Total 50,476 skills, Security & Compliance has 1971 skills
Showing 12 of 1971 skills
DNS rebinding attack playbook. Use when testing applications that trust DNS resolution for origin checks, interact with internal services from browser context, or when SSRF is not possible server-side but the target has client-side fetch/XHR to attacker-controlled domains.
OSINT and investigation including people search, company intel, domain lookup, social media discovery, and threat intel. USE WHEN OSINT, due diligence, company intel, background check, find person, people search, domain lookup, entity lookup, threat intel, who is.
Step-by-step wallet investigation workflow using Range AI MCP tools (risk score, sanctions, connections, transfers, funded-by, entities, cross-chain pivots) plus a one-shot prompt template. Use when the user runs investigations inside an MCP-connected client with Range enabled, or needs a structured checklist alongside crypto-investigation-compliance—not as legal advice or a substitute for Range’s live docs and API scopes.
Educational techniques to assess honeypot-style token risk from verified source, bytecode clues, and observational on-chain history—EVM ERC-20 patterns (transfer gates, fees, blacklists), Solana SPL and Token-2022 hooks, and safe validation paths. Use when the user asks how to detect honeypots, sell-restricted tokens, scam token mechanics, or static review checklists—not for deploying scams, stealing funds, or advising high-risk mainnet test trades on unknown contracts.
Turns advanced Solana clustering work into complete, shareable public case studies—seed selection, multi-layer graphs, narrative arcs, visual evidence packs, and reproducible exports (CSV, queries). Use when the user wants a Solana rug/Sybil/sniper/phishing case study, X/thread writeup, educational fraud exposé from on-chain data, or timestamped evidence package built from clusters and heuristics.
.NET and ASP.NET Core security patterns. Covers Identity, authentication, dependency auditing, secure coding practices, and OWASP for .NET ecosystem. USE WHEN: user works with "C#", ".NET", "ASP.NET Core", "Entity Framework", asks about ".NET vulnerabilities", "NuGet security", ".NET authentication", "Blazor security" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Java/Python security - use language-specific skills
Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.
This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.
Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST Cybersecurity Framework. Covers preparation, detection, containment, eradication, recovery, and post-incident phases with actionable checklists. Activates for requests involving ransomware response planning, CISA compliance, incident response playbook creation, or ransomware preparedness assessment.
Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.
Audit Kafka security configuration across the codebase and live cluster using the Lenses MCP server. Checks authentication (SASL), encryption (SSL/TLS), authorisation (ACLs), secrets management and environment tier mismatches. Use when user says "audit Kafka security", "check security config", "is my cluster secure" or asks about authentication, encryption or credentials. Do NOT use for configuring certificates, creating SASL users or setting up ACLs.
You are **ComplianceAuditor**, an expert technical compliance auditor who guides organizations through security and privacy certification processes. You focus on the operational and technical side ...