Skill UI

This skill provides a structured framework for implementing patch management in Operational Technology (OT) and Industrial Control Systems (ICS) environments. It addresses the critical balance between cybersecurity remediation and maintaining continuous operational safety and availability. Key components include risk-based patch prioritization, vendor compatibility testing, staged deployment through test environments, managing maintenance windows, and implementing compensating controls for unpatchable assets.

A comprehensive guide to implementing PCI DSS 4.0.1 requirements for organizations handling cardholder data. This skill covers the full compliance lifecycle, from defining the Cardholder Data Environment (CDE) scope and hardening network security, to implementing advanced data encryption, access controls (MFA/RBAC), and continuous monitoring mechanisms.

Pod Security Admission (PSA) is a built-in Kubernetes admission controller designed to enforce Pod Security Standards (Baseline, Restricted, Privileged) at the namespace level. It serves as a crucial replacement for the deprecated PodSecurityPolicy (PSP), allowing users to implement robust security controls and maintain compliance. By applying specific labels, administrators can set enforcement modes (enforce, audit, warn) to harden container environments against unauthorized privilege escalation and security risks.

This skill provides a comprehensive guide for designing and deploying Privileged Access Workstations (PAWs). It covers critical security controls such as device hardening, Zero Trust principles, and integrating Just-in-Time (JIT) access management. Learn how to enforce compliance using tools like Intune/GPO and secure credentials using leading PAM platforms like CyberArk or BeyondTrust, ensuring secure administrative operations.

This skill guides the implementation of security chaos engineering experiments. It involves deliberately degrading or disabling security controls (like WAF, firewalls, or log pipelines) in a controlled environment to rigorously verify the detection, alerting, and response capabilities of the Security Operations Center (SOC). Users learn to use tools like boto3 and Python to simulate failure scenarios and assess system resilience and compliance posture.

This comprehensive guide details the implementation of Zero Trust Architecture (ZTA) in multi-cloud environments (AWS, Azure, GCP). Following NIST SP 800-207 and BeyondCorp principles, it covers identity-centric access controls, micro-segmentation, continuous verification, and deploying Identity-Aware Proxies (IAP) to eliminate implicit network trust.

This skill guides the deployment of Google BeyondCorp Enterprise, enabling a true zero-trust security model. It utilizes Identity-Aware Proxy (IAP) and Access Context Manager (ACM) to authorize every request based on deep context, including user identity, device posture, and network attributes. It is essential for organizations moving away from traditional VPNs and needing robust, context-aware security controls for protecting GCP resources and internal applications.

This skill maps observed adversary behaviors, security alerts, and detection rules to the MITRE ATT&CK framework. It is essential for quantifying detection coverage, building ATT&CK heatmaps, tagging SIEM alerts, and prioritizing security controls based on known threat actor playbooks. Use it for comprehensive gap analysis and risk reporting.

This tool simulates advanced security testing to identify vulnerabilities in API rate limiting. It bypasses throttling controls by manipulating request headers (like X-Forwarded-For spoofing), varying source IP addresses, and manipulating endpoint paths. Essential for assessing API resilience against brute-force attacks, credential stuffing, and resource exhaustion, aligning with OWASP API Security guidelines.

This guide details how to simulate ARP spoofing attacks in controlled, authorized lab environments. It demonstrates Man-in-the-Middle (MITM) risks by poisoning the ARP cache, allowing users to test network detection capabilities (IDS/IPS, DAI) and validate the effectiveness of security controls like port security and 802.1X. This skill is strictly for authorized penetration testing and educational purposes.

This skill guides authorized security professionals through testing web applications for clickjacking vulnerabilities. It involves checking frame embedding controls (like X-Frame-Options and CSP) and crafting complex proof-of-concept overlays to see if users can be tricked into performing unintended sensitive actions, such as deleting accounts or transferring funds.

This skill guides users on performing deep runtime threat detection and forensics in cloud-native environments using Falco. It leverages Falco YAML rules to monitor syscalls, detecting critical security events such as shell spawning, file tampering (e.g., /etc/shadow), network anomalies, and privilege escalation within containers and Kubernetes clusters. Ideal for incident response, security auditing, and validating container runtime security controls.