'Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log,

'Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process

'Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption

'Detects and analyzes malicious behavior in mobile applications through behavioral analysis, permission abuse

'Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,

Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious

'Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and

'Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access

Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event

'Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google

Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity

'This skill covers detecting sophisticated cyber-physical attacks that follow the Stuxnet attack pattern of modifying

Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation

Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,

Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring

'Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including

'Executes authorized attack simulations against Active Directory environments to identify misconfigurations,

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless

'Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity,

'Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate

Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services,

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect

Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious

AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect

Security awareness training is the human layer of phishing defense. An effective anti-phishing training program

Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent

'Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication

'Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms

Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0,

'Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints,

'Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards

'Implementing Google''s BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter,

'Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access

'Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations,

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based

'Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying

Reduce container attack surface by building application images on Google distroless base images that contain

Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin

Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug

'Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration,

'Implementing device posture assessment as a zero trust access control by integrating endpoint health signals

'Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from

SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate

Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based

Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy,

'Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication

'Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates