Skip to content

Skill Catalog

Browse 4,314 curated AI agent skills. No account needed.

Security & Compliance

Performing Entitlement Review With Sailpoint Iiq

Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager certifications, targeted entitlement reviews, role-based access validation, SOD violation remediation, and automated revocation workflows. Activates for requests involving access reviews, entitlement certifications, SailPoint IIQ governance, or periodic user access recertification.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing External Network Penetration Test

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure using PTES methodology, reconnaissance, scanning, exploitation, and reporting.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing False Positive Reduction In Siem

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement, and threat intelligence enrichment to combat alert fatigue.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing File Carving With Foremost

Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Firmware Extraction With Binwalk

Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives, bootloaders, kernel images, and cryptographic material. Covers entropy analysis for detecting encrypted or compressed regions, recursive extraction of nested archives, SquashFS/CramFS/JFFS2 filesystem mounting, and string analysis for credential and configuration discovery. Activates for requests involving firmware reverse engineering, IoT device analysis, embedded system security assessment, or router/camera firmware extraction.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Firmware Malware Analysis

Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers, IoT devices, UEFI/BIOS, and embedded systems. Covers firmware extraction, filesystem analysis, binary reverse engineering, and bootkit detection. Activates for requests involving firmware security analysis, IoT malware investigation, UEFI rootkit detection, or embedded device compromise assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Fuzzing With Aflplusplus

Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover memory corruption, crashes, and security vulnerabilities. The tester instruments target binaries with afl-cc/afl-clang-fast, manages input corpora with afl-cmin and afl-tmin, runs parallel fuzzing campaigns with afl-fuzz, and triages crashes using CASR or GDB scripts. Activates for requests involving binary fuzzing, crash discovery, coverage-guided testing, or AFL++ fuzzing campaigns.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GCP Penetration Testing With Gcpbucketbrute

Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation path analysis, and service account permission auditing

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GCP Security Assessment With Forseti

Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security, Security Command Center, and gcloud CLI to audit IAM policies, firewall rules, storage permissions, and compliance against CIS GCP Foundations Benchmark.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GraphQL Depth Limit Attack

Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service vulnerabilities in GraphQL APIs.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GraphQL Introspection Attack

Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing GraphQL Security Assessment

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Hardware Security Module Integration

Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing operations, and secure key storage with python-pkcs11, AWS CloudHSM, and YubiHSM2.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Hash Cracking With Hashcat

Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing HTTP Parameter Pollution Attack

Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting duplicate parameters that are processed differently by front-end and back-end systems.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ics Asset Discovery With Claroty

Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty Edge active queries, and integration ecosystem to gain full visibility into industrial control system assets including PLCs, RTUs, HMIs, and network infrastructure across Purdue Model levels.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Indicator Lifecycle Management

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Initial Access With Evilginx3

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session tokens and bypass multi-factor authentication during red team engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Insider Threat Investigation

Investigates insider threat incidents involving employees, contractors, or trusted partners who misuse authorized access to steal data, sabotage systems, or violate security policies. Combines digital forensics, user behavior analytics, and HR/legal coordination to build an evidence-based case. Activates for requests involving insider threat investigation, employee data theft, privilege misuse, user behavior anomaly, or internal threat detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ioc Enrichment Automation

Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan, MISP, and other intelligence sources to provide contextual scoring and disposition recommendations. Use when SOC analysts need rapid multi-source enrichment of IPs, domains, URLs, and file hashes during alert triage or incident investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing iOS App Security Assessment

Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection for runtime exploration, SSL pinning bypass for traffic interception, keychain extraction for credential analysis, and IPA static analysis for binary-level review. Use when conducting authorized iOS penetration tests, evaluating mobile app security posture against OWASP MASTG, or assessing iOS app data protection and transport security controls. Activates for requests involving iOS app pentesting, Frida-based iOS instrumentation, mobile app SSL pinning bypass, or IPA reverse engineering.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing IoT Security Assessment

Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces, firmware, network communications, cloud APIs, and companion mobile applications. The tester uses firmware extraction and analysis, hardware debugging via UART and JTAG, network protocol analysis, and runtime exploitation to identify vulnerabilities across all layers of the IoT stack. Activates for requests involving IoT security testing, embedded device assessment, firmware security analysis, or smart device penetration testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ip Reputation Analysis With Shodan

Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing JWT None Algorithm Attack

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kerberoasting Attack

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kubernetes Cis Benchmark With Kube Bench

Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kubernetes Etcd Security Assessment

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Kubernetes Penetration Testing

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Lateral Movement Detection

Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Lateral Movement With Wmiexec

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket wmiexec.py, CrackMapExec, and native WMI commands for stealthy post-exploitation during red team engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Linux Log Forensics Investigation

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Log Analysis For Forensic Investigation

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Log Source Onboarding In Siem

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Hash Enrichment With Virustotal

