Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task

Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect

Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation,

Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies,

Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious

Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group

Hunt for unusual network connections by analyzing outbound traffic patterns, rare destinations, non-standard

Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event

Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious

AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect

'Implements strategies to reduce SOC alert fatigue by tuning detection rules, consolidating duplicate alerts,

Security awareness training is the human layer of phishing defense. An effective anti-phishing training program

'Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements

Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent

'Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request

'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication

'Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts

Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while

Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,

'Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints,

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues

Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize

'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder,

'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom

Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege

Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine

'Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy

'Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards

'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that

Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows,

'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across

'Implementing Google''s BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter,

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and

'Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation

'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access

Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications,

'Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud

'Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,

'Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation

Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source

'This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare

'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process

'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based

'Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying

Reduce container attack surface by building application images on Google distroless base images that contain

Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control