Skill UI

This comprehensive guide outlines a structured workflow for conducting digital forensics investigations across major cloud providers, including AWS, Azure, and GCP. It covers critical steps such as evidence preservation (snapshots, metadata capture), systematic log collection (CloudTrail, Activity Logs, Audit Logs, VPC Flow Logs), and advanced analysis techniques to trace unauthorized accesses and identify root causes of security breaches.

This tool provides a comprehensive workflow for performing deep forensic investigations on AWS environments. By leveraging CloudTrail logs and programmatic access via boto3/Athena, users can reconstruct attacker activity, identify compromised credentials, analyze suspicious API call patterns, and generate detailed incident response reports.

This guide outlines systematic methodologies for reducing false positives in Security Information and Event Management (SIEM) systems. It covers advanced techniques including threshold tuning, multi-signal correlation enhancement, behavioral baseline integration, and threat intelligence filtering. Used by SOC analysts and detection engineers to combat alert fatigue and improve true positive detection rates.

This tool provides comprehensive asset discovery and inventory management for Operational Technology (OT) and Industrial Control Systems (ICS) environments using the Claroty xDome platform. It utilizes passive monitoring and active querying to achieve full visibility into critical assets across Purdue Model levels, including PLCs, RTUs, and HMIs. Ideal for compliance assessments (e.g., IEC 62443) and onboarding brownfield sites.

This skill provides a comprehensive, multi-stage guide for investigating insider threats. It covers the entire lifecycle, from receiving an allegation and ensuring legal authorization, to covert evidence collection (DLP logs, endpoint forensics), advanced user behavior pattern analysis, and reconstructing a detailed activity timeline for potential legal action. Essential for security incident response.

This guide provides a comprehensive methodology for assessing the security posture of Kubernetes etcd clusters. It covers critical areas including encryption at rest (for secrets), TLS transport security, access control validation, secure backup procedures, and network isolation checks, ensuring cluster data integrity and confidentiality.

This guide details how to use GoPhish, an open-source framework, to conduct authorized phishing simulations. You will learn the complete lifecycle, from deploying the tool and configuring SMTP profiles, to creating realistic email templates and cloning secure landing pages. The skill culminates in analyzing campaign results to assess organizational security posture and improve employee resilience against social engineering attacks.

This skill provides comprehensive cybersecurity assessments for critical electric power infrastructure, covering EMS, SCADA, and substation automation systems. It is crucial for verifying NERC CIP compliance, analyzing IEC 61850 protocols, and securing synchrophasor (PMU) networks against advanced threats like Industroyer. Use it for regulatory audits and operational security reviews.

This skill provides a comprehensive framework for performing privilege escalation assessments post-initial compromise. It guides testers in identifying paths from low-privilege access to root or SYSTEM-level control on both Linux and Windows operating systems. Techniques covered include abusing SUID binaries, exploiting misconfigured services, leveraging kernel vulnerabilities, and harvesting credentials.

This skill provides comprehensive capability to discover and inventory all privileged accounts across an enterprise infrastructure. It covers domain admins, local admins, service accounts, database roles, and cloud IAM roles. It is essential for security assessments, incident response, and compliance auditing, helping to establish a complete baseline for Privileged Access Management (PAM).

Provides a structured, comprehensive playbook for managing high-impact ransomware incidents. It guides the response team through initial detection, immediate network containment, detailed damage assessment, recovery decision making (including legal and financial considerations), and secure system restoration. Essential for cybersecurity teams facing active encryption attacks.

This guide provides a comprehensive methodology for auditing essential HTTP security headers, including CSP, HSTS, X-Frame-Options, and Referrer-Policy. It helps identify missing or improperly configured browser-level protections, crucial for mitigating vulnerabilities like XSS, clickjacking, and mixed content issues, ensuring compliance with standards like PCI DSS and SOC 2.