Cradicle Explorer
ai-agents-security_Anthropic-Cybersecurity-Skills
Info
Issues
Patches
Wallets
Source
Source
.claude-plugin
.github
assets
mappings
skills
acquiring-disk-image-with-dd-and-dcfldd
analyzing-active-directory-acl-abuse
analyzing-android-malware-with-apktool
analyzing-api-gateway-access-logs
analyzing-apt-group-with-mitre-navigator
analyzing-azure-activity-logs-for-threats
analyzing-bootkit-and-rootkit-samples
analyzing-browser-forensics-with-hindsight
analyzing-campaign-attribution-evidence
analyzing-certificate-transparency-for-phishing
analyzing-cloud-storage-access-patterns
analyzing-cobalt-strike-beacon-configuration
analyzing-cobaltstrike-malleable-c2-profiles
analyzing-command-and-control-communication
analyzing-cyber-kill-chain
analyzing-disk-image-with-autopsy
analyzing-dns-logs-for-exfiltration
analyzing-docker-container-forensics
analyzing-email-headers-for-phishing-investigation
analyzing-ethereum-smart-contract-vulnerabilities
analyzing-golang-malware-with-ghidra
analyzing-heap-spray-exploitation
analyzing-indicators-of-compromise
analyzing-ios-app-security-with-objection
analyzing-kubernetes-audit-logs
analyzing-linux-audit-logs-for-intrusion
analyzing-linux-elf-malware
analyzing-linux-kernel-rootkits
analyzing-linux-system-artifacts
analyzing-lnk-file-and-jump-list-artifacts
analyzing-macro-malware-in-office-documents
analyzing-malicious-pdf-with-peepdf
analyzing-malicious-url-with-urlscan
analyzing-malware-behavior-with-cuckoo-sandbox
analyzing-malware-family-relationships-with-malpedia
analyzing-malware-persistence-with-autoruns
analyzing-malware-sandbox-evasion-techniques
analyzing-memory-dumps-with-volatility
analyzing-memory-forensics-with-lime-and-volatility
analyzing-mft-for-deleted-file-recovery
analyzing-network-covert-channels-in-malware
analyzing-network-flow-data-with-netflow
analyzing-network-packets-with-scapy
analyzing-network-traffic-for-incidents
analyzing-network-traffic-of-malware
analyzing-network-traffic-with-wireshark
analyzing-office365-audit-logs-for-compromise
analyzing-outlook-pst-for-email-forensics
analyzing-packed-malware-with-upx-unpacker
analyzing-pdf-malware-with-pdfid
analyzing-persistence-mechanisms-in-linux
analyzing-powershell-empire-artifacts
analyzing-powershell-script-block-logging
references
scripts
LICENSE
SKILL.md
analyzing-prefetch-files-for-execution-history
analyzing-ransomware-encryption-mechanisms
analyzing-ransomware-leak-site-intelligence
analyzing-ransomware-network-indicators
analyzing-ransomware-payment-wallets
analyzing-sbom-for-supply-chain-vulnerabilities
analyzing-security-logs-with-splunk
analyzing-slack-space-and-file-system-artifacts
analyzing-supply-chain-malware-artifacts
analyzing-threat-actor-ttps-with-mitre-attack
analyzing-threat-actor-ttps-with-mitre-navigator
analyzing-threat-intelligence-feeds
analyzing-threat-landscape-with-misp
analyzing-tls-certificate-transparency-logs
analyzing-typosquatting-domains-with-dnstwist
analyzing-uefi-bootkit-persistence
analyzing-usb-device-connection-history
analyzing-web-server-logs-for-intrusion
analyzing-windows-amcache-artifacts
analyzing-windows-event-logs-in-splunk
analyzing-windows-lnk-files-for-artifacts
analyzing-windows-prefetch-with-python
analyzing-windows-registry-for-artifacts
analyzing-windows-shellbag-artifacts
auditing-aws-s3-bucket-permissions
auditing-azure-active-directory-configuration
auditing-cloud-with-cis-benchmarks
auditing-gcp-iam-permissions
auditing-kubernetes-cluster-rbac
auditing-terraform-infrastructure-for-security
auditing-tls-certificate-transparency-logs
automating-ioc-enrichment
building-adversary-infrastructure-tracking-system
building-attack-pattern-library-from-cti-reports
building-automated-malware-submission-pipeline
building-c2-infrastructure-with-sliver-framework
building-cloud-siem-with-sentinel
building-detection-rule-with-splunk-spl
building-detection-rules-with-sigma
building-devsecops-pipeline-with-gitlab-ci
building-identity-federation-with-saml-azure-ad
building-identity-governance-lifecycle-process
building-incident-response-dashboard
building-incident-response-playbook
building-incident-timeline-with-timesketch
building-ioc-defanging-and-sharing-pipeline
building-ioc-enrichment-pipeline-with-opencti
building-malware-incident-communication-template
building-patch-tuesday-response-process
building-phishing-reporting-button-workflow
building-ransomware-playbook-with-cisa-framework
building-red-team-c2-infrastructure-with-havoc
building-role-mining-for-rbac-optimization
building-soc-escalation-matrix
building-soc-metrics-and-kpi-tracking
building-soc-playbook-for-ransomware
building-threat-actor-profile-from-osint
building-threat-feed-aggregation-with-misp
building-threat-hunt-hypothesis-framework
building-threat-intelligence-enrichment-in-splunk
building-threat-intelligence-feed-integration
building-threat-intelligence-platform
building-vulnerability-aging-and-sla-tracking
building-vulnerability-dashboard-with-defectdojo
building-vulnerability-exception-tracking-system
building-vulnerability-scanning-workflow
bypassing-authentication-with-forced-browsing
collecting-indicators-of-compromise
collecting-open-source-intelligence
collecting-threat-intelligence-with-misp
collecting-volatile-evidence-from-compromised-host
conducting-api-security-testing
conducting-cloud-incident-response
conducting-cloud-penetration-testing
conducting-domain-persistence-with-dcsync
conducting-external-reconnaissance-with-osint
conducting-full-scope-red-team-engagement
conducting-internal-network-penetration-test
conducting-internal-reconnaissance-with-bloodhound-ce
conducting-malware-incident-response
conducting-man-in-the-middle-attack-simulation
conducting-memory-forensics-with-volatility
conducting-mobile-app-penetration-test
conducting-network-penetration-test
conducting-pass-the-ticket-attack
conducting-phishing-incident-response
conducting-post-incident-lessons-learned
conducting-social-engineering-penetration-test
conducting-social-engineering-pretext-call
conducting-spearphishing-simulation-campaign
conducting-wireless-network-penetration-test
configuring-active-directory-tiered-model
configuring-aws-verified-access-for-ztna
configuring-certificate-authority-with-openssl
configuring-host-based-intrusion-detection
configuring-hsm-for-key-storage
configuring-identity-aware-proxy-with-google-iap
configuring-ldap-security-hardening
configuring-microsegmentation-for-zero-trust
configuring-multi-factor-authentication-with-duo
configuring-network-segmentation-with-vlans
configuring-oauth2-authorization-flow
configuring-pfsense-firewall-rules
configuring-snort-ids-for-intrusion-detection
configuring-suricata-for-network-monitoring
configuring-tls-1-3-for-secure-communications
configuring-windows-defender-advanced-settings
configuring-windows-event-logging-for-detection
configuring-zscaler-private-access-for-ztna
containing-active-breach
correlating-security-events-in-qradar
correlating-threat-campaigns
deobfuscating-javascript-malware
deobfuscating-powershell-obfuscated-malware
deploying-active-directory-honeytokens
deploying-cloudflare-access-for-zero-trust
deploying-decoy-files-for-ransomware-detection
deploying-edr-agent-with-crowdstrike
deploying-osquery-for-endpoint-monitoring
deploying-palo-alto-prisma-access-zero-trust
deploying-ransomware-canary-files
deploying-software-defined-perimeter
deploying-tailscale-for-zero-trust-vpn
detecting-ai-model-prompt-injection-attacks
detecting-anomalies-in-industrial-control-systems
detecting-anomalous-authentication-patterns
detecting-api-enumeration-attacks
detecting-arp-poisoning-in-network-traffic
detecting-attacks-on-historian-servers
detecting-attacks-on-scada-systems
detecting-aws-cloudtrail-anomalies
detecting-aws-credential-exposure-with-trufflehog
detecting-aws-guardduty-findings-automation
detecting-aws-iam-privilege-escalation
detecting-azure-lateral-movement
detecting-azure-service-principal-abuse
detecting-azure-storage-account-misconfigurations
detecting-beaconing-patterns-with-zeek
detecting-bluetooth-low-energy-attacks
detecting-broken-object-property-level-authorization
detecting-business-email-compromise-with-ai
detecting-business-email-compromise
detecting-cloud-threats-with-guardduty
detecting-command-and-control-over-dns
detecting-compromised-cloud-credentials
detecting-container-drift-at-runtime
detecting-container-escape-attempts
detecting-container-escape-with-falco-rules
detecting-credential-dumping-techniques
detecting-cryptomining-in-cloud
detecting-dcsync-attack-in-active-directory
detecting-deepfake-audio-in-vishing-attacks
detecting-dll-sideloading-attacks
detecting-dnp3-protocol-anomalies
detecting-dns-exfiltration-with-dns-query-analysis
detecting-email-account-compromise
detecting-email-forwarding-rules-attack
detecting-evasion-techniques-in-endpoint-logs
detecting-exfiltration-over-dns-with-zeek
detecting-fileless-attacks-on-endpoints
detecting-fileless-malware-techniques
detecting-golden-ticket-attacks-in-kerberos-logs
detecting-golden-ticket-forgery
detecting-insider-data-exfiltration-via-dlp
detecting-insider-threat-behaviors
detecting-insider-threat-with-ueba
detecting-kerberoasting-attacks
detecting-lateral-movement-in-network
detecting-lateral-movement-with-splunk
detecting-lateral-movement-with-zeek
detecting-living-off-the-land-attacks
detecting-living-off-the-land-with-lolbas
detecting-malicious-scheduled-tasks-with-sysmon
detecting-mimikatz-execution-patterns
detecting-misconfigured-azure-storage
detecting-mobile-malware-behavior
detecting-modbus-command-injection-attacks
detecting-modbus-protocol-anomalies
detecting-network-anomalies-with-zeek
detecting-network-scanning-with-ids-signatures
detecting-ntlm-relay-with-event-correlation
detecting-oauth-token-theft
detecting-pass-the-hash-attacks
detecting-pass-the-ticket-attacks
detecting-port-scanning-with-fail2ban
detecting-privilege-escalation-attempts
detecting-privilege-escalation-in-kubernetes-pods
detecting-process-hollowing-technique
detecting-process-injection-techniques
detecting-qr-code-phishing-with-email-security
detecting-ransomware-encryption-behavior
detecting-ransomware-precursors-in-network
detecting-rdp-brute-force-attacks
detecting-rootkit-activity
detecting-s3-data-exfiltration-attempts
detecting-serverless-function-injection
detecting-service-account-abuse
detecting-shadow-api-endpoints
detecting-shadow-it-cloud-usage
detecting-spearphishing-with-email-gateway
detecting-sql-injection-via-waf-logs
detecting-stuxnet-style-attacks
detecting-supply-chain-attacks-in-ci-cd
detecting-suspicious-oauth-application-consent
detecting-suspicious-powershell-execution
detecting-t1003-credential-dumping-with-edr
detecting-t1055-process-injection-with-sysmon
detecting-t1548-abuse-elevation-control-mechanism
detecting-typosquatting-packages-in-npm-pypi
detecting-wmi-persistence
eradicating-malware-from-infected-systems
evaluating-threat-intelligence-platforms
executing-active-directory-attack-simulation
executing-phishing-simulation-campaign
executing-red-team-engagement-planning
executing-red-team-exercise
exploiting-active-directory-certificate-services-esc1
exploiting-active-directory-with-bloodhound
exploiting-api-injection-vulnerabilities
exploiting-bgp-hijacking-vulnerabilities
exploiting-broken-function-level-authorization
exploiting-broken-link-hijacking
exploiting-constrained-delegation-abuse
exploiting-deeplink-vulnerabilities
exploiting-excessive-data-exposure-in-api
exploiting-http-request-smuggling
exploiting-idor-vulnerabilities
exploiting-insecure-data-storage-in-mobile
exploiting-insecure-deserialization
exploiting-ipv6-vulnerabilities
exploiting-jwt-algorithm-confusion-attack
exploiting-kerberoasting-with-impacket
exploiting-mass-assignment-in-rest-apis
exploiting-ms17-010-eternalblue-vulnerability
exploiting-nopac-cve-2021-42278-42287
exploiting-nosql-injection-vulnerabilities
exploiting-oauth-misconfiguration
exploiting-prototype-pollution-in-javascript
exploiting-race-condition-vulnerabilities
exploiting-server-side-request-forgery
exploiting-smb-vulnerabilities-with-metasploit
exploiting-sql-injection-vulnerabilities
exploiting-sql-injection-with-sqlmap
exploiting-template-injection-vulnerabilities
exploiting-type-juggling-vulnerabilities
exploiting-vulnerabilities-with-metasploit-framework
exploiting-websocket-vulnerabilities
exploiting-zerologon-vulnerability-cve-2020-1472
extracting-browser-history-artifacts
extracting-config-from-agent-tesla-rat
extracting-credentials-from-memory-dump
extracting-iocs-from-malware-samples
extracting-memory-artifacts-with-rekall
extracting-windows-event-logs-artifacts
generating-threat-intelligence-reports
hardening-docker-containers-for-production
hardening-docker-daemon-configuration
hardening-linux-endpoint-with-cis-benchmark
hardening-windows-endpoint-with-cis-benchmark
hunting-advanced-persistent-threats
hunting-credential-stuffing-attacks
hunting-for-anomalous-powershell-execution
hunting-for-beaconing-with-frequency-analysis
hunting-for-cobalt-strike-beacons
hunting-for-command-and-control-beaconing
hunting-for-data-exfiltration-indicators
hunting-for-data-staging-before-exfiltration
hunting-for-dcom-lateral-movement
hunting-for-dcsync-attacks
hunting-for-defense-evasion-via-timestomping
hunting-for-dns-based-persistence
hunting-for-dns-tunneling-with-zeek
hunting-for-domain-fronting-c2-traffic
hunting-for-lateral-movement-via-wmi
hunting-for-living-off-the-cloud-techniques
hunting-for-living-off-the-land-binaries
hunting-for-lolbins-execution-in-endpoint-logs
hunting-for-ntlm-relay-attacks
hunting-for-persistence-mechanisms-in-windows
hunting-for-persistence-via-wmi-subscriptions
hunting-for-process-injection-techniques
hunting-for-registry-persistence-mechanisms
hunting-for-registry-run-key-persistence
hunting-for-scheduled-task-persistence
hunting-for-shadow-copy-deletion
hunting-for-spearphishing-indicators
hunting-for-startup-folder-persistence
hunting-for-supply-chain-compromise
hunting-for-suspicious-scheduled-tasks
hunting-for-t1098-account-manipulation
hunting-for-unusual-network-connections
hunting-for-unusual-service-installations
hunting-for-webshell-activity
implementing-aes-encryption-for-data-at-rest
implementing-alert-fatigue-reduction
implementing-anti-phishing-training-program
implementing-anti-ransomware-group-policy
implementing-api-abuse-detection-with-rate-limiting
implementing-api-gateway-security-controls
implementing-api-key-security-controls
implementing-api-rate-limiting-and-throttling
implementing-api-schema-validation-security
implementing-api-security-posture-management
implementing-api-security-testing-with-42crunch
implementing-api-threat-protection-with-apigee
implementing-application-whitelisting-with-applocker
implementing-aqua-security-for-container-scanning
implementing-attack-path-analysis-with-xm-cyber
implementing-attack-surface-management
implementing-aws-config-rules-for-compliance
implementing-aws-iam-permission-boundaries
implementing-aws-macie-for-data-classification
implementing-aws-nitro-enclave-security
implementing-aws-security-hub-compliance
implementing-aws-security-hub
implementing-azure-ad-privileged-identity-management
implementing-azure-defender-for-cloud
implementing-beyondcorp-zero-trust-access-model
implementing-bgp-security-with-rpki
implementing-browser-isolation-for-zero-trust
implementing-canary-tokens-for-network-intrusion
implementing-cisa-zero-trust-maturity-model
implementing-cloud-dlp-for-data-protection
implementing-cloud-security-posture-management
implementing-cloud-trail-log-analysis
implementing-cloud-vulnerability-posture-management
implementing-cloud-waf-rules
implementing-cloud-workload-protection
implementing-code-signing-for-artifacts
implementing-conditional-access-policies-azure-ad
implementing-conduit-security-for-ot-remote-access
implementing-container-image-minimal-base-with-distroless
implementing-container-network-policies-with-calico
implementing-continuous-security-validation-with-bas
