Skill UI

This skill guides the deployment and configuration of a TAXII 2.1 server using OpenTAXII. It enables automated, standardized exchange of STIX-formatted cyber threat intelligence (CTI) indicators between organizations. Use cases include establishing secure threat sharing pipelines, integrating with SIEM/SOAR platforms, and meeting stringent compliance requirements.

This skill provides a comprehensive guide to implementing robust USB device control policies. It restricts unauthorized removable media access to mitigate data exfiltration risks and prevent malware introduction via USB endpoints. Learn how to deploy granular policies using Group Policy Objects (GPO), Microsoft Intune, or advanced Endpoint Detection and Response (EDR) platforms to meet strict compliance standards.

A comprehensive guide to deploying Zero Standing Privilege (ZSP) using CyberArk Secure Cloud Access. This solution eliminates persistent privileged access by provisioning ephemeral, Just-in-Time (JIT) credentials across hybrid and multi-cloud environments (AWS, Azure, GCP). Access is strictly governed by the TEA framework: Time limits, scoped Entitlements, and mandatory Approvals, ensuring the principle of least privilege is maintained.

This guide details how to implement NextDNS as a zero-trust DNS filtering layer. By utilizing encrypted resolution (DoH/DoT) and real-time threat intelligence, it blocks malicious domains, prevents data exfiltration, filters ads/trackers, and enforces granular security policies across all endpoints, aligning with Zero Trust principles and enhancing overall network security.

This comprehensive guide details the implementation of Zero Trust Architecture (ZTA) in multi-cloud environments (AWS, Azure, GCP). Following NIST SP 800-207 and BeyondCorp principles, it covers identity-centric access controls, micro-segmentation, continuous verification, and deploying Identity-Aware Proxies (IAP) to eliminate implicit network trust.

A comprehensive guide to implementing Zero Trust Network Access (ZTNA) across major cloud platforms (AWS, Azure, GCP). This skill replaces traditional VPNs with identity-aware proxies, micro-segmentation, and conditional access policies. It ensures secure, context-aware access to cloud workloads, limiting lateral movement and adhering to BeyondCorp architectural principles.

This skill guides the end-to-end deployment of Zero Trust Network Access (ZTNA) using Zscaler Private Access (ZPA). It replaces traditional, perimeter-based VPNs by enforcing identity-based, context-aware microsegmentation. Learn to configure Identity Provider integration, deploy App Connectors, define granular application segments, and establish robust access policies for secure, outbound-only connections.

This skill guides the deployment of Google BeyondCorp Enterprise, enabling a true zero-trust security model. It utilizes Identity-Aware Proxy (IAP) and Access Context Manager (ACM) to authorize every request based on deep context, including user identity, device posture, and network attributes. It is essential for organizations moving away from traditional VPNs and needing robust, context-aware security controls for protecting GCP resources and internal applications.

A comprehensive guide for intercepting and analyzing HTTP/HTTPS traffic from mobile applications using Burp Suite. This skill walks through configuring proxies on Android and iOS, handling CA certificate installation, and executing advanced penetration testing techniques. It is essential for assessing API security, identifying data leakage, and finding authentication vulnerabilities in mobile client-server communications.

A comprehensive guide for SOC analysts and digital forensics experts. This skill covers the entire lifecycle of a phishing incident, from initial user report and header analysis (SPF, DKIM, DMARC) to detonating malicious URLs/attachments in sandboxes. It guides users on scoping the attack, identifying impacted users via SIEM/proxy logs, and executing containment measures like email purges.

A comprehensive guide and workflow for digital forensic investigators to analyze ransomware artifacts. This process involves preserving volatile evidence (memory dumps), identifying the ransomware variant from file extensions and ransom notes, establishing the attack timeline using Prefetch and Event Logs, and extracting critical Indicators of Compromise (IoCs) such as Bitcoin addresses and Tor sites. Essential for incident response and recovery planning.

A comprehensive guide for incident responders detailing how to investigate Active Directory (AD) compromises. This skill covers analyzing critical components like NTDS.dit integrity, detecting Kerberos anomalies (Golden/Silver Tickets), tracing lateral movement, and identifying Group Policy abuse to reconstruct attacker activity and determine the full scope of a breach.