Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based

Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and

'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations

'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments

'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting

Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking

'Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell

'Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate

'Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed

Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,

Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit

Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on

'Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during

'Detects DNS tunneling by computing Shannon entropy of DNS query names, analyzing query length distributions,

'Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to

'Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure

'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover

Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation

Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service

'Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service

Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.

Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting

'Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized

'Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket

Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules,

'Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception

'This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators

'Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments

Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device

'This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including

'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege

Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised

'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the

'Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,

Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with

'Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based

Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,

'Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to

'Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test