Skill UI

Use Cartography to collect AWS, GCP, and Azure infrastructure data, build a Neo4j security graph, and expose assets, IAM relationships, and attack paths so teams can audit permissions, spot exposures, and trace cross-account trust.

Automate forensic capture of Google Drive, OneDrive, Dropbox, and Box data by using service APIs alongside endpoint sync artifact analysis to gather admissible evidence for incident response and auditing exercises.

Performs disk forensics investigations through imaging, filesystem analysis, artifact recovery, and timeline reconstruction to support incident response and legal evidence needs on compromised storage.

Performs endpoint digital forensics by capturing memory and disk images, analyzing artifacts, and rebuilding timelines to support incident investigations and legal evidence collection.

Analyzes malware to extract file hashes, C2 domains, IPs, URLs, registry hits and behavioral artifacts, blending static PE parsing, sandbox detonations, YARA-based IOC spotting, and STIX 2.1 formatting for CTI sharing during assessments or incident response.

Guide to using Volatility 3 on volatile memory dumps to enumerate processes, network activity, modules, and extracted artifacts for malware and incident response.

Automates Volatility3 plugin runs to inspect Windows, Linux, and macOS memory dumps for injected code, hidden processes, DLLs, and network activity, helping incident responders and red teams uncover rootkits, credential theft, and malware artifacts.

Guide for acquiring and analyzing smartphone data with Cellebrite UFED plus ALEAPP/iLEAPP and libimobiledevice, covering device prep, logical/physical dumps, and messaging extraction for investigations.

Capture and analyze PCAP traffic with Wireshark/tshark to reconstruct suspicious sessions, extract artifacts, and detect malicious communications during incident response and malware investigations.

Conduct authorized physical penetration testing to evaluate facility security controls, including tailgating, badge cloning, lock bypasses, and rogue device deployment as part of red team assessments.

Plans and facilitates ransomware tabletop exercises that stress-test organizational readiness, decision-making, and communication during simulated LockBit/ALPHV/Cl0p incidents. Injects cover double-extortion, backup destruction, and regulatory notifications, while scoring participant choices against NIST CSF and CISA guidance.

This skill provides a comprehensive method for assessing SSL/TLS server configurations using the powerful Python library, sslyze. It evaluates crucial security aspects including supported protocol versions (e.g., TLS 1.2, 1.3), cipher suite strength, certificate chain validity, HSTS enforcement, and checks for common vulnerabilities like Heartbleed and ROBOT. Ideal for penetration testing, security auditing, and incident response.