Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,

Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)

Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation,

Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack

'Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration

'Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests

Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker,

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure

'Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD

'Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows

'Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps

Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive

'Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts

Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic

'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder,

'Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy

'This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare

'Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software

'Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol

End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary

Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule

'Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through

Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,

Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection

'Deploy and configure Tofino industrial firewalls from Belden/Hirschmann to protect SCADA systems and PLCs using

Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations,

'Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant

Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod

Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure

'Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged

'Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443,

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates

Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards,

Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger

'Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets,

Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets,

'This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD

'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure

'Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,

'Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences

'Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses,

'Uses Postman to perform structured API security testing by building collections that test for OWASP API Security

'Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy