Skip to content

Security & Compliance Skills

838 curated security and compliance skills for AI coding agents. Access control, vulnerability scanning, compliance audit - all license-verified.

Implementing Scim Provisioning With Okta

Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Secret Scanning With Gitleaks

This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories. It addresses configuring pre-commit hooks, CI/CD pipeline integration, custom rule authoring for organization-specific secrets, baseline management for existing repositories, and remediation workflows for exposed credentials.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Secrets Management With Vault

This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including dynamic secret generation for databases and cloud providers, transit encryption, PKI certificate management, and Kubernetes integration. It addresses eliminating hardcoded credentials from application code and CI/CD pipelines by implementing short-lived, automatically rotated secrets.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Secrets Scanning In CI CD

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Security Chaos Engineering

Implements security chaos engineering experiments that deliberately disable or degrade security controls to verify detection and response capabilities. Tests WAF bypass, firewall rule removal, log pipeline disruption, and EDR disablement scenarios using boto3 and subprocess. Use when validating SOC detection coverage and resilience.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Security Information Sharing With Stix2

Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators, malware, campaigns, relationships, bundles, and TAXII 2.1 publishing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Security Monitoring With Datadog

Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection to detect threats, enforce compliance, and respond to security events across cloud and hybrid infrastructure. Covers Agent deployment, log source ingestion, detection rule creation, security dashboards, and automated notification workflows. Activates for requests involving Datadog security setup, Cloud SIEM configuration, CSM threat detection, or security monitoring dashboards.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Siem Correlation Rules For Apt

Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events, process execution telemetry, and network connection logs across hosts. Uses Splunk SPL and Sigma rule format to correlate Event IDs 4624, 4648, 4688, and Sysmon Events 1/3 within sliding time windows to surface attack sequences invisible to single-event detections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Siem Use Cases For Detection

Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics mapped to MITRE ATT&CK techniques across Splunk, Elastic, and Sentinel. Use when SOC teams need to expand detection coverage, formalize use case lifecycle management, or build a detection library aligned to organizational threat profile.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Siem Use Case Tuning

Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Sigstore For Software Signing

Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency log verification, and Fulcio certificate authority integration to establish cryptographic provenance for container images, binaries, and software artifacts. The practitioner configures OIDC-based identity binding, verifies signing events against the Rekor transparency log, and integrates signing workflows into CI/CD pipelines. Activates for requests involving software supply chain signing, keyless container signing, Sigstore deployment, or artifact provenance verification.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Soar Automation With Phantom

Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom) to automate alert triage, IOC enrichment, containment actions, and incident response playbooks. Use when SOC teams need to reduce manual analyst work, standardize response procedures, or integrate multiple security tools into automated workflows.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Soar Playbook With Palo Alto Xsoar

Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC tools and reduce manual response time.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Stix Taxii Feed Integration

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Supply Chain Security With In Toto

Implement software supply chain integrity verification for container builds using the in-toto framework to create cryptographically signed attestations across CI/CD pipeline steps.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Syslog Centralization With Rsyslog

Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates server and client configuration files with GnuTLS stream drivers, x509 certificate authentication, per-host log segregation, and reliable queue settings for high-availability syslog infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Taxii Server With Opentaxii

Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using the TAXII 2.1 protocol for automated indicator exchange between organizations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Threat Intelligence Lifecycle Management

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis, dissemination, and feedback stages to produce actionable intelligence for organizational decision-making.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Threat Modeling With Mitre Attack

Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets, assess detection coverage gaps, and prioritize defensive investments. Use when SOC teams need to align detection engineering with threat landscape, conduct threat assessments for new environments, or justify security tool procurement.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Ticketing System For Incidents

Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for structured incident tracking, SLA management, escalation workflows, and compliance documentation. Use when SOC teams need formalized incident lifecycle management with automated ticket creation, assignment routing, and resolution tracking.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Usb Device Control Policy

Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Velociraptor For Ir Collection

Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response using VQL queries, hunts, and pre-built artifact packs across Windows, Linux, and macOS environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Vulnerability Management With Greenbone

Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Vulnerability Remediation Sla

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Vulnerability Sla Breach Alerting

Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Web Application Logging With Modsecurity

Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false positives, analyze audit logs for attack detection, and implement custom SecRules for application-specific threats. The analyst configures SecRuleEngine, SecAuditEngine, and CRS paranoia levels to balance security coverage with operational stability. Activates for requests involving WAF configuration, ModSecurity rule tuning, web application audit logging, or CRS deployment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Knowledge Proof For Authentication

Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Trust DNS With Nextdns

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Trust For SaaS Applications

Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies, OAuth app governance, and session controls to enforce identity verification, device compliance, and data protection for cloud-hosted services.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Trust In Cloud

