'Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based

Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),

'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s

BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and

'Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,

'Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative

Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned

Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users

'Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications

'Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying

Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources

'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including

Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications

'Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,

Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,

Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)

Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate

Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack

'Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration

'Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests

Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker,

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure

'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts

Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic

'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder,

'Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy

'Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software

'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through

Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,

Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection

Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations,

'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant

'Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards,

'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,

'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,

'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences

'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security

'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based

'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations

'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments

'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.