Skill UI

Detect unauthorized crypto-mining in AWS, Azure, and GCP by correlating GuardDuty/Defender/SCC findings, compute anomalies, network flows, and container/serverless behaviors to validate threats and guide response.

A comprehensive guide for security teams on detecting and responding to unauthorized crypto mining operations in cloud environments (AWS, Azure). It details a multi-layered approach, utilizing cost anomaly detection, compute utilization monitoring, GuardDuty findings, and network flow log analysis (VPC/KQL) to identify resource hijacking attempts and suspicious activity across EC2, ECS, and EKS workloads.

This guide details methods for detecting and mitigating OAuth token theft and replay attacks in cloud environments, specifically targeting Microsoft Entra ID (Azure AD). It covers protection against access token theft, Primary Refresh Token (PRT) abuse, and pass-the-cookie attacks. Users can leverage Conditional Access and Token Protection features to cryptographically bind tokens to devices, significantly enhancing cloud identity security and preventing session hijacking.

This skill demonstrates how to exploit JWT algorithm confusion vulnerabilities. It targets APIs that do not strictly enforce the cryptographic algorithm (alg) specified in the token header. Techniques covered include downgrading from asymmetric algorithms (RS256) to symmetric ones (HS256) using the public key as the secret, performing alg:none bypasses, and manipulating key identifiers (kid, jku, x5u) to achieve authentication bypass and token forgery.

This utility implements comprehensive Cloud Workload Protection (CWPP) by monitoring compute workloads on cloud instances (EC2/GCE). It provides runtime security controls, detecting process anomalies, unauthorized binary execution, cryptomining activity, and suspicious network connections using AWS and Google APIs. Ideal for establishing robust security postures and meeting compliance requirements.

This skill guides the implementation of digital signatures using Ed25519, a high-performance cryptographic algorithm based on the Edwards curve. It provides 128-bit security with small keys and signatures, offering significant advantages over RSA and ECDSA, including deterministic signing and side-channel resistance. Learn to generate key pairs, sign documents and code, and verify signatures for robust security controls.

Binary Authorization is a critical Google Cloud security control that enforces policy-based deployment rules. It mandates that only container images with valid cryptographic attestations (proof of successful vulnerability scanning, code reviews, etc.) can be deployed to GKE or Cloud Run. Use this guide to establish robust supply chain security and compliance controls for your cloud-native applications.

This skill details implementing a ransomware-resistant, immutable backup strategy using the restic tool. It leverages S3-compatible Object Lock (Compliance Mode) to ensure Write Once Read Many (WORM) storage, preventing deletion or modification by attackers. The process includes automated backup, cryptographic integrity verification (restic check), and scheduled restore testing, adhering to advanced security standards like 3-2-1-1-0.

This skill provides comprehensive knowledge on using JSON Web Tokens (JWT) for secure authentication and authorization. It covers implementing various cryptographic signing algorithms (such as HS256, RS256, ES256, and EdDSA), validating signatures, enforcing claim constraints (like expiration time), and implementing robust defenses against common JWT vulnerabilities, including algorithm confusion and the 'none' algorithm attack. Ideal for building secure, scalable web APIs.

This guide details the configuration and implementation of mutual TLS (mTLS) authentication between microservices. It utilizes Python's cryptography library for robust certificate generation, validation, and secure service-to-service authentication, essential for adopting zero-trust security models.

In-toto is a CNCF standard project used to verify the integrity of software supply chains. It generates cryptographically signed attestations (link metadata) at every stage of the CI/CD pipeline, proving exactly what artifacts were produced and who authorized the process. This is crucial for securing container builds and ensuring compliance against tampering.

Automates the static security analysis of Android APK/AAB files using the Mobile Security Framework (MobSF). This skill identifies critical vulnerabilities such as hardcoded secrets, insecure permissions, weak cryptography, and structural flaws (mapping to OWASP Mobile Top 10) without requiring application execution. It is essential for integrating security gates into CI/CD pipelines, performing pre-release quality assurance, and enhancing penetration testing coverage.