'This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including

'Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards.

'Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege

Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions,

'Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the

'Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation

'Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making,

Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with

'Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based

Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing

'Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,

'Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to

'Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,

Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover

Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map

Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,

'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.

'Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems

Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management,

Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack

Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,

'Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments

'Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,

Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,

'Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)

Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous

Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to

Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers

Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through

'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary

Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3

'Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native

'Develops comprehensive threat actor profiles for APT groups, criminal organizations, and hacktivist collectives

Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine

'Reverse engineers .NET malware using dnSpy decompiler and debugger to analyze C#/VB.NET source code, identify

Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS

Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,

Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing

'This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards,

'Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,

'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication

'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated

'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they