Skill UI

This utility provides comprehensive security auditing for Kubernetes Role-Based Access Control (RBAC) configurations. It identifies overly permissive roles, dangerous wildcard permissions (*), critical ClusterRoleBindings, and potential privilege escalation paths. By integrating tools like rbac-tool, KubiScan, and Kubeaudit, it helps users enforce the principle of least privilege, crucial for compliance and security assessments on EKS, GKE, and AKS clusters.

This tool assists in defining a structured Security Operations Center (SOC) escalation matrix. It maps incident response procedures based on severity (P1-P4), asset criticality, and business impact. Users can model tiered response paths, set Service Level Agreements (SLAs), and implement context-driven automatic escalation triggers to ensure rapid and consistent handling of cybersecurity incidents.

This framework provides a comprehensive solution for tracking vulnerability aging and measuring remediation performance against defined Service Level Agreements (SLAs). It helps organizations enforce severity-based timelines, calculate key performance indicators (KPIs) like Mean Time to Remediate (MTTR), and automate escalation procedures to ensure continuous compliance and improve overall security posture.

This guide details the process of implementing Zscaler Private Access (ZPA) to replace legacy VPNs with a modern Zero Trust Network Access (ZTNA) framework. It covers deploying App Connectors, defining application segments, and establishing granular access policies based on user identity, organizational user groups, and detailed device posture checks (e.g., compliance, anti-malware status).

Tailscale provides a WireGuard-based, zero-trust mesh VPN solution. It establishes end-to-end encrypted, peer-to-peer connections using identity-aware controls and granular Access Control Lists (ACLs). Ideal for modernizing network security, replacing traditional VPNs, and ensuring compliant, identity-gated access across diverse environments (Cloud, On-Prem).

This guide details methods and rules for detecting container escape attempts, a critical security vulnerability where an adversary breaks out of container isolation to access the host system or other containers. It covers monitoring syscalls, namespace manipulation (e.g., nsenter, unshare), accessing sensitive host paths (/proc), and detecting privileged operations using tools like Falco and eBPF.

This skill provides advanced runtime security rules using Falco, a CNCF-graduated tool. It monitors Linux syscalls to detect container escape attempts in real-time, identifying techniques such as mounting host filesystems, unauthorized namespace access (nsenter), and privileged container launches. It is crucial for SOC analysts and security teams enhancing cloud-native security coverage.

This skill provides comprehensive guidance on detecting network reconnaissance and port scanning activities using industry-standard IDS/IPS systems like Suricata and Snort. It covers various scanning techniques (e.g., SYN, FIN, NULL, Xmas scans, UDP sweeps) and advanced detection methods, including signature matching, threshold-based alerting, and traffic anomaly analysis to identify tools like Nmap and Masscan.

A guide for security professionals and threat hunters to proactively detect advanced privilege escalation techniques across Windows and Linux environments. It covers critical attack methods including token manipulation, UAC bypass, unquoted service paths, and kernel exploits, utilizing EDR and SIEM data sources for comprehensive incident response and security assessments.

This skill provides a methodology for proactive threat hunting to detect compromised service accounts. It focuses on identifying anomalous activities such as unusual interactive logons, unauthorized privilege escalation, lateral movement, and suspicious access patterns using SIEM/EDR platforms. Essential for incident response and compliance.

Executes comprehensive red team exercises that mimic real-world adversary operations across people, processes, and technology. This capability simulates the full attack lifecycle, from initial reconnaissance to objective completion, specifically testing an organization's detection, response, and containment mechanisms. It focuses on adversary emulation and complex attack chains, differentiating it from standard vulnerability scanning or penetration testing.

This guide details the exploitation of the Active Directory Certificate Services (AD CS) ESC1 vulnerability. By leveraging misconfigurations, an attacker can request certificates impersonating high-privileged users (e.g., Domain Admins). The workflow covers AD enumeration, forging certificates with arbitrary Subject Alternative Names (SANs), authenticating via PKINIT, and ultimately escalating domain privileges using tools like mimikatz. Essential for authorized red team and penetration testing.