Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,

'Parses and analyzes the Windows Amcache.hve registry hive to extract evidence of program execution, application

Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and

'Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using

Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library

'Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source

Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its

Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

'Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,

'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing

'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex

'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning

'Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using

Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel

Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack

Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT

Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption

Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,

Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate

'Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned

Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,

Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge

Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,

'Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs,

Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral

Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis,

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while

Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize

'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom

'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that

'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and

'Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation

'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware

Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation,

'Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies

'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection

'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency