Skill UI

This guide details advanced methods for detecting and preventing QR code phishing (quishing) attacks. It covers how malicious URLs embedded in images bypass traditional email security filters, requiring multimodal AI, OCR, and robust mobile threat defense solutions. Essential for SOC analysts and security teams.

A comprehensive guide on configuring advanced email security gateways (SEGs) to detect and block sophisticated, targeted spearphishing attacks. This skill covers essential detection layers, including impersonation protection, real-time URL detonation, attachment sandboxing, and creating custom behavioral rules. It is crucial for SOC analysts and security engineers building robust email threat defense systems.

This skill addresses advanced threat detection for critical infrastructure (OT/ICS). It monitors sophisticated, multi-stage cyber-physical attacks, focusing specifically on PLC logic integrity monitoring, detecting unauthorized modifications, and analyzing process anomalies. It covers the entire attack chain, from initial USB-borne access (IT) to process manipulation (OT).

This guide details how to detect advanced process injection techniques (T1055) by analyzing rich Sysmon telemetry. It focuses on identifying cross-process memory operations, such as remote thread creation (Event 8), suspicious process access (Event 10), and memory divergence (ProcessTampering/Event 25), which are hallmarks of DLL injection and process hollowing. Ideal for threat hunters and security analysts investigating sophisticated defense evasion.

This tool leverages the Rekall memory forensics framework to conduct deep analysis of memory dumps. It is designed to detect sophisticated threats such as process hollowing, injected code via VAD anomalies, hidden operating system processes, and rootkit presence. It applies key forensic plugins (pslist, malfind, vadinfo) essential for rigorous incident response and malware analysis.

This guide details the implementation of SPF, DKIM, and DMARC—the three core pillars of email authentication. It provides a comprehensive workflow, including DNS record setup and best practices, to prevent domain spoofing, validate message integrity, and enforce strong anti-phishing policies across your organization's email system. Essential for building robust email security architecture.

This skill guides the implementation of email sandboxing using Proofpoint Targeted Attack Protection (TAP). It covers configuring isolated detonations for suspicious attachments and URLs to detect zero-day malware, evasive phishing, and advanced threats. Learn to tune policies, monitor the TAP dashboard, and integrate findings with SIEM for robust email security architecture.

This skill guides the deployment and configuration of Data Loss Prevention (DLP) controls directly on endpoints. It detects and prevents the unauthorized exfiltration of sensitive data (PII, PHI, PCI) via common vectors like email, USB drives, cloud storage uploads, and printing. Use this when establishing compliance policies (HIPAA, GDPR) or securing data against internal data movement risks.

Binary Authorization is a critical Google Cloud security control that enforces policy-based deployment rules. It mandates that only container images with valid cryptographic attestations (proof of successful vulnerability scanning, code reviews, etc.) can be deployed to GKE or Cloud Run. Use this guide to establish robust supply chain security and compliance controls for your cloud-native applications.

This guide provides comprehensive security hardening procedures for enterprise Google Workspace environments. It covers advanced topics such as enforcing phishing-resistant Multi-Factor Authentication (MFA), configuring email authentication (DMARC/SPF/DKIM), implementing Data Loss Prevention (DLP), and securing super admin accounts using Advanced Protection Program enrollment. Ideal for achieving high compliance and defending against BEC and phishing attacks.

This skill guides the implementation of continuous, risk-adaptive identity verification crucial for Zero Trust Architecture (ZTA). It covers deploying phishing-resistant MFA (FIDO2/WebAuthn), advanced risk-based conditional access policies, and identity governance strategies. Users learn how to move beyond traditional credentials by leveraging multiple signals—such as device posture, behavioral biometrics, and location context—to dynamically assess and enforce trust levels before granting access.

This skill details implementing a ransomware-resistant, immutable backup strategy using the restic tool. It leverages S3-compatible Object Lock (Compliance Mode) to ensure Write Once Read Many (WORM) storage, preventing deletion or modification by attackers. The process includes automated backup, cryptographic integrity verification (restic check), and scheduled restore testing, adhering to advanced security standards like 3-2-1-1-0.