'Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert

Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify

Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction,

Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,

'Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts

'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that

'Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized

'Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,

Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules),

'Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes,

'Performs Linux memory acquisition using LiME (Linux Memory Extractor) kernel module and analysis with Volatility

Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record

'Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including

'Analyzes network traffic generated by malware during sandbox execution or live incident response to identify

'Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,

Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD

'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities

'Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents

'Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework

'Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics,

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,

Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations

Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers

Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable

'Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies,

'This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS,

'Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage,

'Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and

'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security

'Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms

Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,

'Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership

'Designs and documents structured incident response playbooks that define step-by-step procedures for specific

Build structured communication templates for malware incidents including stakeholder notifications, executive

Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates

'Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to

Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence

'Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against

'Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,

Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing

'Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,

Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory,

'Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,

'Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,

'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP

Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting

'Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s