Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting

'Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify

Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify

'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,

'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security

'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.

'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing

'Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious

'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for

TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements

'Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running

Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual

Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom

'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems

'Detects and analyzes Bluetooth Low Energy (BLE) security attacks including sniffing, replay attacks, GATT enumeration

Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive

'Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools

Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes

'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features

'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring

'Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized

'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.

'Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for

'Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra

Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child

'Detects rootkit presence on compromised systems by identifying hidden processes, hooked system calls, modified

'Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs,

Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis,

Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam

'Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based

Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),

'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s

BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and

'Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP

'Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,

'Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative

Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned

Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users

'Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications

'Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying

Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources

'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including

Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications

'Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,

'Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the