This skill guides organizations through implementing zero trust architecture in cloud environments following NIST SP 800-207 and Google BeyondCorp principles. It covers identity-centric access controls, micro-segmentation, continuous verification, device trust assessment, and deploying Identity-Aware Proxy to eliminate implicit network trust in AWS, Azure, and GCP environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Trust Network Access

Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation, continuous verification with conditional access policies, and replacing traditional VPN-based access with BeyondCorp-style architectures across AWS, Azure, and GCP.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Trust Network Access With Zscaler

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based, context-aware access to private applications through the Zscaler Zero Trust Exchange.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Implementing Zero Trust With Hashicorp Boundary

Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential brokering, session recording, and Vault integration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Integrating Dast With Owasp Zap In Pipeline

This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Integrating Sast Into GitHub Actions Pipeline

This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub Actions CI/CD pipelines. It addresses configuring automated code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results to GitHub Advanced Security, and establishing quality gates that block merges when high-severity vulnerabilities are detected.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Intercepting Mobile Traffic With Burpsuite

Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure API communications, authentication flaws, data leakage, and server-side vulnerabilities. Use when performing mobile application penetration testing, assessing API security, or evaluating client-server communication patterns. Activates for requests involving mobile traffic interception, Burp Suite mobile proxy, API security testing, or mobile HTTPS analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Investigating Insider Threat Indicators

Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy violations, and pre-departure behaviors using SIEM analytics, DLP alerts, and HR data correlation. Use when SOC teams receive insider threat referrals from HR, detect anomalous data movement by employees, or need to build investigation timelines for potential insider threats.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Investigating Phishing Email Incident

Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation, impacted user identification, and containment actions using SOC tools like Splunk, Microsoft Defender, and sandbox analysis platforms. Use when a reported phishing email requires full incident investigation to determine scope and impact.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Investigating Ransomware Attack Artifacts

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption scope, and recovery options.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Ip Clause Review

Review the IP clauses in an agreement — assignment, ownership, license grants, warranties, indemnities. Use when reviewing IP terms in employment, consulting, SOW, vendor, or licensing agreements, when asked to check the assignment language or license scope, or when an agreement with IP provisions is pasted or attached.

#legal#contracts#ndaSecurity & Compliance

Iso 13485 Certification

Comprehensive toolkit for preparing ISO 13485 certification documentation for medical device Quality Management Systems. Use when users need help with ISO 13485 QMS documentation, including (1) conducting gap analysis of existing documentation, (2) creating Quality Manuals, (3) developing required procedures and work instructions, (4) preparing Medical Device Files, (5) understanding ISO 13485 requirements, or (6) identifying missing documentation for medical device certification. Also use when users mention medical device regulations, QMS certification, FDA QMSR, EU MDR, or need help with quality system documentation.

#broad-capability#creative#complianceSecurity & Compliance

K8s Security Policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

#broad-capability#engineering#agent-skillsSecurity & Compliance

Kibana Audit

Enable and configure Kibana audit logging for saved object access, logins, and space operations. Use when setting up Kibana audit, filtering events, or correlating Kibana and ES audit logs.

#elastic#elasticsearch#kibanaSecurity & Compliance

Legal Response

Generate a response to a common legal inquiry using configured templates, with built-in escalation checks for situations that shouldn't use a templated reply. Use when responding to data subject requests, litigation hold notices, vendor legal questions, NDA requests from business teams, or subpoenas.

#work-life#productivity#knowledge-workSecurity & Compliance

Legal Risk Assessment

Assess and classify legal risks using a severity-by-likelihood framework with escalation criteria. Use when evaluating contract risk, assessing deal exposure, classifying issues by severity, or determining whether a matter needs senior counsel or outside legal review.

#work-life#productivity#knowledge-workSecurity & Compliance

Legal Super Skill

Comprehensive legal operations skill merging Perplexity Computer's 6 legal skills with Claude Code's writing, communications, and planning skills. Covers contract review, NDA triage, compliance (GDPR/CCPA), risk assessment, meeting briefings, canned responses, legal writing, internal communications, and structured planning. Use for contract analysis, NDA screening, compliance reviews, risk assessments, legal meeting prep, response drafting, or any legal operations work.

#legal#contracts#ndaSecurity & Compliance

Llamaguard

Meta's 7-8B specialized moderation model for LLM input/output filtering. 6 safety categories - violence/hate, sexual content, weapons, substances, self-harm, criminal planning. 94-95% accuracy. Deploy with vLLM, HuggingFace, Sagemaker. Integrates with NeMo Guardrails.

#broad-capability#ai-research#machine-learningSecurity & Compliance

Ln 621 Security Boundary Auditor

Checks application security boundaries: secrets, injection, XSS, input validation, and sensitive env defaults. Use when auditing exploitable code paths.

#agile-workflow#code-review#networkSecurity & Compliance

Ln 760 Security Setup

Sets up security scanning for secrets and dependency vulnerabilities. Use when adding security infrastructure to a project.

