Skill UI

This guide provides a systematic, step-by-step workflow for Security Operations Center (SOC) analysts to perform alert triage using Elastic Security SIEM. It covers initial alert assessment, context gathering using advanced ES|QL queries, threat intelligence enrichment, and final classification decisions (True Positive, False Positive, etc.) to rapidly determine genuine security threats and prioritize incident response actions.

Automates the static security analysis of Android APK/AAB files using the Mobile Security Framework (MobSF). This skill identifies critical vulnerabilities such as hardcoded secrets, insecure permissions, weak cryptography, and structural flaws (mapping to OWASP Mobile Top 10) without requiring application execution. It is essential for integrating security gates into CI/CD pipelines, performing pre-release quality assurance, and enhancing penetration testing coverage.

Use RESTler to automate stateful security testing of REST APIs. It processes OpenAPI specifications to generate fuzzing grammars, allowing users to discover complex bugs, such as injection vulnerabilities, resource leaks, and unhandled exceptions (500 errors), by executing diverse sequences of API calls. Essential for robust CI/CD regression testing and proactive API security assessments.

This tool performs comprehensive API inventory and discovery across an organization's environment. It identifies all API endpoints—including documented, undocumented, shadow, and deprecated APIs—by combining passive traffic analysis (HAR files), active scanning, DNS enumeration, and cloud resource auditing. It helps map the complete API attack surface, crucial for security assessments and compliance requirements like PCI-DSS and SOC2.

This tool simulates advanced security testing to identify vulnerabilities in API rate limiting. It bypasses throttling controls by manipulating request headers (like X-Forwarded-For spoofing), varying source IP addresses, and manipulating endpoint paths. Essential for assessing API resilience against brute-force attacks, credential stuffing, and resource exhaustion, aligning with OWASP API Security guidelines.

Perform comprehensive and structured API security testing using Postman. This skill covers testing for OWASP API Security Top 10 vulnerabilities, including authentication bypass, authorization flaws (BOLA), injection, and data exposure. It guides users through setting up multi-role environments, writing automated test scripts for regression testing, and integrating the workflow with CI/CD tools like Newman and OWASP ZAP.

This guide details how to simulate ARP spoofing attacks in controlled, authorized lab environments. It demonstrates Man-in-the-Middle (MITM) risks by poisoning the ARP cache, allowing users to test network detection capabilities (IDS/IPS, DAI) and validate the effectiveness of security controls like port security and 802.1X. This skill is strictly for authorized penetration testing and educational purposes.

This skill implements a multi-factor scoring model to assess the criticality of IT assets. By weighting factors such as business function impact, data sensitivity, regulatory scope, and network exposure, it assigns a risk tier. This tier is then used to dynamically adjust the Service Level Agreements (SLAs) for vulnerability remediation, ensuring that organizations prioritize patching efforts on their most critical 'crown jewel' systems first.

This guide details how to use OpenVAS/Greenbone Vulnerability Management (GVM) to perform authenticated vulnerability scans. By utilizing valid credentials (SSH for Linux, SMB for Windows), scans can log into target systems, detecting deep local vulnerabilities, missing patches, and misconfigurations far beyond what unauthenticated scans can find. This is essential for comprehensive security assessments and compliance auditing.

This guide details authenticated (credentialed) vulnerability scanning, which uses valid system credentials (SSH keys, domain passwords, etc.) to log into target hosts. Unlike external scanning, credentialed methods allow deep inspection of installed patches, local configurations, registry keys, and system files across diverse platforms (Linux, Windows, Network Devices). This significantly increases vulnerability detection rates and reduces false positives for comprehensive security assessments.

CAPE is an open-source sandbox built for automated malware analysis, derived from Cuckoo. It provides advanced behavioral monitoring, payload dumping, and configuration extraction using over 70 parsers for known malware families (e.g., Emotet, Cobalt Strike). It captures network IOCs, dropped files, and detects anti-evasion techniques, making it ideal for security assessments and incident response workflows via its robust API.

Utilizes ScoutSuite, an open-source multi-cloud auditing tool, to perform comprehensive, agentless security posture assessments across AWS accounts. It queries various AWS APIs to enumerate all resources, identify misconfigurations (such as publicly exposed S3 buckets or weak IAM policies), and generate detailed, actionable HTML reports for compliance and security auditing.