implementing-data-loss-prevention-with-microsoft-purview
implementing-ddos-mitigation-with-cloudflare
implementing-deception-based-detection-with-canarytoken
implementing-delinea-secret-server-for-pam
implementing-device-posture-assessment-in-zero-trust
implementing-devsecops-security-scanning
implementing-diamond-model-analysis
implementing-digital-signatures-with-ed25519
implementing-disk-encryption-with-bitlocker
implementing-dmarc-dkim-spf-email-security
implementing-dragos-platform-for-ot-monitoring
implementing-ebpf-security-monitoring
implementing-email-sandboxing-with-proofpoint
implementing-end-to-end-encryption-for-messaging
implementing-endpoint-detection-with-wazuh
implementing-endpoint-dlp-controls
implementing-envelope-encryption-with-aws-kms
implementing-epss-score-for-vulnerability-prioritization
implementing-file-integrity-monitoring-with-aide
implementing-fuzz-testing-in-cicd-with-aflplusplus
implementing-gcp-binary-authorization
implementing-gcp-organization-policy-constraints
implementing-gcp-vpc-firewall-rules
implementing-gdpr-data-protection-controls
implementing-gdpr-data-subject-access-request
implementing-github-advanced-security-for-code-scanning
implementing-google-workspace-admin-security
implementing-google-workspace-phishing-protection
implementing-google-workspace-sso-configuration
implementing-hardware-security-key-authentication
implementing-hashicorp-vault-dynamic-secrets
implementing-honeypot-for-ransomware-detection
implementing-honeytokens-for-breach-detection
implementing-ics-firewall-with-tofino
implementing-identity-governance-with-sailpoint
implementing-identity-verification-for-zero-trust
implementing-iec-62443-security-zones
implementing-image-provenance-verification-with-cosign
implementing-immutable-backup-with-restic
implementing-infrastructure-as-code-security-scanning
implementing-iso-27001-information-security-management
implementing-just-in-time-access-provisioning
implementing-jwt-signing-and-verification
implementing-kubernetes-network-policy-with-calico
implementing-kubernetes-pod-security-standards
implementing-llm-guardrails-for-security
implementing-log-forwarding-with-fluentd
implementing-log-integrity-with-blockchain
implementing-memory-protection-with-dep-aslr
implementing-microsegmentation-with-guardicore
implementing-mimecast-targeted-attack-protection
implementing-mitre-attack-coverage-mapping
implementing-mobile-application-management
implementing-mtls-for-zero-trust-services
implementing-nerc-cip-compliance-controls
implementing-network-access-control-with-cisco-ise
implementing-network-access-control
implementing-network-deception-with-honeypots
implementing-network-intrusion-prevention-with-suricata
implementing-network-policies-for-kubernetes
implementing-network-segmentation-for-ot
implementing-network-segmentation-with-firewall-zones
implementing-network-traffic-analysis-with-arkime
implementing-network-traffic-baselining
implementing-next-generation-firewall-with-palo-alto
implementing-opa-gatekeeper-for-policy-enforcement
implementing-ot-incident-response-playbook
implementing-ot-network-traffic-analysis-with-nozomi
implementing-pam-for-database-access
implementing-passwordless-auth-with-microsoft-entra
implementing-passwordless-authentication-with-fido2
implementing-patch-management-for-ot-systems
implementing-patch-management-workflow
implementing-pci-dss-compliance-controls
implementing-pod-security-admission-controller
implementing-policy-as-code-with-open-policy-agent
implementing-privileged-access-management-with-cyberark
implementing-privileged-access-workstation
implementing-privileged-session-monitoring
implementing-proofpoint-email-security-gateway
implementing-purdue-model-network-segmentation
implementing-ransomware-backup-strategy
implementing-ransomware-kill-switch-detection
implementing-rapid7-insightvm-for-scanning
implementing-rbac-hardening-for-kubernetes
implementing-rsa-key-pair-management
implementing-runtime-application-self-protection
implementing-runtime-security-with-tetragon
implementing-saml-sso-with-okta
implementing-scim-provisioning-with-okta
implementing-secret-scanning-with-gitleaks
implementing-secrets-management-with-vault
implementing-secrets-scanning-in-ci-cd
implementing-security-chaos-engineering
implementing-security-information-sharing-with-stix2
implementing-security-monitoring-with-datadog
implementing-semgrep-for-custom-sast-rules
implementing-siem-correlation-rules-for-apt
implementing-siem-use-case-tuning
implementing-siem-use-cases-for-detection
implementing-sigstore-for-software-signing
implementing-soar-automation-with-phantom
implementing-soar-playbook-for-phishing
implementing-soar-playbook-with-palo-alto-xsoar
implementing-stix-taxii-feed-integration
implementing-supply-chain-security-with-in-toto
implementing-syslog-centralization-with-rsyslog
implementing-taxii-server-with-opentaxii
implementing-threat-intelligence-lifecycle-management
implementing-threat-modeling-with-mitre-attack
implementing-ticketing-system-for-incidents
implementing-usb-device-control-policy
implementing-velociraptor-for-ir-collection
implementing-vulnerability-management-with-greenbone
implementing-vulnerability-remediation-sla
implementing-vulnerability-sla-breach-alerting
implementing-web-application-logging-with-modsecurity
implementing-zero-knowledge-proof-for-authentication
implementing-zero-standing-privilege-with-cyberark
implementing-zero-trust-dns-with-nextdns
implementing-zero-trust-for-saas-applications
implementing-zero-trust-in-cloud
implementing-zero-trust-network-access-with-zscaler
implementing-zero-trust-network-access
implementing-zero-trust-with-beyondcorp
implementing-zero-trust-with-hashicorp-boundary
integrating-dast-with-owasp-zap-in-pipeline
integrating-sast-into-github-actions-pipeline
intercepting-mobile-traffic-with-burpsuite
investigating-insider-threat-indicators
investigating-phishing-email-incident
investigating-ransomware-attack-artifacts
managing-cloud-identity-with-okta
managing-intelligence-lifecycle
mapping-mitre-attack-techniques
monitoring-darkweb-sources
monitoring-scada-modbus-traffic-anomalies
performing-access-recertification-with-saviynt
performing-access-review-and-certification
performing-active-directory-bloodhound-analysis
performing-active-directory-compromise-investigation
performing-active-directory-forest-trust-attack
performing-active-directory-penetration-test
performing-active-directory-vulnerability-assessment
performing-adversary-in-the-middle-phishing-detection
performing-agentless-vulnerability-scanning
performing-ai-driven-osint-correlation
performing-alert-triage-with-elastic-siem
performing-android-app-static-analysis-with-mobsf
performing-api-fuzzing-with-restler
performing-api-inventory-and-discovery
performing-api-rate-limiting-bypass
performing-api-security-testing-with-postman
performing-arp-spoofing-attack-simulation
performing-asset-criticality-scoring-for-vulns
performing-authenticated-scan-with-openvas
performing-authenticated-vulnerability-scan
performing-automated-malware-analysis-with-cape
performing-aws-account-enumeration-with-scout-suite
performing-aws-privilege-escalation-assessment
performing-bandwidth-throttling-attack-simulation
performing-binary-exploitation-analysis
performing-blind-ssrf-exploitation
performing-bluetooth-security-assessment
performing-brand-monitoring-for-impersonation
performing-clickjacking-attack-test
performing-cloud-asset-inventory-with-cartography
performing-cloud-forensics-investigation
performing-cloud-forensics-with-aws-cloudtrail
performing-cloud-incident-containment-procedures
performing-cloud-log-forensics-with-athena
performing-cloud-native-forensics-with-falco
performing-cloud-native-threat-hunting-with-aws-detective
performing-cloud-penetration-testing-with-pacu
performing-cloud-storage-forensic-acquisition
performing-container-escape-detection
performing-container-image-hardening
performing-container-security-scanning-with-trivy
performing-content-security-policy-bypass
performing-credential-access-with-lazagne
performing-cryptographic-audit-of-application
performing-csrf-attack-simulation
performing-cve-prioritization-with-kev-catalog
performing-dark-web-monitoring-for-threats
performing-deception-technology-deployment
performing-directory-traversal-testing
performing-disk-forensics-investigation
performing-dmarc-policy-enforcement-rollout
performing-dns-enumeration-and-zone-transfer
performing-dns-tunneling-detection
performing-docker-bench-security-assessment
performing-dynamic-analysis-of-android-app
performing-dynamic-analysis-with-any-run
performing-endpoint-forensics-investigation
performing-endpoint-vulnerability-remediation
performing-entitlement-review-with-sailpoint-iiq
performing-external-network-penetration-test
performing-false-positive-reduction-in-siem
performing-file-carving-with-foremost
performing-firmware-extraction-with-binwalk
performing-firmware-malware-analysis
performing-fuzzing-with-aflplusplus
performing-gcp-penetration-testing-with-gcpbucketbrute
performing-gcp-security-assessment-with-forseti
performing-graphql-depth-limit-attack
performing-graphql-introspection-attack
performing-graphql-security-assessment
performing-hardware-security-module-integration
performing-hash-cracking-with-hashcat
performing-http-parameter-pollution-attack
performing-ics-asset-discovery-with-claroty
performing-indicator-lifecycle-management
performing-initial-access-with-evilginx3
performing-insider-threat-investigation
performing-ioc-enrichment-automation
performing-ios-app-security-assessment
performing-iot-security-assessment
performing-ip-reputation-analysis-with-shodan
performing-jwt-none-algorithm-attack
performing-kerberoasting-attack
performing-kubernetes-cis-benchmark-with-kube-bench
performing-kubernetes-etcd-security-assessment
performing-kubernetes-penetration-testing
performing-lateral-movement-detection
performing-lateral-movement-with-wmiexec
performing-linux-log-forensics-investigation
performing-log-analysis-for-forensic-investigation
performing-log-source-onboarding-in-siem
performing-malware-hash-enrichment-with-virustotal
performing-malware-ioc-extraction
performing-malware-persistence-investigation
performing-malware-triage-with-yara
performing-memory-forensics-with-volatility3-plugins
performing-memory-forensics-with-volatility3
performing-mobile-app-certificate-pinning-bypass
performing-mobile-device-forensics-with-cellebrite
performing-network-forensics-with-wireshark
performing-network-packet-capture-analysis
performing-network-traffic-analysis-with-tshark
performing-network-traffic-analysis-with-zeek
performing-nist-csf-maturity-assessment
performing-oauth-scope-minimization-review
performing-oil-gas-cybersecurity-assessment
performing-open-source-intelligence-gathering
performing-osint-with-spiderfoot
performing-ot-network-security-assessment
performing-ot-vulnerability-assessment-with-claroty
performing-ot-vulnerability-scanning-safely
performing-packet-injection-attack
performing-paste-site-monitoring-for-credentials
performing-phishing-simulation-with-gophish
performing-physical-intrusion-assessment
performing-plc-firmware-security-analysis
performing-post-quantum-cryptography-migration
performing-power-grid-cybersecurity-assessment
performing-privacy-impact-assessment
performing-privilege-escalation-assessment
performing-privilege-escalation-on-linux
performing-privileged-account-access-review
performing-privileged-account-discovery
performing-purple-team-atomic-testing
performing-purple-team-exercise
performing-ransomware-response
performing-ransomware-tabletop-exercise
performing-red-team-phishing-with-gophish
performing-red-team-with-covenant
performing-s7comm-protocol-security-analysis
performing-sca-dependency-scanning-with-snyk
performing-scada-hmi-security-assessment
performing-second-order-sql-injection
performing-security-headers-audit
performing-serverless-function-security-review
performing-service-account-audit
