Skip to content

Security & Compliance Skills

838 curated security and compliance skills for AI coding agents. Access control, vulnerability scanning, compliance audit - all license-verified.

Performing Container Escape Detection

Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous capability assignments, and host path mounts using the kubernetes Python client. Identifies CVE-2022-0492 style escapes via cgroup abuse. Use when auditing container security posture or investigating escape attempts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Container Image Hardening

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Content Security Policy Bypass

Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations, JSONP endpoints, unsafe directives, and policy injection techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Credential Access With Lazagne

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords from browsers, databases, system vaults, and applications during authorized red team operations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cryptographic Audit Of Application

A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Csrf Attack Simulation

Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Cve Prioritization With Kev Catalog

Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation based on real-world exploitation evidence.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Dark Web Monitoring For Threats

Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Deception Technology Deployment

Deploys deception technology including honeypots, honeytokens, and decoy systems to detect attackers who have bypassed perimeter defenses, providing high-fidelity alerts with near-zero false positive rates. Use when SOC teams need early warning of lateral movement, credential abuse, or internal reconnaissance by deploying convincing traps across the network.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Directory Traversal Testing

Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on the server by manipulating file path parameters.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Disk Forensics Investigation

Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and timeline reconstruction to support incident response cases. Utilizes tools such as FTK Imager, Autopsy, and The Sleuth Kit for evidence acquisition, deleted file recovery, and artifact examination. Activates for requests involving disk forensics, hard drive analysis, forensic imaging, file recovery, evidence acquisition, or digital forensic investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Dmarc Policy Enforcement Rollout

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing DNS Enumeration And Zone Transfer

Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during authorized reconnaissance to identify attack surface, misconfigurations, and information disclosure in target domains.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing DNS Tunneling Detection

Detects DNS tunneling by computing Shannon entropy of DNS query names, analyzing query length distributions, inspecting TXT record payloads, and identifying high subdomain cardinality. Uses scapy for packet capture analysis and statistical methods to distinguish legitimate DNS from covert channels. Use when hunting for data exfiltration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Docker Bench Security Assessment

Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Dynamic Analysis Of Android App

Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to observe application behavior during execution, intercept function calls, modify runtime values, and identify vulnerabilities that static analysis misses. Use when testing Android apps for runtime security flaws, hooking sensitive methods, bypassing client-side protections, or analyzing obfuscated applications. Activates for requests involving Android dynamic analysis, runtime hooking, Frida Android instrumentation, or live app behavior analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Dynamic Analysis With Any Run

Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution behavior, interact with malware prompts, and capture process trees, network traffic, and system changes. Activates for requests involving interactive sandbox analysis, cloud-based malware detonation, real-time behavioral observation, or ANY.RUN usage.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Endpoint Forensics Investigation

Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging, artifact analysis, and timeline reconstruction. Use when investigating security incidents, collecting evidence for legal proceedings, or analyzing endpoint compromise scope. Activates for requests involving endpoint forensics, memory analysis, disk forensics, or incident investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Endpoint Vulnerability Remediation

Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches, applying configuration changes, and validating fixes. Use when remediating findings from vulnerability scans, responding to critical CVE advisories, or maintaining endpoint compliance with patch management SLAs. Activates for requests involving vulnerability remediation, CVE patching, endpoint vulnerability management, or security fix deployment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Entitlement Review With Sailpoint Iiq

Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager certifications, targeted entitlement reviews, role-based access validation, SOD violation remediation, and automated revocation workflows. Activates for requests involving access reviews, entitlement certifications, SailPoint IIQ governance, or periodic user access recertification.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing External Network Penetration Test

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure using PTES methodology, reconnaissance, scanning, exploitation, and reporting.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing False Positive Reduction In Siem

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement, and threat intelligence enrichment to combat alert fatigue.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing File Carving With Foremost

Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Firmware Extraction With Binwalk

Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives, bootloaders, kernel images, and cryptographic material. Covers entropy analysis for detecting encrypted or compressed regions, recursive extraction of nested archives, SquashFS/CramFS/JFFS2 filesystem mounting, and string analysis for credential and configuration discovery. Activates for requests involving firmware reverse engineering, IoT device analysis, embedded system security assessment, or router/camera firmware extraction.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Firmware Malware Analysis

Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers, IoT devices, UEFI/BIOS, and embedded systems. Covers firmware extraction, filesystem analysis, binary reverse engineering, and bootkit detection. Activates for requests involving firmware security analysis, IoT malware investigation, UEFI rootkit detection, or embedded device compromise assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Fuzzing With Aflplusplus

Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover memory corruption, crashes, and security vulnerabilities. The tester instruments target binaries with afl-cc/afl-clang-fast, manages input corpora with afl-cmin and afl-tmin, runs parallel fuzzing campaigns with afl-fuzz, and triages crashes using CASR or GDB scripts. Activates for requests involving binary fuzzing, crash discovery, coverage-guided testing, or AFL++ fuzzing campaigns.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GCP Penetration Testing With Gcpbucketbrute

Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation path analysis, and service account permission auditing

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GCP Security Assessment With Forseti

Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security, Security Command Center, and gcloud CLI to audit IAM policies, firewall rules, storage permissions, and compliance against CIS GCP Foundations Benchmark.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GraphQL Depth Limit Attack

Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service vulnerabilities in GraphQL APIs.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GraphQL Introspection Attack

Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GraphQL Security Assessment

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Hardware Security Module Integration

Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing operations, and secure key storage with python-pkcs11, AWS CloudHSM, and YubiHSM2.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Hash Cracking With Hashcat

Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing HTTP Parameter Pollution Attack

Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting duplicate parameters that are processed differently by front-end and back-end systems.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ics Asset Discovery With Claroty

Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty Edge active queries, and integration ecosystem to gain full visibility into industrial control system assets including PLCs, RTUs, HMIs, and network infrastructure across Purdue Model levels.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Indicator Lifecycle Management

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Initial Access With Evilginx3

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session tokens and bypass multi-factor authentication during red team engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Insider Threat Investigation

Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized access to steal data, sabotage systems, or violate security policies. Combines digital forensics, user behavior analytics, and HR/legal coordination to build an evidence-based case. Activates for requests involving insider threat investigation, employee data theft, privilege misuse, user behavior anomaly, or internal threat detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ioc Enrichment Automation

Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan, MISP, and other intelligence sources to provide contextual scoring and disposition recommendations. Use when SOC analysts need rapid multi-source enrichment of IPs, domains, URLs, and file hashes during alert triage or incident investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing iOS App Security Assessment

Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection for runtime exploration, SSL pinning bypass for traffic interception, keychain extraction for credential analysis, and IPA static analysis for binary-level review. Use when conducting authorized iOS penetration tests, evaluating mobile app security posture against OWASP MASTG, or assessing iOS app data protection and transport security controls. Activates for requests involving iOS app pentesting, Frida-based iOS instrumentation, mobile app SSL pinning bypass, or IPA reverse engineering.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing IoT Security Assessment

Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces, firmware, network communications, cloud APIs, and companion mobile applications. The tester uses firmware extraction and analysis, hardware debugging via UART and JTAG, network protocol analysis, and runtime exploitation to identify vulnerabilities across all layers of the IoT stack. Activates for requests involving IoT security testing, embedded device assessment, firmware security analysis, or smart device penetration testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ip Reputation Analysis With Shodan

Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing JWT None Algorithm Attack

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kerberoasting Attack

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kubernetes Cis Benchmark With Kube Bench

Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kubernetes Etcd Security Assessment

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kubernetes Penetration Testing

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Lateral Movement Detection

Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Lateral Movement With Wmiexec

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket wmiexec.py, CrackMapExec, and native WMI commands for stealthy post-exploitation during red team engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Linux Log Forensics Investigation

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Log Analysis For Forensic Investigation

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Log Source Onboarding In Siem

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Hash Enrichment With Virustotal

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Ioc Extraction

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Persistence Investigation

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Triage With Yara

Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences, and structural characteristics against known malware families and suspicious indicators. Covers rule writing, scanning, and integration with analysis pipelines. Activates for requests involving YARA rule creation, malware classification, pattern matching, sample triage, or signature-based detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Memory Forensics With Volatility3

Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Memory Forensics With Volatility3 Plugins

Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Mobile App Certificate Pinning Bypass

Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception during authorized security assessments. Covers OkHttp, TrustManager, NSURLSession, and third-party pinning library bypass techniques using Frida, Objection, and custom scripts. Activates for requests involving certificate pinning bypass, SSL pinning defeat, mobile TLS interception, or proxy-resistant app testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Mobile Device Forensics With Cellebrite

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Network Forensics With Wireshark

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Network Traffic Analysis With Tshark

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Network Traffic Analysis With Zeek

Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Nist Csf Maturity Assessment

The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing OAuth Scope Minimization Review

Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Oil Gas Cybersecurity Assessment

This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream (exploration/production), midstream (pipeline/transport), and downstream (refining/distribution) operations. It addresses SCADA systems controlling pipeline operations, DCS for refinery process control, safety instrumented systems for hazardous processes, remote terminal units at unmanned wellhead sites, and compliance with API 1164, TSA Pipeline Security Directives, IEC 62443, and NIST Cybersecurity Framework for critical infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Open Source Intelligence Gathering

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ot Network Security Assessment

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ot Vulnerability Assessment With Claroty

This skill covers performing vulnerability assessments in OT environments using the Claroty xDome platform for comprehensive asset discovery, risk scoring, vulnerability correlation, and remediation prioritization. It addresses passive vulnerability identification through traffic analysis, active safe querying of OT devices, integration with CVE databases and ICS-CERT advisories, and risk-based prioritization that accounts for operational impact and compensating controls.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ot Vulnerability Scanning Safely

Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries, and carefully controlled active scanning with Tenable OT Security to identify vulnerabilities without disrupting industrial processes or crashing legacy controllers.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Packet Injection Attack

Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments to test firewall rules, IDS detection, protocol handling, and network stack resilience against malformed and spoofed traffic.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Phishing Simulation With Gophish

GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing pag

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Physical Intrusion Assessment

Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device deployment to evaluate facility security controls.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Plc Firmware Security Analysis

This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including hardcoded credentials, insecure update mechanisms, backdoor functions, memory corruption flaws, and undocumented debug interfaces. It addresses firmware extraction from common PLC platforms (Siemens S7, Allen-Bradley, Schneider Modicon), static analysis of firmware images, dynamic analysis in emulated environments, and comparison against known-good baselines to detect tampering.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Post Quantum Cryptography Migration

Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards. Performs cryptographic inventory scanning to identify quantum-vulnerable algorithms (RSA, ECDH, ECDSA), evaluates hybrid TLS configurations with X25519MLKEM768, and validates CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA) readiness. Implements crypto-agility assessment using oqs-provider for OpenSSL. Use when planning or executing the transition from classical to post-quantum cryptographic algorithms across enterprise infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Power Grid Cybersecurity Assessment

This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation facilities, transmission substations, distribution systems, and energy management system (EMS) control centers. It addresses NERC CIP compliance verification, substation automation security, IEC 61850 protocol analysis, synchrophasor (PMU) network security, and the unique threat landscape targeting power grid operations as demonstrated by Industroyer/CrashOverride and related attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Privileged Account Access Review

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Privilege Escalation Assessment

Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege access to root or SYSTEM-level control. The tester enumerates misconfigurations, vulnerable services, kernel exploits, SUID binaries, unquoted service paths, and credential stores to demonstrate the full impact of an initial compromise. Activates for requests involving privilege escalation testing, local exploitation, post-compromise escalation, or OS-level security assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Purple Team Atomic Testing

Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the ATT&CK matrix, and runs detection validation loops to measure blue team visibility. Covers Invoke-AtomicRedTeam PowerShell execution, ATT&CK Navigator layer generation for heatmaps, Sigma rule correlation, and continuous atomic testing pipelines. Activates for requests involving purple team exercises, atomic test execution, ATT&CK coverage assessment, detection engineering validation, or adversary emulation testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Purple Team Exercise

Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation using MITRE ATT&CK-mapped attack scenarios, real-time detection testing, and collaborative gap remediation. Use when SOC teams need to validate detection capabilities, improve analyst skills, and close detection gaps through structured offensive-defensive collaboration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ransomware Response

Executes a structured ransomware incident response from initial detection through containment, forensic analysis, decryption assessment, recovery, and post-incident hardening. Addresses ransom negotiation considerations, backup integrity verification, and regulatory notification requirements. Activates for requests involving ransomware response, ransomware recovery, crypto-ransomware, data encryption attack, ransom payment decision, or ransomware containment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ransomware Tabletop Exercise

Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making, and communication procedures. Designs realistic scenarios based on current ransomware threat actors (LockBit, ALPHV/BlackCat, Cl0p), injects covering double extortion, backup destruction, and regulatory notification requirements. Evaluates participant responses against NIST CSF and CISA guidelines. Activates for requests involving ransomware tabletop, incident response exercise, or ransomware readiness drill.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Red Team Phishing With Gophish

Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with tracking pixels, configures SMTP sending profiles, builds target groups from CSV, launches campaigns, and analyzes results including open rates, click rates, and credential submission statistics for security awareness assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing S7comm Protocol Security Analysis

Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities including replay attacks, integrity bypass, unauthorized CPU stop commands, and program download manipulation exploiting weaknesses in S7-300, S7-400, S7-1200, and S7-1500 controllers.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Scada Hmi Security Assessment

Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based HMIs, thin-client configurations, authentication mechanisms, and communication channels between HMI and PLCs, aligned with IEC 62443 and NIST SP 800-82 guidelines.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Sca Dependency Scanning With Snyk

This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Second Order SQL Injection

Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Security Headers Audit

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Serverless Function Security Review

Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions to identify overly permissive execution roles, insecure environment variables, injection vulnerabilities, and missing runtime protections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Service Account Audit

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Service Account Credential Rotation

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases to eliminate stale secrets and reduce compromise risk.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Soap Web Service Security Testing

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE, WS-Security bypass, and SOAPAction spoofing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Soc2 Type2 Audit Preparation

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Soc Tabletop Exercise

Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to test incident response procedures, communication workflows, and decision-making under pressure without impacting production systems. Use when organizations need to validate IR playbooks, train analysts, or meet compliance requirements for incident response testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Sqlite Database Forensics

Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing SSL Stripping Attack

Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test HSTS enforcement, certificate validation, and HTTPS upgrade mechanisms that protect users from downgrade attacks on encrypted connections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing SSL Tls Inspection Configuration

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing SSL Tls Security Assessment

Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains, protocol versions, HSTS headers, and known vulnerabilities like Heartbleed and ROBOT.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ssrf Vulnerability Exploitation

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services, and protocol handlers through user-controllable URL parameters. Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP, URL scheme bypass techniques, and DNS rebinding detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Static Malware Analysis With Pe Studio

Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file headers, imports, strings, resources, and indicators without executing the binary. Identifies suspicious characteristics including packing, anti-analysis techniques, and malicious imports. Activates for requests involving static malware analysis, PE file inspection, Windows executable analysis, or pre-execution malware triage.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance