Skill UI

This guide details the methodology for conducting internal network penetration tests, simulating an attacker operating from an assumed breach state. It covers initial network reconnaissance, Active Directory enumeration, advanced credential harvesting techniques (e.g., Kerberoasting, Pass-the-Hash), and lateral movement exploitation to determine the full blast radius of a potential breach. Essential for comprehensive security auditing.

A comprehensive guide to simulating Man-in-the-Middle (MITM) attacks using industry-standard tools like Bettercap, Ettercap, and mitmproxy. This technique is strictly for authorized penetration testing environments to assess cryptographic controls, validate TLS certificate pinning, and test network defense mechanisms against ARP/DNS spoofing and sniffing.

This guide details the comprehensive workflow for conducting memory forensics using Volatility 3. It covers the entire incident response lifecycle, from acquiring raw RAM dumps to analyzing processes, detecting rootkits, investigating network connections, and extracting sensitive artifacts like credentials and injected code. Essential for live memory analysis in cybersecurity investigations.

A comprehensive framework for assessing network security posture. This skill guides the tester through the entire penetration testing lifecycle, from reconnaissance and host discovery (using tools like Nmap) to service enumeration, vulnerability identification (CVEs), and controlled exploitation (Metasploit). It is essential for validating firewall rules, ensuring compliance (e.g., PCI-DSS), and stress-testing critical infrastructure security.

Pass-the-Ticket (PtT) is a critical post-exploitation technique used in red teaming and offensive security assessments. It allows an attacker to move laterally across a network by utilizing stolen Kerberos tickets (TGT or TGS) without ever needing the user's password. This skill outlines the process of dumping tickets from memory (e.g., LSASS) and injecting them into a current session to impersonate a high-privilege user for access to sensitive resources.

A structured guide for conducting blameless post-mortem reviews after any security incident. This process helps identify root causes using techniques like the 5 Whys, calculates critical metrics (MTTD, MTTR), and generates actionable recommendations to continuously improve incident response playbooks and procedures.

This guide details the end-to-end process of conducting a sophisticated spearphishing simulation campaign, mirroring real red team adversary techniques. It covers initial OSINT research and pretext development, building weaponized payloads that bypass security controls, setting up robust email infrastructure (SPF/DKIM/DMARC), executing the campaign in waves, and performing detailed post-campaign metrics analysis for comprehensive security reporting.

This guide details the implementation of Microsoft's Enhanced Security Admin Environment (ESAE) tiered model for Active Directory. It covers best practices for establishing Tier 0/1/2 separation, deploying Privileged Access Workstations (PAWs), and designing robust access control policies. Ideal for security architects and compliance officers seeking to meet stringent standards like NIST 800-53.

AWS Verified Access is a Zero Trust Network Access (ZTNA) service that provides secure, VPN-less connectivity to corporate applications hosted in AWS. It enforces granular, conditional access control using the Cedar policy language, verifying both user identity and device security posture in real-time before granting access to specific resources. Ideal for modernizing security architecture and meeting strict compliance requirements.

This guide details how to build and manage a robust two-tier Public Key Infrastructure (PKI) using OpenSSL. Learn to establish a Root CA and an Intermediate CA, issue server and client certificates, configure Certificate Revocation Lists (CRLs), and implement best practices for secure key management and certificate policy enforcement, ensuring compliance and high security standards.

This comprehensive guide details how to implement robust security hardening measures for LDAP directory services. It specifically addresses critical vulnerabilities like LDAP injection, anonymous binding, and channel binding bypass. Key features include mandatory LDAPS enforcement, granular access control list configuration, and integrating advanced monitoring to ensure the infrastructure meets high compliance standards (e.g., NIST 800-53). Essential for security architects and operations teams.

This guide details the process of configuring microsegmentation policies to enforce least-privilege access between workloads. It covers the entire workflow, from application dependency mapping and discovery (Phase 1) to defining label-based, default-deny security zones (Phase 2). It is crucial for preventing lateral movement in highly secure, zero-trust architectures using tools like VMware NSX, Illumio, and Calico.