Skill UI

This guide provides a comprehensive approach to securing AWS Identity and Access Management (IAM) configurations. It walks practitioners through inventorying existing permissions, using Access Analyzer to identify overly permissive policies, implementing specific resource scoping, and attaching permission boundaries. Key strategies include enforcing least privilege access, managing credential rotation, and meeting stringent compliance requirements like SOC 2 and PCI-DSS.

A comprehensive guide covering the end-to-end configuration of SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill details configuring authentication flows (SP/IdP initiated), attribute mapping, secure certificate management, and implementing advanced security hardening like SHA-256 signatures and AES-256 encryption for robust, enterprise-grade access control.

This skill guides the comprehensive hardening of LDAP directory services. It addresses common vulnerabilities such as LDAP injection, anonymous binding, and credential harvesting. Users can enforce strong security controls, including LDAPS, channel binding, and granular access control lists (ACLs). It is essential when establishing robust identity access management (IAM) architecture or meeting stringent compliance requirements like NIST standards.

This toolkit provides comprehensive offensive and administrative capabilities for Microsoft Entra ID, Azure AD, and AD FS. It allows authorized penetration testers to perform unauthenticated reconnaissance, acquire various access tokens, and critically, test for federation backdoors (Golden SAML). It is essential for validating identity-attack resilience and producing detailed hardening recommendations during red-team engagements.

kube-bench is an open-source tool that validates the compliance and security posture of Kubernetes clusters. It rigorously checks control-plane components, worker nodes, and cluster policies against the comprehensive CIS Kubernetes Benchmark. It reports findings (PASS/FAIL/WARN) and includes specific remediation guidance, making it essential for compliance auditing and hardening efforts.

Falco is a powerful CNCF project for real-time runtime security monitoring. This guide teaches authors how to write and deploy custom detection rules using Falco's robust YAML rule engine and modern eBPF driver. It is designed to detect critical threats such as container escapes, namespace manipulation, privileged mounts, and anomalous syscalls in Kubernetes and Docker environments, significantly hardening the overall container security posture.