Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp

'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows

Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while

Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,

Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and

Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task

Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect

Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,

Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard

Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious

'Implements strategies to reduce SOC alert fatigue by tuning detection rules, consolidating duplicate alerts,

'Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts

Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while

Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues

'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder,

'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom

Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege

Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine

'Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy

'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that

Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows,

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and

'Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation

'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access

Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications,

'Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,

'Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation

'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process

'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based

Reduce container attack surface by building application images on Google distroless base images that contain

Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating

'Implements data loss prevention policies using Microsoft Purview to protect sensitive information across Exchange

Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin

Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug

'Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration,

'Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software

The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining

Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit

'Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware

'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through

Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based

Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,