Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking

'Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell

'Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate

'Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed

Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,

Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit

Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on

'Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during

'Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure

'Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized

'Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket

'This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators

'Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments

Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device

'This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including

'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege

Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised

'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the

'Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,

'Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,

'Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for

Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover

'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.

'Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments

'Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,

'Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)

Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers

Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through

'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary

Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS

Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,

'This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards,

'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication

'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated

'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain

Systematically testing web applications for broken access control vulnerabilities including privilege escalation,

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,