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Ioc Extraction

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Persistence Investigation

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Malware Triage With Yara

Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences, and structural characteristics against known malware families and suspicious indicators. Covers rule writing, scanning, and integration with analysis pipelines. Activates for requests involving YARA rule creation, malware classification, pattern matching, sample triage, or signature-based detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Memory Forensics With Volatility3

Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Memory Forensics With Volatility3 Plugins

Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Mobile App Certificate Pinning Bypass

Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception during authorized security assessments. Covers OkHttp, TrustManager, NSURLSession, and third-party pinning library bypass techniques using Frida, Objection, and custom scripts. Activates for requests involving certificate pinning bypass, SSL pinning defeat, mobile TLS interception, or proxy-resistant app testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Mobile Device Forensics With Cellebrite

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Network Forensics With Wireshark

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts, and identify malicious communications.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Network Traffic Analysis With Tshark

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Network Traffic Analysis With Zeek

Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Nist Csf Maturity Assessment

The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing OAuth Scope Minimization Review

Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Oil Gas Cybersecurity Assessment

This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream (exploration/production), midstream (pipeline/transport), and downstream (refining/distribution) operations. It addresses SCADA systems controlling pipeline operations, DCS for refinery process control, safety instrumented systems for hazardous processes, remote terminal units at unmanned wellhead sites, and compliance with API 1164, TSA Pipeline Security Directives, IEC 62443, and NIST Cybersecurity Framework for critical infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Open Source Intelligence Gathering

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ot Network Security Assessment

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ot Vulnerability Assessment With Claroty

This skill covers performing vulnerability assessments in OT environments using the Claroty xDome platform for comprehensive asset discovery, risk scoring, vulnerability correlation, and remediation prioritization. It addresses passive vulnerability identification through traffic analysis, active safe querying of OT devices, integration with CVE databases and ICS-CERT advisories, and risk-based prioritization that accounts for operational impact and compensating controls.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ot Vulnerability Scanning Safely

Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries, and carefully controlled active scanning with Tenable OT Security to identify vulnerabilities without disrupting industrial processes or crashing legacy controllers.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Packet Injection Attack

Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments to test firewall rules, IDS detection, protocol handling, and network stack resilience against malformed and spoofed traffic.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Phishing Simulation With Gophish

GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing pag

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Physical Intrusion Assessment

Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device deployment to evaluate facility security controls.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Plc Firmware Security Analysis

This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including hardcoded credentials, insecure update mechanisms, backdoor functions, memory corruption flaws, and undocumented debug interfaces. It addresses firmware extraction from common PLC platforms (Siemens S7, Allen-Bradley, Schneider Modicon), static analysis of firmware images, dynamic analysis in emulated environments, and comparison against known-good baselines to detect tampering.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Post Quantum Cryptography Migration

Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards. Performs cryptographic inventory scanning to identify quantum-vulnerable algorithms (RSA, ECDH, ECDSA), evaluates hybrid TLS configurations with X25519MLKEM768, and validates CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA) readiness. Implements crypto-agility assessment using oqs-provider for OpenSSL. Use when planning or executing the transition from classical to post-quantum cryptographic algorithms across enterprise infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Power Grid Cybersecurity Assessment

This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation facilities, transmission substations, distribution systems, and energy management system (EMS) control centers. It addresses NERC CIP compliance verification, substation automation security, IEC 61850 protocol analysis, synchrophasor (PMU) network security, and the unique threat landscape targeting power grid operations as demonstrated by Industroyer/CrashOverride and related attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Privileged Account Access Review

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Privilege Escalation Assessment

Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege access to root or SYSTEM-level control. The tester enumerates misconfigurations, vulnerable services, kernel exploits, SUID binaries, unquoted service paths, and credential stores to demonstrate the full impact of an initial compromise. Activates for requests involving privilege escalation testing, local exploitation, post-compromise escalation, or OS-level security assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Purple Team Atomic Testing

Executes Atomic Red Team tests mapped to MITRE ATT&CK techniques, performs coverage gap analysis across the ATT&CK matrix, and runs detection validation loops to measure blue team visibility. Covers Invoke-AtomicRedTeam PowerShell execution, ATT&CK Navigator layer generation for heatmaps, Sigma rule correlation, and continuous atomic testing pipelines. Activates for requests involving purple team exercises, atomic test execution, ATT&CK coverage assessment, detection engineering validation, or adversary emulation testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Purple Team Exercise

Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation using MITRE ATT&CK-mapped attack scenarios, real-time detection testing, and collaborative gap remediation. Use when SOC teams need to validate detection capabilities, improve analyst skills, and close detection gaps through structured offensive-defensive collaboration.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ransomware Response

