Skill UI

This skill provides a comprehensive guide to hardening managed Kubernetes clusters on major cloud platforms (EKS, AKS, GKE). It details implementing critical security layers, including Pod Security Standards, least-privilege network policies, workload identity (eliminating static cloud credentials), and runtime security monitoring. Essential for securing production environments and meeting compliance requirements.

This skill provides comprehensive security hardening guidelines for serverless compute platforms like AWS Lambda, Azure Functions, and Google Cloud Functions. It covers essential security pillars including enforcing least privilege IAM roles, integrating robust secrets management (e.g., AWS Secrets Manager), automating dependency vulnerability scanning within CI/CD pipelines, and implementing strict input validation to mitigate risks such as injection and credential theft. Ideal for DevSecOps practitioners and security architects.

A comprehensive guide for systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks. This includes practical workflows for testing critical vulnerabilities such as Broken Object Level Authorization (BOLA), broken authentication, excessive data exposure, and rate limiting, using tools like Burp Suite, Postman, and ffuf. Ideal for pre-deployment audits and authorized penetration testing engagements.

A comprehensive methodology for penetration testing web applications to identify broken access control vulnerabilities. This guide covers systematic testing for Role-Based Access Control (RBAC), privilege escalation, insecure direct object references (IDOR), and API authorization flaws in multi-tenant environments. It outlines the use of tools like Burp Suite and ffuf to map endpoints and simulate various user roles.

A comprehensive guide for assessing the security of JSON Web Token (JWT) implementations. This toolkit details attacks against cryptographic weaknesses, including algorithm confusion (e.g., RS256 to HS256), 'none' attacks, brute-forcing HMAC secrets, and claim manipulation. Ideal for penetration testing and security audits of modern APIs and SSO systems.

A comprehensive guide and framework for assessing real-time WebSocket APIs (ws:// or wss://). This skill covers critical security checks, including Cross-Site WebSocket Hijacking (CSWSH), authentication bypass, message injection attacks, input validation flaws, and denial-of-service (DoS) via message flooding. It utilizes tools like Burp Suite and Python for simulating malicious payloads and ensuring secure real-time communication channels.

A structured guide for SOC Tier 1 analysts to triage security alerts within Splunk Enterprise Security (ES). It provides a systematic workflow for classifying severity, investigating notable events, correlating evidence across diverse data sources (proxy, firewall, logs), and making clear disposition decisions (True Positive, False Positive) required for escalation or closure.

This playbook guides Security Operations Center (SOC) analysts through a comprehensive, multi-step process for triaging and prioritizing security incidents. It covers receiving alerts from SIEM/EDR, enriching data using threat intelligence feeds (VirusTotal, AbuseIPDB), classifying the incident type (MITRE ATT&CK mapping), and calculating a severity score based on asset criticality and data sensitivity. The workflow culminates in automating ticket creation and triggering immediate response procedures via tools like PagerDuty.

This guide details implementing an IEC 62443 compliant conduit architecture for secure remote access into Operational Technology (OT) environments. It mandates the use of jump servers, MFA gateways, session recording, and approval workflows within a DMZ to strictly control vendor and engineer access, eliminating direct VPN connections to critical ICS assets.

A comprehensive guide to building a structured incident response playbook for ransomware attacks. It aligns with the CISA StopRansomware Guide and NIST CSF, covering all phases from preparation and detection to containment, eradication, and recovery. Ideal for security teams conducting readiness assessments or updating compliance documentation.

This guide details how to analyze comprehensive Zeek network logs (conn.log, smb_files.log, ntlm.log, dce_rpc.log, etc.) to detect advanced attacker techniques. It specifically targets indicators of compromise related to lateral movement, such as SMB admin share access, NTLM account spraying, and remote service execution (DCE/RPC patterns). It is a critical network forensics tool for post-incident investigation.

A comprehensive guide to hardening Windows Active Directory environments using Group Policy Objects (GPO). This skill configures multiple layers of defense, including AppLocker, Controlled Folder Access, and Attack Surface Reduction (ASR) rules, to prevent ransomware execution paths, block unauthorized file modifications, and restrict lateral movement across the domain.