Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on

'Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during

'Detects DNS tunneling by computing Shannon entropy of DNS query names, analyzing query length distributions,

Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying

'Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to

'Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,

'Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure

Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract

'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover

Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation

'Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,

Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service

'Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service

Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.

Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting

'Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized

'Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection

'Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting

Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket

'Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,

Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware

Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules,

'Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception

Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,

'Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,

'This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators

'Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments

GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing

Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device

'This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including

'Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards.

'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege

Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions,

'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the

'Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation

'Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,

Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with

'Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based

Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing

'Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,