Executes a structured ransomware incident response from initial detection through containment, forensic analysis, decryption assessment, recovery, and post-incident hardening. Addresses ransom negotiation considerations, backup integrity verification, and regulatory notification requirements. Activates for requests involving ransomware response, ransomware recovery, crypto-ransomware, data encryption attack, ransom payment decision, or ransomware containment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ransomware Tabletop Exercise

Plans and facilitates tabletop exercises simulating ransomware incidents to test organizational readiness, decision-making, and communication procedures. Designs realistic scenarios based on current ransomware threat actors (LockBit, ALPHV/BlackCat, Cl0p), injects covering double extortion, backup destruction, and regulatory notification requirements. Evaluates participant responses against NIST CSF and CISA guidelines. Activates for requests involving ransomware tabletop, incident response exercise, or ransomware readiness drill.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Red Team Phishing With Gophish

Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with tracking pixels, configures SMTP sending profiles, builds target groups from CSV, launches campaigns, and analyzes results including open rates, click rates, and credential submission statistics for security awareness assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing S7comm Protocol Security Analysis

Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities including replay attacks, integrity bypass, unauthorized CPU stop commands, and program download manipulation exploiting weaknesses in S7-300, S7-400, S7-1200, and S7-1500 controllers.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Scada Hmi Security Assessment

Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based HMIs, thin-client configurations, authentication mechanisms, and communication channels between HMI and PLCs, aligned with IEC 62443 and NIST SP 800-82 guidelines.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Sca Dependency Scanning With Snyk

This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Second Order SQL Injection

Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Security Headers Audit

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Serverless Function Security Review

Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions to identify overly permissive execution roles, insecure environment variables, injection vulnerabilities, and missing runtime protections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Service Account Audit

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Service Account Credential Rotation

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases to eliminate stale secrets and reduce compromise risk.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Soap Web Service Security Testing

Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE, WS-Security bypass, and SOAPAction spoofing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Soc2 Type2 Audit Preparation

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Soc Tabletop Exercise

Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to test incident response procedures, communication workflows, and decision-making under pressure without impacting production systems. Use when organizations need to validate IR playbooks, train analysts, or meet compliance requirements for incident response testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Sqlite Database Forensics

Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing SSL Stripping Attack

Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test HSTS enforcement, certificate validation, and HTTPS upgrade mechanisms that protect users from downgrade attacks on encrypted connections.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing SSL Tls Inspection Configuration

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing SSL Tls Security Assessment

Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains, protocol versions, HSTS headers, and known vulnerabilities like Heartbleed and ROBOT.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Ssrf Vulnerability Exploitation

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services, and protocol handlers through user-controllable URL parameters. Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP, URL scheme bypass techniques, and DNS rebinding detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Static Malware Analysis With Pe Studio

Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file headers, imports, strings, resources, and indicators without executing the binary. Identifies suspicious characteristics including packing, anti-analysis techniques, and malicious imports. Activates for requests involving static malware analysis, PE file inspection, Windows executable analysis, or pre-execution malware triage.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Steganography Detection

Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover covert communication channels.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Subdomain Enumeration With Subfinder

Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Supply Chain Attack Simulation

Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Thick Client Application Penetration Test

Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials, DLL hijacking, memory manipulation, and insecure API communication in desktop applications using dnSpy, Procmon, and Burp Suite.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Threat Emulation With Atomic Red Team

Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Threat Hunting With Elastic Siem

Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline investigation to identify threats that evade automated detection. Use when SOC teams need to hunt for specific ATT&CK techniques, investigate anomalous behaviors, or validate detection coverage gaps using Elasticsearch and Kibana Security.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Threat Hunting With Yara Rules

Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems and memory dumps. Covers rule authoring, yara-python scanning, and integration with threat intel feeds.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Threat Intelligence Sharing With Misp

Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Threat Landscape Assessment For Sector

Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Threat Modeling With Owasp Threat Dragon

Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Timeline Reconstruction With Plaso

Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems, logs, and artifacts into a unified chronological view.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing User Behavior Analytics

Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible travel, unusual access patterns, privilege abuse, and insider threats using SIEM-based behavioral baselines and statistical analysis. Use when SOC teams need to identify compromised accounts or insider threats through deviation from established behavioral norms.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Vlan Hopping Attack

Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments to test VLAN segmentation effectiveness and validate switch port security configurations against Layer 2 bypass attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Vulnerability Scanning With Nessus

Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities, misconfigurations, default credentials, and missing patches across network infrastructure, servers, and applications. The scanner correlates findings with CVE databases and CVSS scores to produce prioritized remediation guidance. Activates for requests involving vulnerability scanning, Nessus assessment, patch compliance checking, or automated vulnerability detection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Web Application Firewall Bypass

Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution, and payload obfuscation to deliver SQL injection, XSS, and other attack payloads past WAF detection rules.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Web Application Penetration Test

Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Web Application Scanning With Nikto

Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies ve

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Web Application Vulnerability Triage

Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Performing Web Cache Deception Attack

Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers and origin servers to cache and retrieve sensitive authenticated content.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance