Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify

Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify

'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,

'Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,

'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security

'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate

Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical

Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.

'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing

'Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious

'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for

TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements

'Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for

'Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running

Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual

Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom

'This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems

'Detects and analyzes Bluetooth Low Energy (BLE) security attacks including sniffing, replay attacks, GATT enumeration

Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive

'Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools

Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows

'This skill teaches security teams how to detect and respond to unauthorized cryptocurrency mining operations

Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes

'Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features

'Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring

'Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files

'Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,

Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory

'Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized

'This skill covers detecting anomalies in Modbus/TCP and Modbus RTU communications in industrial control systems.

'Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate

'Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for

'Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra

Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child

'Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing,

'Detects rootkit presence on compromised systems by identifying hidden processes, hooked system calls, modified

'Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs,

Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis,

Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam

Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials

Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection

'Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based

Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),

'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s

Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates

BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and

'Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP