Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source

Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its

Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

'Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,

'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing

'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex

'Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning

Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis

'Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using

Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive

Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel

'Performs statistical analysis of Zeek conn.log connection intervals to detect C2 beaconing patterns. Uses the

Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack

Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT

Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption

'Detects insider data exfiltration by analyzing DLP policy violations, file access patterns, upload volume anomalies,

Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,

Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate

'Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned

Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit

Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts,

Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active

Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge

Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,

'Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs,

Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral

Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis,

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while

Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize

'Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom

'This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that

'Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across

Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and

'Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation

'Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation

'Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process

'This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware

Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation,

'Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress

'Configures mutual TLS (mTLS) authentication between microservices using Python cryptography library for certificate

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies