'Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives,

'Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,

'Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover

Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation

'Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security,

Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service

'Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service

Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing

Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.

Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting

'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session

'Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized

'Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,

'Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection

'Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,

Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities,

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting

Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against

'Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives

'Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences,

Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware

Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules,

'Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection,

Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,

>-

'Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,

'This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators

Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance,

'This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including

'This skill covers performing vulnerability assessments in OT environments using the Claroty xDome platform for

'Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,

'Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments