Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source

Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its

Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing

'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex

Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack

Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,

Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge

Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,

'Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs,

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while

'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom

'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and

'Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation

'Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation

'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process

'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies

'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including

'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

Implement software supply chain integrity verification for container builds using the in-toto framework to create

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,

'Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices,

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases

Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and

'This skill covers integrating Aqua Security''s Trivy scanner into CI/CD pipelines for comprehensive container

'This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce

'Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image

'This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions,

>