Skill UI

A comprehensive guide for Security Operations Center (SOC) teams to perform proactive threat hunting using Elastic SIEM. This skill teaches advanced techniques like KQL and EQL queries, analyzing event sequences, and investigating anomalies to uncover threats that bypass automated detection rules. Ideal for validating detection coverage gaps and responding to new TTPs based on the MITRE ATT&CK framework.

This skill performs User and Entity Behavior Analytics (UEBA) to identify anomalous user activities such as impossible travel, unusual access patterns, and privilege abuse. It establishes behavioral baselines using SIEM logs and statistical analysis, helping SOC teams detect insider threats and compromised accounts by flagging deviations from normal user behavior. Use when monitoring security hygiene and suspicious activity is critical.

This comprehensive guide details the process of performing authenticated and unauthenticated vulnerability assessments using Tenable Nessus. It covers everything from advanced scan configuration (port discovery, credentialing, plugin setup) to detailed result analysis, including cross-referencing CVEs and prioritizing remediation based on CVSS scores and exploit availability. Ideal for compliance auditing, penetration testing, and maintaining system patch compliance.

This tool guides the process of reviewing security findings from DAST and SAST scanners. It uses the OWASP risk rating methodology to classify vulnerabilities (true positive, false positive, needs review) and calculate a comprehensive risk score based on likelihood and impact, ensuring development teams prioritize the most critical issues.

This skill provides a comprehensive guide to the Common Vulnerability Scoring System (CVSS v4.0), the industry standard for assessing vulnerability severity. It teaches users how to calculate CVSS scores using Base, Threat, and Environmental metrics, and crucially, how to integrate real-world context like EPSS scores and CISA KEV listings for advanced, actionable risk prioritization in security operations.

A comprehensive, NIST/CISA-aligned workflow for structured recovery following a ransomware incident. It covers critical steps including environment isolation, forensic evidence preservation, Active Directory restoration (DSRM, krbtgt reset), backup integrity validation, and phased, dependency-based system rebuild. Essential for post-incident disaster recovery planning.

A comprehensive guide to writing robust and maintainable tests in Rust. It covers various advanced testing patterns, including Unit, Integration, Async, and Property-Based testing. Learn how to apply the TDD (Test-Driven Development) cycle (RED-GREEN-REFACTOR) to enhance code reliability and ensure high code coverage.

Grype is an open-source vulnerability scanner from Anchore. It inspects container images, filesystems, and SBOMs for known CVEs. It leverages Syft-generated SBOMs to match packages against multiple vulnerability databases (NVD, GitHub Advisories). Use it for security assessments, auditing, and integrating into CI/CD pipelines to enforce vulnerability standards and manage supply chain risks.

Harbor is an open-source container registry designed for robust security and compliance. This guide details the comprehensive workflow for securing your container ecosystem by implementing advanced features such as vulnerability scanning (Trivy), image signing (Notary/Cosign), Role-Based Access Control (RBAC), and content trust policies. Learn how to enforce image provenance and maintain strict access control in Kubernetes environments.

A comprehensive methodology for penetration testing web applications to identify broken access control vulnerabilities. This guide covers systematic testing for Role-Based Access Control (RBAC), privilege escalation, insecure direct object references (IDOR), and API authorization flaws in multi-tenant environments. It outlines the use of tools like Burp Suite and ffuf to map endpoints and simulate various user roles.

This comprehensive skill guides the testing of web applications for Cross-Site Scripting (XSS) vulnerabilities. It covers reflected, stored, and DOM-based injection points. Testers learn to map input/output contexts, craft context-appropriate payloads, and bypass complex sanitization and CSP protections, ensuring thorough client-side security assessment.

A comprehensive guide detailing how to identify and validate Cross-Site Scripting (XSS) vulnerabilities using Burp Suite's advanced tools (Repeater, Intruder, DOM Invader). This methodology covers reflected, stored, and DOM-based XSS, and includes strategies for bypassing security filters and Content Security Policy (CSP), making it essential for web application penetration testing and bug bounty programs.