizes decoy resources—such as canary IAM keys, honey object storage buckets, and decoy secrets—whose sole purpose is to generate high-fidelity alerts the instant they are interacted with by an attacker. It detects cloud reconnaissance, credential theft, and lateral movement by wiring detection through native logging services (CloudTrail, Sentinel, Cloud Audit Logs), ensuring near-zero false positives for the SOC.

This tool automates the OAuth 2.0 scope minimization review process. It identifies over-permissioned third-party application integrations, excessive API scopes, and risky OAuth consent patterns across identity providers. It is crucial for security audits, compliance (GDPR, SOC 2), and enforcing the least-privilege principle for cross-boundary data access.

This skill details the implementation of continuous identity verification for Zero Trust architectures. It covers deploying phishing-resistant Multi-Factor Authentication (FIDO2/WebAuthn), establishing risk-based conditional access policies, and integrating identity governance controls aligned with NIST and CISA frameworks. Learn how to move beyond traditional passwords to dynamic, adaptive security models.

This skill provides comprehensive functionality for monitoring and mapping adversary-controlled assets, such as C2 servers, phishing domains, and exploit kit hosts. By leveraging tools like Passive DNS, Certificate Transparency logs, and specialized scanners (Shodan/Censys), analysts can discover, track, and pivot through complex threat actor infrastructure over time, significantly enhancing security operations and threat intelligence maturity.

Provides a comprehensive guide to implementing Zero Trust Network Architecture on Google Cloud Platform (GCP) using Identity-Aware Proxy (IAP). It enforces rigorous, per-request identity verification and context-aware authorization for services like Compute Engine, App Engine, and Cloud Run. This ensures that only authenticated users who meet specific criteria (e.g., device posture, corporate location, time window) can access protected resources, eliminating reliance on public IPs or VPNs.

A comprehensive guide detailing the systematic workflow for analyzing malicious Linux ELF binaries. It covers essential techniques including static analysis (using readelf, elftools), dynamic tracing (strace, ltrace), and deep reverse engineering (GDB) of various threats like botnets, cryptominers, and ransomware targeting Linux environments, containers, and cloud infrastructure.