'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection

'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,

'Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,

'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical

Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.

'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity

Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

'Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and

'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,

'Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction

'Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed

'Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify

'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing

'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,

'Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time.

'Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for

Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual

Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,

'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex

Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time

Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive

'This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection

'Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools

'Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible

Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system

Container escape is a critical attack technique where an adversary breaks out of container isolation to access

Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file

Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes

'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features

Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack

Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications

'Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,

'Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,

Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,

Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with

'Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,

Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,

Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory

'Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized

'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.