#agile-workflow#code-review#vulnerabilitySecurity & Compliance

Ln 761 Secret Scanner

Scans codebase for hardcoded secrets with severity classification and remediation guidance. Use when auditing a project for leaked credentials.

#agile-workflow#code-review#secretsSecurity & Compliance

Managing Cloud Identity With Okta

This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO integration with AWS, Azure, and GCP, deploying phishing- resistant MFA with Okta FastPass, managing lifecycle automation for user provisioning and deprovisioning, and enforcing adaptive access policies based on device posture and risk signals.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Managing Intelligence Lifecycle

Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing, analysis, dissemination, and feedback to ensure intelligence products meet stakeholder requirements and continuously improve. Use when establishing or maturing a CTI program, defining intelligence requirements with business stakeholders, or building feedback loops between intelligence consumers and producers. Activates for requests involving CTI program maturity, intelligence requirements, PIRs, or intelligence lifecycle management.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Mapping Mitre Attack Techniques

Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

MCP Security Audit

Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]

#github-copilot#complianceSecurity & Compliance

Memory Forensics

Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analyzing memory dumps, investigating incidents, or performing malware analysis from RAM captures.

#broad-capability#engineering#agent-skillsSecurity & Compliance

Monitoring Darkweb Sources

Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational assets, leaked credentials, threatened attacks, and threat actor communications to provide early warning intelligence. Use when establishing dark web monitoring coverage, investigating specific data breach claims, or enriching incident investigations with dark web context. Activates for requests involving dark web OSINT, leak site monitoring, credential exposure, Recorded Future dark web, or Tor hidden service intelligence.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Monitoring Scada Modbus Traffic Anomalies

Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous function code usage, unauthorized register writes, and suspicious communication patterns. The analyst uses deep packet inspection with pymodbus, Scapy, and Zeek to baseline normal PLC/RTU communication behavior, then applies statistical and rule-based anomaly detection to identify reconnaissance, parameter manipulation, and denial-of-service attacks targeting Modbus devices on port 502. Activates for requests involving Modbus traffic analysis, SCADA network monitoring, ICS anomaly detection, PLC security monitoring, or OT network threat detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Nemo Guardrails

NVIDIA's runtime safety framework for LLM applications. Features jailbreak detection, input/output validation, fact-checking, hallucination detection, PII filtering, toxicity detection. Uses Colang 2.0 DSL for programmable rails. Production-ready, runs on T4 GPU.

#broad-capability#ai-research#machine-learningSecurity & Compliance

OAuth

Implements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token rotation, JWT validation, and token introspection/revocation endpoints. Use when setting up authentication, authorization, login flows, access tokens, API security, or securing Fastify routes with OAuth; also applies when troubleshooting token validation errors, mismatched redirect URIs, CSRF issues, scope problems, or RFC 6749/6750/7636/8252/8628 compliance questions.

#nodejs#identity#accessSecurity & Compliance

Openclaw Ghsa Maintainer

Inspect, patch, validate, publish, or confirm OpenClaw GHSA security advisories and private-fork state.

#vulnerability#managementSecurity & Compliance

Oss Forensics

Supply chain investigation, evidence recovery, and forensic analysis for GitHub repositories. Covers deleted commit recovery, force-push detection, IOC extraction, multi-source evidence collection, hypothesis formation/validation, and structured forensic reporting. Inspired by RAPTOR's 1800+ line OSS Forensics system.

#broad-capability#development#creativeSecurity & Compliance

Patent Novelty Check

Assess patent novelty and non-obviousness against prior art. Use when user says "专利查新", "patent novelty", "可专利性评估", "patentability check", or wants to evaluate if an invention is patentable.

#broad-capability#wanshuiyin-aris#ml-researchSecurity & Compliance

Performing Access Recertification With Saviynt

Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user entitlements, revoke excessive access, and maintain compliance with SOX, SOC2, and HIPAA.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Access Review And Certification

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Active Directory Bloodhound Analysis

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised users to Domain Admin.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Active Directory Compromise Investigation

Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy changes, and Kerberos ticket anomalies to identify attacker persistence and lateral movement paths.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Active Directory Forest Trust Attack

Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Active Directory Penetration Test

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Active Directory Vulnerability Assessment

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations, privilege escalation paths, and attack vectors.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Adversary In The Middle Phishing Detection

Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Agentless Vulnerability Scanning

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and API-based discovery to assess systems without installing endpoint agents.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing AI Driven Osint Correlation

Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources—username enumeration, email lookups, social media profiles, domain records, breach databases, and dark-web mentions—into unified intelligence profiles with confidence scoring and link analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Alert Triage With Elastic Siem

Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security alerts for SOC operations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Android App Static Analysis With Mobsf

Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify hardcoded secrets, insecure permissions, vulnerable components, weak cryptography, and code-level security flaws without executing the application. Use when assessing Android APK/AAB files for security vulnerabilities before deployment, during penetration testing, or as part of CI/CD security gates. Activates for requests involving Android static analysis, MobSF scanning, APK security assessment, or mobile application code review.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing API Fuzzing With Restler

Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences that exercise API endpoints, discover producer-consumer dependencies between requests, and find security and reliability bugs. The tester compiles an OpenAPI specification into a RESTler fuzzing grammar, configures authentication, runs test/fuzz-lean/fuzz modes, and analyzes results for 500 errors, authentication bypasses, resource leaks, and payload injection vulnerabilities. Activates for requests involving API fuzzing, RESTler testing, stateful API testing, or automated API security scanning.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing API Inventory And Discovery

Performs API inventory and discovery to identify all API endpoints in an organization's environment including documented, undocumented, shadow, zombie, and deprecated APIs. The tester uses passive traffic analysis, active scanning, DNS enumeration, JavaScript analysis, and cloud resource inventory to build a comprehensive API catalog. Maps to OWASP API9:2023 Improper Inventory Management. Activates for requests involving API discovery, shadow API detection, API inventory audit, or attack surface mapping.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing API Rate Limiting Bypass

Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses, HTTP methods, API versions, and encoding schemes to circumvent request throttling controls. The tester identifies rate limit headers, determines enforcement mechanisms, and attempts bypasses including X-Forwarded-For spoofing, parameter pollution, case variation, and endpoint path manipulation. Maps to OWASP API4:2023 Unrestricted Resource Consumption. Activates for requests involving rate limit bypass, API throttling evasion, brute force protection testing, or API abuse prevention assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing API Security Testing With Postman

Uses Postman to perform structured API security testing by building collections that test for OWASP API Security Top 10 vulnerabilities including authentication bypass, authorization flaws, injection, and data exposure. The tester creates environments with multiple user roles, writes test scripts for automated security validation, and integrates Postman with OWASP ZAP and Newman for CI/CD security testing. Activates for requests involving Postman security testing, API security collection, automated API testing, or OWASP API testing with Postman.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Arp Spoofing Attack Simulation

Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy to demonstrate man-in-the-middle risks, test network detection capabilities, and validate ARP inspection countermeasures.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Asset Criticality Scoring For Vulns

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based on business impact, data sensitivity, and operational importance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Authenticated Scan With Openvas

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Authenticated Vulnerability Scan

Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Automated Malware Analysis With Cape

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction, configuration parsing, and anti-evasion capabilities.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing AWS Account Enumeration With Scout Suite

Perform comprehensive security posture assessment of AWS accounts using ScoutSuite to enumerate resources, identify misconfigurations, and generate actionable security reports.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing AWS Privilege Escalation Assessment

Performing authorized privilege escalation assessments in AWS environments to identify IAM misconfigurations that allow users or roles to elevate their permissions using Pacu, CloudFox, Principal Mapper, and manual IAM policy analysis techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Bandwidth Throttling Attack Simulation

Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments to test quality-of-service controls, application resilience, and network monitoring detection of traffic manipulation attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Binary Exploitation Analysis

Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library. Covers checksec analysis, gadget discovery with ROPgadget, and exploit development for CTF and authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Blind Ssrf Exploitation

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Bluetooth Security Assessment

Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Brand Monitoring For Impersonation

Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect phishing campaigns, fake sites, and unauthorized brand usage targeting your organization.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Clickjacking Attack Test

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting proof-of-concept overlay attacks during authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Asset Inventory With Cartography

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security graph of infrastructure assets, IAM permissions, and attack paths across AWS, GCP, and Azure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Forensics Investigation

Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Forensics With AWS Cloudtrail

Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Incident Containment Procedures

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking credentials, preserving forensic evidence, and applying security group restrictions to prevent lateral movement.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Log Forensics With Athena

Uses AWS Athena to query CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs for forensic investigation. Covers CREATE TABLE DDL with partition projection, forensic SQL queries for detecting unauthorized access, data exfiltration, lateral movement, and privilege escalation. Use when investigating AWS security incidents or building cloud-native forensic workflows at scale.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Native Forensics With Falco

Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell spawns, file tampering, network anomalies, and privilege escalation. Manages Falco rules via the Falco gRPC API and parses Falco alert output. Use when building container runtime security or investigating k8s cluster compromises.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Native Threat Hunting With AWS Detective

Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty finding correlation, and automated entity profiling across IAM users, EC2 instances, and IP addresses.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Penetration Testing With Pacu

Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate IAM configurations, discover privilege escalation paths, test credential harvesting, and validate security controls through systematic attack simulation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cloud Storage Forensic Acquisition

Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox, and Box by collecting both API-based remote data and local sync client artifacts from endpoint devices.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance