Skill UI

This comprehensive guide details the implementation of Zero Trust Architecture (ZTA) in multi-cloud environments (AWS, Azure, GCP). Following NIST SP 800-207 and BeyondCorp principles, it covers identity-centric access controls, micro-segmentation, continuous verification, and deploying Identity-Aware Proxies (IAP) to eliminate implicit network trust.

A comprehensive guide to implementing Zero Trust Network Access (ZTNA) across major cloud platforms (AWS, Azure, GCP). This skill replaces traditional VPNs with identity-aware proxies, micro-segmentation, and conditional access policies. It ensures secure, context-aware access to cloud workloads, limiting lateral movement and adhering to BeyondCorp architectural principles.

This skill guides the end-to-end deployment of Zero Trust Network Access (ZTNA) using Zscaler Private Access (ZPA). It replaces traditional, perimeter-based VPNs by enforcing identity-based, context-aware microsegmentation. Learn to configure Identity Provider integration, deploy App Connectors, define granular application segments, and establish robust access policies for secure, outbound-only connections.

A comprehensive guide for SOC analysts and digital forensics experts. This skill covers the entire lifecycle of a phishing incident, from initial user report and header analysis (SPF, DKIM, DMARC) to detonating malicious URLs/attachments in sandboxes. It guides users on scoping the attack, identifying impacted users via SIEM/proxy logs, and executing containment measures like email purges.

A comprehensive guide and workflow for digital forensic investigators to analyze ransomware artifacts. This process involves preserving volatile evidence (memory dumps), identifying the ransomware variant from file extensions and ransom notes, establishing the attack timeline using Prefetch and Event Logs, and extracting critical Indicators of Compromise (IoCs) such as Bitcoin addresses and Tor sites. Essential for incident response and recovery planning.

A comprehensive guide for incident responders detailing how to investigate Active Directory (AD) compromises. This skill covers analyzing critical components like NTDS.dit integrity, detecting Kerberos anomalies (Golden/Silver Tickets), tracing lateral movement, and identifying Group Policy abuse to reconstruct attacker activity and determine the full scope of a breach.

This skill guides comprehensive Active Directory (AD) security assessment using industry-standard tools like PingCastle, BloodHound, and Purple Knight. It helps identify critical misconfigurations, excessive privileges, weak Kerberos settings, and potential lateral movement paths. Ideal for penetration testing, security audits, and incident response to proactively secure enterprise identity management systems.

A comprehensive guide to detecting and mitigating advanced Adversary-in-the-Middle (AiTM) phishing attacks, which bypass Multi-Factor Authentication (MFA) using reverse proxies (e.g., Evilginx, EvilProxy). Learn defensive strategies including implementing FIDO2, configuring Conditional Access policies, and monitoring session hijacking indicators in SIEM/Web Proxies.

This guide provides a systematic, step-by-step workflow for Security Operations Center (SOC) analysts to perform alert triage using Elastic Security SIEM. It covers initial alert assessment, context gathering using advanced ES|QL queries, threat intelligence enrichment, and final classification decisions (True Positive, False Positive, etc.) to rapidly determine genuine security threats and prioritize incident response actions.

Use RESTler to automate stateful security testing of REST APIs. It processes OpenAPI specifications to generate fuzzing grammars, allowing users to discover complex bugs, such as injection vulnerabilities, resource leaks, and unhandled exceptions (500 errors), by executing diverse sequences of API calls. Essential for robust CI/CD regression testing and proactive API security assessments.

This tool performs comprehensive API inventory and discovery across an organization's environment. It identifies all API endpoints—including documented, undocumented, shadow, and deprecated APIs—by combining passive traffic analysis (HAR files), active scanning, DNS enumeration, and cloud resource auditing. It helps map the complete API attack surface, crucial for security assessments and compliance requirements like PCI-DSS and SOC2.

CAPE is an open-source sandbox built for automated malware analysis, derived from Cuckoo. It provides advanced behavioral monitoring, payload dumping, and configuration extraction using over 70 parsers for known malware families (e.g., Emotet, Cobalt Strike). It captures network IOCs, dropped files, and detects anti-evasion techniques, making it ideal for security assessments and incident response workflows via its robust API.