Skill UI

This guide details the comprehensive workflow for conducting memory forensics using Volatility 3. It covers the entire incident response lifecycle, from acquiring raw RAM dumps to analyzing processes, detecting rootkits, investigating network connections, and extracting sensitive artifacts like credentials and injected code. Essential for live memory analysis in cybersecurity investigations.

A comprehensive framework for assessing network security posture. This skill guides the tester through the entire penetration testing lifecycle, from reconnaissance and host discovery (using tools like Nmap) to service enumeration, vulnerability identification (CVEs), and controlled exploitation (Metasploit). It is essential for validating firewall rules, ensuring compliance (e.g., PCI-DSS), and stress-testing critical infrastructure security.

A structured guide for conducting blameless post-mortem reviews after any security incident. This process helps identify root causes using techniques like the 5 Whys, calculates critical metrics (MTTD, MTTR), and generates actionable recommendations to continuously improve incident response playbooks and procedures.

This guide details how to build and manage a robust two-tier Public Key Infrastructure (PKI) using OpenSSL. Learn to establish a Root CA and an Intermediate CA, issue server and client certificates, configure Certificate Revocation Lists (CRLs), and implement best practices for secure key management and certificate policy enforcement, ensuring compliance and high security standards.

This guide details the process of configuring microsegmentation policies to enforce least-privilege access between workloads. It covers the entire workflow, from application dependency mapping and discovery (Phase 1) to defining label-based, default-deny security zones (Phase 2). It is crucial for preventing lateral movement in highly secure, zero-trust architectures using tools like VMware NSX, Illumio, and Calico.

A comprehensive guide for security professionals on detecting and preventing ARP spoofing and poisoning attacks. The skill covers multiple layers of defense, including implementing Dynamic ARP Inspection (DAI) on managed switches, utilizing ARPWatch for continuous monitoring, performing deep packet inspection with Wireshark, and developing custom Python scripts for real-time anomaly detection. Essential for mitigating Man-in-the-Middle (MitM) attacks at Layer 2.

This skill detects unauthorized modifications (container drift) to running containers by monitoring for deviations from the original image state. It monitors binary execution drift, file system changes, and configuration deviations using tools like Falco and Kubernetes security contexts. Essential for SOC analysts and security teams investigating runtime compromises and enforcing immutable infrastructure.

This guide details methods and rules for detecting container escape attempts, a critical security vulnerability where an adversary breaks out of container isolation to access the host system or other containers. It covers monitoring syscalls, namespace manipulation (e.g., nsenter, unshare), accessing sensitive host paths (/proc), and detecting privileged operations using tools like Falco and eBPF.

This skill provides advanced runtime security rules using Falco, a CNCF-graduated tool. It monitors Linux syscalls to detect container escape attempts in real-time, identifying techniques such as mounting host filesystems, unauthorized namespace access (nsenter), and privileged container launches. It is crucial for SOC analysts and security teams enhancing cloud-native security coverage.

This skill outlines a comprehensive methodology for detecting compromised email accounts in Microsoft 365 and Google Workspace. It analyzes critical indicators such as unauthorized inbox rule creation (e.g., forwarding rules, deletion rules), suspicious sign-in locations (impossible travel), and unusual API access patterns using Microsoft Graph and Unified Audit Logs. It is essential for threat hunting and incident response (IR) to mitigate Business Email Compromise (BEC) and account takeover.

This tool provides a comprehensive security audit framework for Azure Storage accounts. It systematically detects critical misconfigurations, such as publicly accessible blob containers, weak encryption settings, overly permissive network access rules, and missing logging. Use it when performing compliance checks, responding to security incidents, or establishing storage security baselines in Azure environments.

This skill provides comprehensive anomaly detection for Modbus/TCP and Modbus RTU traffic in Operational Technology (OT) and Industrial Control Systems (ICS). It monitors function codes, validates register access, analyzes timing, and detects unauthorized clients. By utilizing advanced tools like Zeek, Suricata, and custom Python models, it helps establish behavioral baselines and identify potential cyber threats.