'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences

'Performs API inventory and discovery to identify all API endpoints in an organization''s environment including

'Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses,

'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security

'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with

Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify

'Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations

'Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments

'Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,

Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities

Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata

Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking

'Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation.

'Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell

Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty

'Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,

'Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous

'This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed

Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords

A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and

Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit

Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation

Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and

'Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have

Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on

'Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring

'Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during

'Detects DNS tunneling by computing Shannon entropy of DNS query names, analyzing query length distributions,

Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying

'Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution

'Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,

'Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches,

'Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,

Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract