Skill UI

Provides a comprehensive guide on installing, configuring, and tuning the Snort 3 Intrusion Detection System. This skill covers setting up network interfaces for promiscuous monitoring, writing custom rulesets, optimizing detection coverage, and integrating alerts with SIEM platforms to monitor network boundaries for malicious activity.

A comprehensive guide to deploying and configuring Suricata, a high-performance IDS/IPS. This skill covers setting up multi-threaded packet capture, integrating Emerging Threats rulesets, generating structured EVE JSON logs, and enabling deep protocol inspection (HTTP, TLS, DNS). It enables real-time threat detection and seamless SIEM integration for centralized security monitoring.

This skill provides a comprehensive guide to deploying Zeek (formerly Bro) for passive network security monitoring. It details how to generate structured logs (DNS, HTTP, SSL, etc.) and write custom Zeek scripts to detect sophisticated anomalies like DNS tunneling and beaconing. Ideal for threat hunting, security incident response, and complementing traditional IDS solutions.

This skill provides comprehensive guidance on detecting network reconnaissance and port scanning activities using industry-standard IDS/IPS systems like Suricata and Snort. It covers various scanning techniques (e.g., SYN, FIN, NULL, Xmas scans, UDP sweeps) and advanced detection methods, including signature matching, threshold-based alerting, and traffic anomaly analysis to identify tools like Nmap and Masscan.

This guide details how to simulate ARP spoofing attacks in controlled, authorized lab environments. It demonstrates Man-in-the-Middle (MITM) risks by poisoning the ARP cache, allowing users to test network detection capabilities (IDS/IPS, DAI) and validate the effectiveness of security controls like port security and 802.1X. This skill is strictly for authorized penetration testing and educational purposes.

Conduct comprehensive cybersecurity assessments for critical oil and gas infrastructure, spanning upstream, midstream, and downstream operations. This skill covers securing SCADA, DCS, and safety systems, and ensures compliance with industry standards like API 1164, IEC 62443, and TSA Directives.

This skill demonstrates how to craft and inject custom, malformed, or spoofed network packets using tools like Scapy and hping3. It is designed for authorized cybersecurity assessments to rigorously test firewall rules, Intrusion Detection/Prevention Systems (IDS/IPS) signatures, anti-spoofing controls, and overall network stack resilience against protocol anomalies and fragmentation attacks. Use only in controlled, authorized environments.

A comprehensive guide detailing how to conduct passive wireless security assessments using Kismet. This skill covers identifying rogue access points, detecting weak encryption (WEP, TKIP), mapping hidden SSIDs, and analyzing raw 802.11 frame types. It is essential for professional network auditing, incident response, and penetration testing in complex wireless environments.

This skill details the deployment of various canary tokens (DNS, HTTP, AWS API Keys) across enterprise network infrastructure. It establishes digital tripwires that detect behavioral anomalies, such as unauthorized access, credential leakage, or lateral movement. Tokens are configured with webhook alerts (Slack, SIEM) for real-time, low-false-positive notification, significantly enhancing traditional IDS/IPS capabilities.

Generates HTML5 Canvas-based breadboard mockups and diagrams for retro computing builds, showing component placement, wiring, and labeled 6502/555 timer layouts as visual references or teaching aids.