'Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,

Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence

Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular

'Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls

'Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,

Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing

'Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security

'Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,

Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory,

'Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,

'Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,

'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP

Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting

'Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s

Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify

Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify

'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection

'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,

'Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,

'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security

'Conducts comprehensive network penetration tests against authorized target environments by performing host discovery,

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical

Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access.

'Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity

A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking

'Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and

Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and

'Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute

Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points.

'Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and

'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,

'Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious

'Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for