Skill UI

A guide for security professionals and threat hunters to proactively detect advanced privilege escalation techniques across Windows and Linux environments. It covers critical attack methods including token manipulation, UAC bypass, unquoted service paths, and kernel exploits, utilizing EDR and SIEM data sources for comprehensive incident response and security assessments.

A comprehensive guide on configuring advanced email security gateways (SEGs) to detect and block sophisticated, targeted spearphishing attacks. This skill covers essential detection layers, including impersonation protection, real-time URL detonation, attachment sandboxing, and creating custom behavioral rules. It is crucial for SOC analysts and security engineers building robust email threat defense systems.

This guide details how to detect advanced process injection techniques (T1055) by analyzing rich Sysmon telemetry. It focuses on identifying cross-process memory operations, such as remote thread creation (Event 8), suspicious process access (Event 10), and memory divergence (ProcessTampering/Event 25), which are hallmarks of DLL injection and process hollowing. Ideal for threat hunters and security analysts investigating sophisticated defense evasion.

This comprehensive guide outlines methods to identify and exploit specific IPv6 vulnerabilities, including SLAAC spoofing, Router Advertisement (RA) manipulation, and Neighbor Discovery Protocol (NDP) attacks. It is designed strictly for authorized penetration testing to assess dual-stack security controls, detect unauthorized tunnels (like Teredo or 6to4), and validate network defenses against IPv6-specific threats. Always obtain explicit written authorization before use.

A comprehensive guide for authorized penetration testing, demonstrating how to identify and exploit critical vulnerabilities in the SMB protocol (e.g., EternalBlue, PrintNightmare). This skill covers network enumeration, lateral movement techniques (Pass-the-Hash, SMB Relay), and post-exploitation activities using Metasploit and Impacket tools to assess enterprise network security posture.

This guide provides comprehensive steps to harden the Docker daemon configuration. It covers essential security controls like user namespace remapping, disabling inter-container communication (ICC), implementing TLS authentication, and adopting rootless mode. Implementing these measures significantly reduces the attack surface and mitigates risks associated with container breakouts and privilege escalation, aligning with CIS benchmarks.

This guide details the implementation of Microsoft Defender for Cloud, enabling comprehensive cloud security posture management (CSPM) and workload protection (CWPP). Learn how to secure VMs, containers, databases, and storage accounts, configure security recommendations, and establish automated remediation workflows to ensure continuous compliance and robust cloud defense.

This skill provides comprehensive guidance on deploying and tuning Web Application Firewall (WAF) rules across major cloud platforms, including AWS, Azure, and Cloudflare. It details strategies to protect cloud-hosted applications against OWASP Top 10 attacks, implement rate limiting for brute force protection, configure geo-blocking, and refine rules to minimize false positives.

A comprehensive guide to configuring multi-layered DDoS protection using Cloudflare. This skill covers mitigating volumetric (L3/4) and application-layer (L7) attacks by setting up managed rulesets, Web Application Firewall (WAF) rules, rate limiting, and Bot Management. Ideal for strengthening security architecture and meeting compliance standards.

This skill guides the implementation of email sandboxing using Proofpoint Targeted Attack Protection (TAP). It covers configuring isolated detonations for suspicious attachments and URLs to detect zero-day malware, evasive phishing, and advanced threats. Learn to tune policies, monitor the TAP dashboard, and integrate findings with SIEM for robust email security architecture.

This guide provides comprehensive security hardening procedures for enterprise Google Workspace environments. It covers advanced topics such as enforcing phishing-resistant Multi-Factor Authentication (MFA), configuring email authentication (DMARC/SPF/DKIM), implementing Data Loss Prevention (DLP), and securing super admin accounts using Advanced Protection Program enrollment. Ideal for achieving high compliance and defending against BEC and phishing attacks.

This guide details the deployment of deception technologies, including canary files and honeypot shares, to detect ransomware activity at its earliest stages. It outlines configuring file integrity monitoring (FIM) and using specialized tokens to trigger alerts when ransomware attempts encryption or performs lateral movement, significantly enhancing security posture beyond standard EDR.