'Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,

'Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to

'Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9),

Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode

SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring,

'Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for

Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains,

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,

'Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file

Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover

Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map

Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance,

Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,

'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.

'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline

'Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems

Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management,

Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack

Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,

Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,

'Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible

'Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments

'Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,

Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,

'Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)

Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous

Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to

Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers

Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through

'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary

Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including

Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3

Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak

Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral

The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum

'Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native

'Develops comprehensive threat actor profiles for APT groups, criminal organizations, and hacktivist collectives

Recover deleted files from disk images and storage media using PhotoRec's file signature-based carving engine

'Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment

'This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations

'Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify

'Reverse engineers .NET malware using dnSpy decompiler and debugger to analyze C#/VB.NET source code, identify

'Reverse engineers iOS applications using Frida dynamic instrumentation to understand internal logic, extract

'Reverse engineers malware binaries using NSA''s Ghidra disassembler and decompiler to understand internal logic,

Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and

Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated