'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning

'Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using

'Performs statistical analysis of Zeek conn.log connection intervals to detect C2 beaconing patterns. Uses the

Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack

Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT

Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption

'Detects insider data exfiltration by analyzing DLP policy violations, file access patterns, upload volume anomalies,

Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,

'Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned

Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,

Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active

Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge

Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,

'Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs,

Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while

'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom

'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that

'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and

'Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation

'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process

'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware

'Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress

'Configures mutual TLS (mTLS) authentication between microservices using Python cryptography library for certificate

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital

'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including

'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection

Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events,

'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency

Implement software supply chain integrity verification for container builds using the in-toto framework to create

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,

'Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives,

Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,