implementing-identity-verification-for-zero-trust
Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based conditional access, and identity governance aligned with the CISA Zero Trust Maturity Model.
implementing-identity-governance-with-sailpoint
Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy
implementing-ics-firewall-with-tofino
>
implementing-honeytokens-for-breach-detection
>
implementing-honeypot-for-ransomware-detection
>
implementing-hashicorp-vault-dynamic-secrets
>
implementing-hardware-security-key-authentication
>
implementing-google-workspace-sso-configuration
Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.
implementing-google-workspace-phishing-protection
Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.
implementing-google-workspace-admin-security
>
implementing-github-advanced-security-for-code-scanning
Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.
implementing-gdpr-data-subject-access-request
>
implementing-gdpr-data-protection-controls
The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing the collection, processing, storage, and transfer of personal data. This skill cover
implementing-gcp-vpc-firewall-rules
>
implementing-gcp-organization-policy-constraints
Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.
implementing-gcp-binary-authorization
Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested container images are deployed to Google Kubernetes Engine and Cloud Run.
implementing-fuzz-testing-in-cicd-with-aflplusplus
Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.
implementing-file-integrity-monitoring-with-aide
Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting
implementing-epss-score-for-vulnerability-prioritization
Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.
little-schemer
Little Schemer Skill
intercepting-mobile-traffic-with-burpsuite
>
implementing-secret-scanning-with-gitleaks
>
implementing-secrets-management-with-vault
>
detecting-ransomware-encryption-behavior
>
exploiting-bgp-hijacking-vulnerabilities
>
detecting-ransomware-precursors-in-network
>
gay-julia
Wide-gamut color sampling with splittable determinism using Pigeons.jl
hunting-for-dcsync-attacks
Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.
hunting-for-defense-evasion-via-timestomping
>
hunting-for-dns-based-persistence
Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.
hunting-for-dns-tunneling-with-zeek
Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive query volume, long query lengths, and unusual DNS record types indicating covert channel communication.
hunting-for-domain-fronting-c2-traffic
Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection
hunting-for-lateral-movement-via-wmi
Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.
hunting-for-living-off-the-cloud-techniques
Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse of Azure, AWS, GCP services, and SaaS platforms.
hunting-for-living-off-the-land-binaries
Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.
hunting-for-lolbins-execution-in-endpoint-logs
Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs for suspicious execution patterns of legitimate Windows system binaries used for malicious purposes.
hunting-for-ntlm-relay-attacks
Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.
hunting-for-persistence-mechanisms-in-windows
Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services, startup folders, and WMI subscriptions.
hunting-for-persistence-via-wmi-subscriptions
Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI consumer, filter, and binding creation events that execute malicious code triggered by system events.
hunting-for-process-injection-techniques
Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry
hunting-for-registry-persistence-mechanisms
Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.
hunting-for-registry-run-key-persistence
Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.
hunting-for-scheduled-task-persistence
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.
hunting-for-dcom-lateral-movement
>
fuzzing-obstacles
Overcoming fuzzing obstacles and improving fuzzer effectiveness.
fuzzing-dictionary
Building effective fuzzing dictionaries for improved fuzzer performance.
fswatch-duckdb
FileSystemWatcher over /tmp with DuckDB/DuckLake persistence. Auto-starts on Amp sessions for resilient file monitoring with temporal queries.
frustration-eradication
Frustration Eradication Skill
fp-check
Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.
forester
Jon Sterling's forester tool for tending mathematical forests — syntax, escaping, verbatim, tree files, skill2tree conversion
Page 851 of 1486 · 74266 results
