Universal coding patterns, constraints, TDD workflow, atomic todos

Maggy is a local AI engineering command center bundled with claude-bootstrap. AI-prioritized inbox across issue trackers (GitHub Issues/Asana), one-click TDD execute with iCPG context enrichment, daily competitor intelligence briefing.

Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,

'Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases

Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,

'Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,

'Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains

'Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity

Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous

'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time

Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system

Container escape is a critical attack technique where an adversary breaks out of container isolation to access

Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file

Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications

Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with

Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,

Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where

Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel

Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement,

Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud

Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp

Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse

Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and

Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task

Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring

Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,

Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues

Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege

Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine

Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows,

Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications,

Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating

The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining

'Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized

'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible

Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle

'This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection

Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral

Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies,

Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across

Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,

Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,

Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,