Skill UI

This skill provides comprehensive tracking and visualization for Security Operations Center (SOC) performance. It calculates critical metrics such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and alert quality ratios using SIEM data. Ideal for SOC leadership, compliance auditing, and continuous process improvement initiatives needing quantifiable security posture reporting.

This skill provides a systematic methodology for building comprehensive threat actor profiles using Open-Source Intelligence (OSINT). It involves gathering, correlating, and analyzing publicly available data from diverse sources (e.g., vendor reports, dark web forums, code repositories). Users can map adversary TTPs to MITRE ATT&CK, assess motivations, and build structured dossiers for proactive defensive strategies and attribution assessments.

This framework provides a systematic methodology for cybersecurity professionals to transform raw threat intelligence, observed attack patterns, and environmental telemetry into verifiable, testable hunting hypotheses. It guides the end-to-end process, from hypothesis formulation and data identification across SIEM/EDR systems, to deep correlation and reporting, enabling proactive threat detection and scope assessment.

A robust framework for orchestrating complex, multi-step coding tasks using multiple AI agents. It functions by first planning the entire project into a mission dependency graph (DAG), then dispatching specialized agents to isolated Git worktrees for parallel development. The system automatically monitors progress, handles merges, and generates structured, comprehensive reports detailing changes, completed tasks, and next steps.

A comprehensive guide covering methodologies for conducting authorized penetration testing across major cloud platforms, including AWS, Azure, and GCP. It details the shared responsibility model, techniques for exploiting IAM misconfigurations, testing for SSRF vulnerabilities to cloud metadata services, and utilizing industry tools like Pacu and ScoutSuite. Findings are mapped to the MITRE ATT&CK Cloud matrix for robust reporting.

This guide details the end-to-end process of conducting a sophisticated spearphishing simulation campaign, mirroring real red team adversary techniques. It covers initial OSINT research and pretext development, building weaponized payloads that bypass security controls, setting up robust email infrastructure (SPF/DKIM/DMARC), executing the campaign in waves, and performing detailed post-campaign metrics analysis for comprehensive security reporting.

This skill correlates disparate security incidents, Indicators of Compromise (IOCs), and adversary behaviors across time and organizations. It systematically identifies unified threat campaigns, attributes them to common threat actors, and extracts shared indicators for significantly improved detection capabilities. Ideal for cross-organizational threat intelligence sharing and building comprehensive campaign reports.

This skill analyzes AWS CloudTrail logs to detect suspicious API call patterns, such as new event sources, geographic anomalies, or high-frequency usage. It establishes a statistical baseline of normal activity and flags deviations indicative of compromised credentials, privilege escalation, or insider threats, providing a detailed JSON report for security investigation and threat hunting.

This skill uses the Python azure-mgmt-storage SDK to perform comprehensive security audits on Azure Blob and ADLS storage accounts. It detects critical misconfigurations, including public access exposure, weak or long-lived SAS tokens, lack of encryption at rest, failure to enforce HTTPS, and outdated TLS versions. The output is a detailed, risk-scored report with remediation recommendations, essential for SOC analysts and security posture management.

Analyzes Windows Security EVTX logs to detect Kerberos golden ticket assaults by correlating event IDs 4768, 4624, and 4672, flagging long-lived TGTs, privilege escalations without group changes, SID inconsistencies, and outputting a timeline-based report.

This skill analyzes network logs, including proxy access logs, DNS query logs, and netflow data, to detect unauthorized Software as a Service (SaaS) applications and cloud services (Shadow IT). It classifies domains against known catalogs, measures data exfiltration volumes, calculates risk scores, and generates comprehensive reports for security and compliance teams.

This tool analyzes Web Application Firewall (WAF) logs (ModSecurity, AWS WAF, Cloudflare) to detect sophisticated SQL injection attack campaigns. It parses diverse log formats, identifies common SQLi payloads (UNION SELECT, OR 1=1), correlates multi-stage attacks, tracks source IPs, and generates detailed incident reports classified by OWASP standards for SOC analysts and security researchers.