Skill UI

This skill guides the implementation of network traffic baselining using historical NetFlow/IPFIX data. It leverages Python's pandas library to compute detailed statistical profiles, including hourly/daily distributions, per-host metrics, and protocol ratios. Anomalies are robustly detected using z-score and Interquartile Range (IQR) methods, assisting SOC analysts in identifying unusual activities like data exfiltration or beaconing.

This skill provides a comprehensive guide to implementing robust USB device control policies. It restricts unauthorized removable media access to mitigate data exfiltration risks and prevent malware introduction via USB endpoints. Learn how to deploy granular policies using Group Policy Objects (GPO), Microsoft Intune, or advanced Endpoint Detection and Response (EDR) platforms to meet strict compliance standards.

This guide details how to implement NextDNS as a zero-trust DNS filtering layer. By utilizing encrypted resolution (DoH/DoT) and real-time threat intelligence, it blocks malicious domains, prevents data exfiltration, filters ads/trackers, and enforces granular security policies across all endpoints, aligning with Zero Trust principles and enhancing overall network security.

This skill provides SOC teams with a structured, multi-source workflow to investigate potential insider threats. It correlates data from SIEM, DLP, EDR, and HR feeds to detect data exfiltration attempts (via cloud, USB, email), unauthorized access patterns, and policy violations. It is crucial for building comprehensive investigation timelines, especially when handling departing employees or suspected data theft.

This skill detects covert data exfiltration occurring over DNS tunnels. It analyzes DNS query names by computing Shannon entropy, examining query length distributions, and identifying high subdomain cardinality. It is essential for security operations, incident response, and proactive threat hunting when suspicious or encoded DNS activity is suspected.

This comprehensive guide details a professional workflow for performing network forensics using Wireshark and tshark. Learn how to analyze captured PCAP files to identify malicious communications, reconstruct data exfiltration, extract crucial artifacts (HTTP, SMB, DICOM), and detect indicators of compromise (IOCs). Essential for incident response and malware analysis.

A comprehensive guide and toolkit for performing digital forensic analysis on network packet captures (PCAP/PCAPNG). It details techniques using Wireshark, tshark, and tcpdump to reconstruct communications, extract sensitive data, identify malicious C2 traffic, and establish irrefutable evidence of security breaches or data exfiltration.

A comprehensive guide for reverse engineering Android malware. It details how to use JADX and accompanying tools (apktool, androguard) to analyze APK metadata, extract permissions, decompile Java/Kotlin source code, and identify malicious functionalities like data exfiltration, C2 communication, and overlay attacks. Ideal for mobile threat analysis and security research.

This skill provides a comprehensive guide and methodology for identifying and exploiting Cross-Origin Resource Sharing (CORS) misconfigurations in web applications. It covers testing origin validation bypasses, analyzing preflight requests, and simulating data exfiltration during authorized penetration tests, crucial for assessing API security.

This guide details methodologies for identifying and exploiting XML External Entity (XXE) injection vulnerabilities in web applications. It covers basic file retrieval, blind XXE detection using out-of-band techniques, and data exfiltration, all critical steps during authorized penetration testing of XML-consuming APIs and services.

This guide outlines the implementation of Remote Browser Isolation (RBI) as a core component of a Zero Trust architecture. It details policies for URL risk classification, Data Loss Prevention (DLP) controls, and Content Disarm and Reconstruction (CDR). This is essential for hardening web access, protecting against zero-day exploits, phishing, and preventing data exfiltration from untrusted web content.

This skill provides a comprehensive guide and structured SQL templates for performing deep forensic investigations on AWS cloud logs. It utilizes AWS Athena to query massive datasets from CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs. Ideal for detecting unauthorized access, data exfiltration, and privilege escalation during security incident response.