TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements

'Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for

'Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running

Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual

Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom

'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems

'Detects and analyzes Bluetooth Low Energy (BLE) security attacks including sniffing, replay attacks, GATT enumeration

Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive

'Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools

Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows

'This skill teaches security teams how to detect and respond to unauthorized cryptocurrency mining operations

Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes

'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features

'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring

'Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files

'Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,

Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory

'Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized

'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.

'Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate

'Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for

'Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra

Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child

'Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,

'Detects rootkit presence on compromised systems by identifying hidden processes, hooked system calls, modified

'Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs,

Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis,

Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam

Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials

Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection

'Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based

Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),

'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s

Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates

BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and

'Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP

'Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,

'Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative

Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned

Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users

'Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications

'Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying

Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources

'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including

Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications

'Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,

'Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the

Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,

Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)