'Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,

Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD

'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities

'Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents

'Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework

'Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics,

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,

Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations

Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers

Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable

'Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies,

'This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS,

'Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage,

'Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and

'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security

'Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms

Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,

'Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership

'Designs and documents structured incident response playbooks that define step-by-step procedures for specific

Build structured communication templates for malware incidents including stakeholder notifications, executive

Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates

'Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to

Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence

'Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against

'Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,

Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing

'Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,

Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory,

'Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,

'Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,

'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP

Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting

'Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify

Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify

'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,

'Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,

'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security

'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate

Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical

Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.

'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing

'Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious

'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for