'Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,

'Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative

Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned

Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users

'Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications

'Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying

Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources

'Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including

Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications

'Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,

'Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the

Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,

Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)

Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation,

Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications

Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack

Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network

'Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration

'Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests

Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker,

Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure

Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using

'Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD

'Generates structured cyber threat intelligence reports at strategic, operational, and tactical levels tailored

Hardening Docker containers for production involves applying security best practices aligned with CIS Docker

'Hardens Linux endpoints using CIS Benchmark recommendations for Ubuntu, RHEL, and CentOS to reduce attack surface,

'Hardens Windows endpoints using CIS (Center for Internet Security) Benchmark recommendations to reduce attack

Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM

'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows

'Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps

Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive

'Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts

Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic

'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder,

'Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy

'Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud

'This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare

'Implements data loss prevention policies using Microsoft Purview to protect sensitive information across Exchange

'Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software

Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit

'Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol

End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary

Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule

'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through