Skip to content

Security & Compliance Skills

838 curated security and compliance skills for AI coding agents. Access control, vulnerability scanning, compliance audit - all license-verified.

Azure Compliance

Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.

#broad-capability#development#setupSecurity & Compliance

Azure Policy Analyzer

Analyze Azure Policy compliance posture (NIST SP 800-53, MCSB, CIS, ISO 27001, PCI DSS, SOC 2), auto-discover scope, and return a structured single-pass risk report with evidence and remediation commands.

#github-copilot#complianceSecurity & Compliance

Azure Role Selector

When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role.

#github-copilot#identity#accessSecurity & Compliance

Binary Analysis Patterns

Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.

#broad-capability#engineering#agent-skillsSecurity & Compliance

Breach

Designing red team attack scenarios, building threat models, applying MITRE ATT&CK/OWASP frameworks, running Purple Team exercises, and performing AI/LLM red teaming. Use when adversarial security validation is needed.

#broad-capability#development#securitySecurity & Compliance

Building Adversary Infrastructure Tracking System

Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS data, and IP enrichment to map and monitor threat actor command-and-control networks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Attack Pattern Library From Cti Reports

Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Automated Malware Submission Pipeline

Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building C2 Infrastructure With Sliver Framework

Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Cloud Siem With Sentinel

This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Detection Rules With Sigma

Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Detection Rule With Splunk Spl

Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify security threats in SOC environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Identity Federation With Saml Azure Ad

Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID) for seamless cross-domain authentication and SSO to cloud applications.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Identity Governance Lifecycle Process

Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation using IGA platforms. Activates for requests involving identity lifecycle management, JML processes, role-based access provisioning, or identity governance program design.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Incident Response Dashboard

Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership with situational awareness during active incidents, tracking affected systems, containment status, IOC spread, and response timeline. Use when IR teams need unified visibility during incident coordination and post-incident reporting.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Incident Response Playbook

Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Incident Timeline With Timesketch

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source event data for attack chain reconstruction and investigation documentation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Ioc Enrichment Pipeline With Opencti

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Malware Incident Communication Template

Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Patch Tuesday Response Process

Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Phishing Reporting Button Workflow

Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Ransomware Playbook With Cisa Framework

Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST Cybersecurity Framework. Covers preparation, detection, containment, eradication, recovery, and post-incident phases with actionable checklists. Activates for requests involving ransomware response planning, CISA compliance, incident response playbook creation, or ransomware preparedness assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Red Team C2 Infrastructure With Havoc

Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for authorized red team operations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Role Mining For Rbac Optimization

Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Soc Escalation Matrix

Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Soc Metrics And Kpi Tracking

Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), alert quality ratios, analyst productivity, and detection coverage using SIEM data. Use when SOC leadership needs operational visibility, continuous improvement tracking, or executive-level reporting on security operations effectiveness.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Soc Playbook For Ransomware

Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication, and recovery phases with specific SIEM queries, isolation procedures, and decision trees. Use when SOC teams need formalized response procedures for ransomware incidents aligned to NIST SP 800-61 and MITRE ATT&CK ransomware techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Threat Actor Profile From Osint

Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary motivations, capabilities, infrastructure, and TTPs for proactive defense.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Threat Feed Aggregation With Misp

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Threat Intelligence Enrichment In Splunk

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular inputs, and the Threat Intelligence Framework.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Threat Intelligence Feed Integration

Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat intel, and commercial TI platforms into SIEM and security tools for real-time IOC matching and alerting. Use when SOC teams need to operationalize threat intelligence by automating feed ingestion, normalization, scoring, and distribution to detection systems.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Threat Intelligence Platform

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Vulnerability Aging And Sla Tracking

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Vulnerability Dashboard With Defectdojo

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Vulnerability Exception Tracking System

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Building Vulnerability Scanning Workflow

Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover, prioritize, and track remediation of security vulnerabilities across infrastructure. Use when SOC teams need to establish recurring vulnerability assessment processes, integrate scan results with SIEM alerting, and build remediation tracking dashboards.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Bypassing Authentication With Forced Browsing

Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Canon

Assessing standards compliance and analyzing gaps. Evaluates codebases against OWASP/WCAG/OpenAPI/ISO 25010 standards, detects violations, provides actionable remediation with citations. Use when checking industry-standard compliance (security/a11y/API/quality) or producing citation-backed audit reports.

