Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords

Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit

'Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have

Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on

'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring

'Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during

Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution

'Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,

'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,

Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract

'Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,

'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session

'Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized

'Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection

'Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise

'Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct

Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,

>-

'Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,

'This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators

'Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,

'Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments

GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing

Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device

'This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including

'Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards.

'This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation

'Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices,

'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege

Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions,

Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local

'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the