performing-service-account-credential-rotation
performing-soap-web-service-security-testing
performing-soc-tabletop-exercise
performing-soc2-type2-audit-preparation
performing-sqlite-database-forensics
performing-ssl-certificate-lifecycle-management
performing-ssl-stripping-attack
performing-ssl-tls-inspection-configuration
performing-ssl-tls-security-assessment
performing-ssrf-vulnerability-exploitation
performing-static-malware-analysis-with-pe-studio
performing-steganography-detection
performing-subdomain-enumeration-with-subfinder
performing-supply-chain-attack-simulation
performing-thick-client-application-penetration-test
performing-threat-emulation-with-atomic-red-team
performing-threat-hunting-with-elastic-siem
performing-threat-hunting-with-yara-rules
performing-threat-intelligence-sharing-with-misp
performing-threat-landscape-assessment-for-sector
performing-threat-modeling-with-owasp-threat-dragon
performing-timeline-reconstruction-with-plaso
performing-user-behavior-analytics
performing-vlan-hopping-attack
performing-vulnerability-scanning-with-nessus
performing-web-application-firewall-bypass
performing-web-application-penetration-test
performing-web-application-scanning-with-nikto
performing-web-application-vulnerability-triage
performing-web-cache-deception-attack
performing-web-cache-poisoning-attack
performing-wifi-password-cracking-with-aircrack
performing-windows-artifact-analysis-with-eric-zimmerman-tools
performing-wireless-network-penetration-test
performing-wireless-security-assessment-with-kismet
performing-yara-rule-development-for-detection
prioritizing-vulnerabilities-with-cvss-scoring
processing-stix-taxii-feeds
profiling-threat-actor-groups
recovering-deleted-files-with-photorec
recovering-from-ransomware-attack
remediating-s3-bucket-misconfiguration
reverse-engineering-android-malware-with-jadx
reverse-engineering-dotnet-malware-with-dnspy
reverse-engineering-ios-app-with-frida
reverse-engineering-malware-with-ghidra
reverse-engineering-ransomware-encryption-routine
reverse-engineering-rust-malware
scanning-container-images-with-grype
scanning-containers-with-trivy-in-cicd
scanning-docker-images-with-trivy
scanning-infrastructure-with-nessus
scanning-kubernetes-manifests-with-kubesec
scanning-network-with-nmap-advanced
securing-api-gateway-with-aws-waf
securing-aws-iam-permissions
securing-aws-lambda-execution-roles
securing-azure-with-microsoft-defender
securing-container-registry-images
securing-container-registry-with-harbor
securing-github-actions-workflows
securing-helm-chart-deployments
securing-historian-server-in-ot-environment
securing-kubernetes-on-cloud
securing-remote-access-to-ot-environment
securing-serverless-functions
testing-android-intents-for-vulnerabilities
testing-api-authentication-weaknesses
testing-api-for-broken-object-level-authorization
testing-api-for-mass-assignment-vulnerability
testing-api-security-with-owasp-top-10
testing-cors-misconfiguration
testing-for-broken-access-control
testing-for-business-logic-vulnerabilities
testing-for-email-header-injection
testing-for-host-header-injection
testing-for-json-web-token-vulnerabilities
testing-for-open-redirect-vulnerabilities
testing-for-sensitive-data-exposure
testing-for-xml-injection-vulnerabilities
testing-for-xss-vulnerabilities-with-burpsuite
testing-for-xss-vulnerabilities
testing-for-xxe-injection-vulnerabilities
testing-jwt-token-security
testing-mobile-api-authentication
testing-oauth2-implementation-flaws
testing-ransomware-recovery-procedures
testing-websocket-api-security
tracking-threat-actor-infrastructure
triaging-security-alerts-in-splunk
triaging-security-incident-with-ir-playbook
triaging-security-incident
triaging-vulnerabilities-with-ssvc-framework
validating-backup-integrity-for-recovery
.gitignore
ATTACK_COVERAGE.md
CITATION.cff
CODE_OF_CONDUCT.md
CONTRIBUTING.md
LICENSE
README.md
SECURITY.md
index.json
/
skills
/
analyzing-powershell-script-block-logging
/
..
references
scripts
LICENSE
SKILL.md