#broad-capability#development#securitySecurity & Compliance

Chain

Auditing skill/plugin/MCP supply chains. Treats SKILL.md, bundled scripts, MCP server defs, hooks, and `.claude/` config as third-party software. Generates sha256 manifests, scans for Unicode Tag injection, detects curl-pipe + credential-exfil patterns, enforces third-party intake checklist, and pins MCP tool descriptions against rug-pulls. Use when auditing skill/MCP supply chain. Not for app SAST (Sentinel), CI/CD (Gear/Pipe), hook design (Latch), SKILL.md format (Gauge), or runtime exploit (Probe).

#broad-capability#development#securitySecurity & Compliance

Ciso Advisor

Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.

#work-life#productivity#businessSecurity & Compliance

Clause

Reviewing legal documents for Terms of Service, Privacy Policy, and Tokushoho compliance. Detects clause gaps, flags risks, and aligns regulatory requirements. Don't use when legal advice is needed — consult a lawyer.

#broad-capability#development#securitySecurity & Compliance

Clearance

Trademark clearance first pass — knockout + similar-marks check producing a flag list, not a clearance opinion. Use when a new mark is proposed, when asked whether a mark is available or to run a knockout search, or when assessing likelihood-of-confusion factors before a full professional search. This skill never concludes a mark is clear.

#legal#contracts#ndaSecurity & Compliance

Cloak

Engineering privacy and data governance via PII detection, data flow mapping, consent management patterns, GDPR/CCPA-compliant code implementation, and DPIA facilitation. Use when privacy-by-design implementation is needed.

#broad-capability#development#securitySecurity & Compliance

Cloud Network Security

Manage Serverless network security (traffic filters): create, update, and delete IP filters and AWS PrivateLink VPC filters. Use when restricting network access or configuring private connectivity.

#elastic#elasticsearch#kibanaSecurity & Compliance

Codeql

Comprehensive guide for setting up and configuring CodeQL code scanning via GitHub Actions workflows and the CodeQL CLI. This skill should be used when users need help with code scanning configuration, CodeQL workflow files, CodeQL CLI commands, SARIF output, security analysis setup, or troubleshooting CodeQL analysis.

#github-copilot#application#securitySecurity & Compliance

Cold Start Interview

Cold-start interview — builds your watchlist, indexes the policy library, and learns your materiality threshold so the monitor surfaces signal instead of noise. Use on fresh install, when reconfiguring (--redo), or when re-checking what connectors are actually responding (--check-integrations).

#legal#contracts#ndaSecurity & Compliance

Cold Start Interview

Run the cold-start interview to learn your IP practice and write your practice profile. Use on first install when the practice profile is missing or still contains placeholders, when re-onboarding with --redo, or when re-probing integrations with --check-integrations after connecting or disconnecting an MCP. This is the ONLY skill that should run on a fresh install.

#legal#contracts#ndaSecurity & Compliance

Cold Start Interview

Run the cold-start interview — learns your AI governance practice and writes `~/.claude/plugins/config/claude-for-legal/ai-governance-legal/CLAUDE.md` from your AI policy, a reference impact assessment, and key vendor AI agreements. Use when the practice profile is missing or contains `[PLACEHOLDER]` markers, or when user says "set up ai governance plugin", "onboard me", "configure ai governance".

#legal#contracts#ndaSecurity & Compliance

Collecting Indicators Of Compromise

Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security incidents to enable detection, blocking, and threat intelligence sharing. Covers network, host, email, and behavioral indicators using STIX/TAXII formats and threat intelligence platforms. Activates for requests involving IOC collection, indicator extraction, threat indicator sharing, compromise indicators, STIX export, or IOC enrichment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Collecting Open Source Intelligence

Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and attack campaigns using publicly available data sources, passive reconnaissance tools, and dark web monitoring. Use when investigating external threat actor infrastructure, performing pre-engagement reconnaissance for authorized red team assessments, or enriching CTI reports with publicly available adversary context. Activates for requests involving Maltego, Shodan, OSINT framework, SpiderFoot, or infrastructure reconnaissance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Collecting Threat Intelligence With Misp

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Collecting Volatile Evidence From Compromised Host

Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory, network connections, processes, and system state before they are lost.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Compliance Check

Run a compliance check on a proposed action, product feature, or business initiative, surfacing applicable regulations, required approvals, and risk areas. Use when launching a feature that touches personal data, when marketing or product proposes something with regulatory implications, or when you need to know which approvals and jurisdictional requirements apply before proceeding.

#work-life#productivity#knowledge-workSecurity & Compliance

Compliance Mapping

Maps accessibility audit results to legal/regulatory frameworks — Section 508, EN 301 549, EAA, ADA, AODA. Generates VPAT 2.5 conformance tables and identifies non-WCAG requirements.

