Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library

'Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and

Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with

'This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security

Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify

'Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms

Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,

Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID)

'Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,

'Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership

'Designs and documents structured incident response playbooks that define step-by-step procedures for specific

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source

Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its

Build structured communication templates for malware incidents including stakeholder notifications, executive

Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates

Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported

'Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST

Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for

Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission

Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification

'Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to

'Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,

Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence

Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular

'Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls

'Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,

Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing

'Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security

'Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,

Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory,

'Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,

'Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,

'This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP

Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting

'Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s

Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify

Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify

'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection

'Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept,

'Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,

'Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security