Skill UI

This guide provides a comprehensive methodology for conducting cloud security audits across major platforms (AWS, Azure, GCP) using industry-standard CIS Benchmarks. It covers selecting appropriate benchmark versions, running automated assessments using tools like Prowler and ScoutSuite, interpreting complex compliance results, and prioritizing systematic remediation steps to achieve and maintain continuous compliance (e.g., SOC 2, ISO 27001).

Guides security architects through designing and deploying a continuous CSPM program across AWS, Azure, and GCP, covering tool selection, policy baselines, automation, and SOC integration to monitor misconfigurations and prioritize remediation.

This skill details the implementation of a cloud-native SIEM and SOAR platform using Microsoft Sentinel. It covers ingesting multi-cloud logs (AWS, Azure, GCP), writing advanced KQL detection queries for threat hunting, and automating incident response workflows using Logic Apps. Ideal for centralized security operations in complex, multi-cloud environments.

This skill provides a comprehensive guide to establishing SAML 2.0 identity federation between on-premises Active Directory and Microsoft Entra ID (Azure AD). It covers the architecture, prerequisites, and practical steps (including PowerShell scripting) required to achieve seamless Single Sign-On (SSO) and centralized authentication authority for hybrid environments and third-party SaaS applications.

Guides responders through cloud incident response operations across AWS, Azure, and GCP, covering detection, identity containment, isolation, and forensic evidence preservation.

Guide for assessing AWS, Azure, and GCP environments with tools such as Pacu, ScoutSuite, and Prowler to uncover IAM weaknesses, exposed storage, insecure serverless functions, and cloud-native attack chains.

A comprehensive guide covering methodologies for conducting authorized penetration testing across major cloud platforms, including AWS, Azure, and GCP. It details the shared responsibility model, techniques for exploiting IAM misconfigurations, testing for SSRF vulnerabilities to cloud metadata services, and utilizing industry tools like Pacu and ScoutSuite. Findings are mapped to the MITRE ATT&CK Cloud matrix for robust reporting.

This comprehensive guide details how to implement a Zero Trust Network Access (ZTNA) solution using Cloudflare Access and Cloudflare Tunnel. It provides a secure alternative to traditional VPNs by offering identity-aware, policy-driven access to self-hosted and private applications. The process covers setting up tunnels, integrating major Identity Providers (Okta, Azure AD), and enforcing granular access policies.

Focuses on advanced threat detection within Azure AD/Entra ID. This skill guides users on correlating Graph API audit logs, sign-in anomalies, and KQL queries in Microsoft Sentinel to identify sophisticated lateral movement techniques, such as privilege escalation, OAuth abuse, and cross-tenant pivoting. Essential for SOC threat hunting.

This guide provides advanced detection methods and threat hunting queries (KQL/SPL) to identify abuse of Azure service principals. It covers techniques such as privilege escalation, credential compromise, unauthorized role assignment, and enumeration, essential for SOC analysts and security teams monitoring Microsoft Entra ID.

This skill uses the Python azure-mgmt-storage SDK to perform comprehensive security audits on Azure Blob and ADLS storage accounts. It detects critical misconfigurations, including public access exposure, weak or long-lived SAS tokens, lack of encryption at rest, failure to enforce HTTPS, and outdated TLS versions. The output is a detailed, risk-scored report with remediation recommendations, essential for SOC analysts and security posture management.

Detect unauthorized crypto-mining in AWS, Azure, and GCP by correlating GuardDuty/Defender/SCC findings, compute anomalies, network flows, and container/serverless behaviors to validate threats and guide response.