#broad-capability#accessibility#a11ySecurity & Compliance

Conducting API Security Testing

Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Cloud Incident Response

Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment, cloud-native log analysis, resource isolation, and forensic evidence acquisition adapted for ephemeral cloud infrastructure. Activates for requests involving cloud incident response, AWS security incident, Azure compromise, GCP breach, cloud forensics, or cloud identity compromise.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Cloud Penetration Testing

This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Domain Persistence With Dcsync

Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting External Reconnaissance With Osint

Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization's external attack surface without directly interacting with target systems. The tester gathers information from public sources including DNS records, certificate transparency logs, search engines, social media, code repositories, and data breach databases to build a comprehensive target profile. Activates for requests involving OSINT reconnaissance, external footprinting, attack surface mapping, or passive information gathering.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Full Scope Red Team Engagement

Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Internal Network Penetration Test

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify lateral movement paths, privilege escalation vectors, and sensitive data exposure within the corporate network.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Internal Reconnaissance With Bloodhound Ce

Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify privilege escalation chains, and discover misconfigurations in domain environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Malware Incident Response

Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection vectors, assessing spread, and executing eradication procedures. Covers the full lifecycle from detection through containment, analysis, removal, and recovery. Activates for requests involving malware response, malware eradication, trojan removal, worm containment, malware triage, or infected endpoint remediation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Man In The Middle Attack Simulation

Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept, analyze, and modify network traffic for testing encryption enforcement, certificate validation, and detection capabilities.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Memory Forensics With Volatility

Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection, network connections, and credential theft from RAM dumps captured during incident response. Covers memory acquisition, process analysis, DLL inspection, and malware detection. Activates for requests involving memory forensics, RAM analysis, Volatility framework, memory dump investigation, volatile evidence analysis, or live memory acquisition.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Mobile App Penetration Test

Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Network Penetration Test

Conducts comprehensive network penetration tests against authorized target environments by performing host discovery, port scanning, service enumeration, vulnerability identification, and controlled exploitation to assess the security posture of network infrastructure. The tester follows PTES methodology from reconnaissance through post-exploitation and reporting. Activates for requests involving network pentest, infrastructure security assessment, internal network testing, or external perimeter testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Pass The Ticket Attack

Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Phishing Incident Response

Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise, quarantining malicious messages across the organization, and remediating affected accounts. Covers email header analysis, URL/attachment sandboxing, and mailbox-wide purge operations. Activates for requests involving phishing response, email incident, credential phishing, spear phishing investigation, or phishing remediation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Post Incident Lessons Learned

Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce actionable recommendations to improve future incident response.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Social Engineering Penetration Test

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Social Engineering Pretext Call

Plan and execute authorized vishing (voice phishing) pretext calls to assess employee susceptibility to social engineering and evaluate security awareness controls.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Spearphishing Simulation Campaign

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Conducting Wireless Network Penetration Test

Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing for weak encryption protocols, captive portal bypasses, evil twin attacks, WPA2/WPA3 handshake capture, rogue access point detection, and client-side attacks. The tester evaluates wireless authentication, network segmentation, and the effectiveness of wireless intrusion detection systems. Activates for requests involving wireless pentest, WiFi security assessment, WPA2/WPA3 testing, or rogue access point detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring AWS Verified Access For Ztna

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Host Based Intrusion Detection

Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and configuration changes for security violations. Use when deploying OSSEC, Wazuh, or AIDE for endpoint monitoring, building file integrity monitoring (FIM) policies, or meeting compliance requirements for change detection. Activates for requests involving HIDS configuration, file integrity monitoring, OSSEC/Wazuh deployment, or host-based detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Identity Aware Proxy With Google Iap

Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Microsegmentation For Zero Trust

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like VMware NSX, Illumio, and Calico, preventing lateral movement in zero trust architectures.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Multi Factor Authentication With Duo

Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Network Segmentation With Vlans

Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce access control between segments, and reduce the attack surface by limiting lateral movement paths in enterprise network environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Oauth2 Authorization Flow

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Pfsense Firewall Rules

Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation, control traffic flow, and protect internal network zones in enterprise and small-to-medium business environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Snort Ids For Intrusion Detection

Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious activity using custom and community rulesets, preprocessors, and alert output plugins on authorized network segments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Suricata For Network Monitoring

Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for real-time network traffic inspection, threat detection, and integration with SIEM platforms for centralized security monitoring.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Tls 1 3 For Secure Communications

TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements over TLS 1.2 in both security and performance. It reduces handshake latency to 1-R

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Windows Defender Advanced Settings

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Windows Event Logging For Detection

Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for threat detection and forensic investigation. Use when enabling audit policies for logon events, process creation, privilege use, and object access to feed SIEM detection rules. Activates for requests involving Windows audit policy, event log configuration, security logging, or detection-oriented logging.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Configuring Zscaler Private Access For Ztna

Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying App Connectors, defining application segments, configuring access policies based on user identity and device posture, and integrating with IdPs.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Containing Active Breach

Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed security breach. Implements short-term and long-term containment using network segmentation, endpoint isolation, credential revocation, and access control modifications. Activates for requests involving breach containment, lateral movement prevention, network isolation, active threat containment, or live incident response.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Contract Review

Analyze contracts for risks, check completeness, and provide actionable recommendations. Supports employment contracts, NDAs, service agreements, and more.

#work-life#office#productivitySecurity & Compliance

Correlating Security Events In Qradar

Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks, and offense management to detect multi-stage attacks across network, endpoint, and application log sources. Use when SOC analysts need to investigate QRadar offenses, build correlation rules, or tune detection logic for reducing false positives.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Correlating Threat Campaigns

Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify unified threat campaigns, attribute them to common threat actors, and extract shared indicators for improved detection. Use when multiple incidents exhibit overlapping indicators, when sector-wide attack campaigns require cross-organizational analysis, or when building campaign-level intelligence products. Activates for requests involving campaign analysis, incident clustering, cross-organizational IOC correlation, or MISP correlation engine.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Credentials

Centralized API key management from Access.txt

#claude-bootstrap#bootstrap#secretsSecurity & Compliance

Crypt

Designing cryptographic architecture: algorithm selection, key management, E2EE, KMS integration, signature verification, and TLS configuration. Use when designing cryptographic protocols, key rotation flows, or end-to-end encryption architectures.

#broad-capability#development#securitySecurity & Compliance

Data Breach Blast Radius

Pre-breach impact analysis: inventories sensitive data (PII, PHI, PCI-DSS, credentials), traces data flows, scores exposure vectors, and produces a regulatory blast radius report with fine ranges sourced verbatim from GDPR Art. 83, CCPA § 1798.155(a), and HIPAA 45 CFR § 160.404. Cost benchmarks from IBM Cost of a Data Breach Report (annually updated). All citations in references/SOURCES.md for verification. Use when asked: "assess breach impact", "what data could be exposed", "calculate blast radius", "data exposure analysis", "how bad would a breach be", "quantify data risk", "sensitive data inventory", "data flow security audit", "pre-breach assessment", "worst-case breach scenario", "breach readiness", "data risk report", "/data-breach-blast-radius". For any stack handling user data, health records, or financial information. Output labels law-sourced figures (exact) vs heuristic estimates (planning only). Does not replace legal counsel.

#github-copilot#incident#responseSecurity & Compliance

Defender Scout KQL

Generates, validates, and optimizes KQL queries for Microsoft Defender XDR Advanced Hunting across Endpoint, Identity, Office 365, Cloud Apps, and Identity.

#github-copilot#security#monitoringSecurity & Compliance

Deobfuscating Javascript Malware

Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing encoding layers, eval chains, string manipulation, and control flow obfuscation to reveal the original malicious logic. Activates for requests involving JavaScript malware analysis, script deobfuscation, web skimmer analysis, or obfuscated dropper investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Deobfuscating Powershell Obfuscated Malware

Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like PSDecode and PowerDecode to reveal hidden payloads and C2 infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Dependency Track

Comprehensive guide for Dependency-Track - Software Composition Analysis (SCA) and SBOM management platform. USE WHEN deploying Dependency-Track, integrating with CI/CD pipelines, configuring vulnerability scanning, managing SBOMs, setting up policy compliance, troubleshooting installation issues, or working with the REST API.

#broad-capability#devops#azureSecurity & Compliance

Deploying Active Directory Honeytokens

Deploys deception-based honeytokens in Active Directory including fake privileged accounts with AdminCount=1, fake SPNs for Kerberoasting detection (honeyroasting), decoy GPOs with cpassword traps, and fake BloodHound paths. Monitors Windows Security Event IDs 4769, 4625, 4662, 5136 for honeytoken interaction. Use when implementing AD deception defenses for detecting lateral movement, credential theft, and reconnaissance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance