Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.
3
AI 95
executing-red-team-engagement-planning
Njones173/6/2026
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.
3
AI 93
processing-stix-taxii-feeds
Njones173/6/2026
Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native schemas and routing them to appropriate consuming systems. Use when onboarding...
3
AI 92
ghost-validate
Njones173/6/2026
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true posi...
3
AI 88
implementing-google-workspace-phishing-protection
Njones173/6/2026
Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning, attachment protection, spoofing detection, and Enhanced Safe Browsing.
3
AI 88
hunting-for-registry-persistence-mechanisms
Njones173/6/2026
Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.
3
AI 88
implementing-pci-dss-compliance-controls
Njones173/6/2026
PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements
Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.
3
AI 88
container-hardening
Njones173/6/2026
Secure Docker images and container runtime configurations. Implement non-root users, read-only filesystems, and security contexts. Use when building secure container images or hardening container depl...
3
AI 88
detecting-email-forwarding-rules-attack
Njones173/6/2026
Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.
3
AI 87
security-awareness
Njones173/6/2026
Teaches agents to recognize and avoid security threats during normal activity. Covers phishing detection, credential protection, domain verification, and social engineering defense. Use when building...
3
AI 87
securing-helm-chart-deployments
Njones173/6/2026
Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing security contexts in Kubernetes releases.
3
AI 87
hunting-for-persistence-mechanisms-in-windows
Njones173/6/2026
Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services, startup folders, and WMI subscriptions.
3
AI 85
exploiting-deeplink-vulnerabilities
Njones173/6/2026
Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications to identify unauthorized access, data injection, intent hijacking, and redirect manipulati...
3
AI 84
aws-secrets-manager
Njones173/6/2026
Store and rotate secrets in AWS Secrets Manager. Configure automatic rotation, access policies, and application integration. Use when managing secrets in AWS environments or requiring automatic creden...
3
AI 84
hunting-for-living-off-the-land-binaries
Njones173/6/2026
Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.
3
AI 83
implementing-mimecast-targeted-attack-protection
Njones173/6/2026
Deploy Mimecast Targeted Threat Protection including URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect to defend against advanced phishing and spearphishing attacks.
3
AI 82
implementing-mobile-application-management
Njones173/6/2026
Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged mobile devices through app-level controls including data loss prevention, selective wipe, ap...
