by mukul975
detecting-azure-lateral-movement helps security analysts hunt lateral movement in Azure AD/Entra ID and Microsoft Sentinel using Microsoft Graph audit logs, sign-in telemetry, and KQL correlation. Use it for incident triage, detection engineering, and security audit workflows covering consent abuse, service principal misuse, token theft, and cross-tenant pivoting.
by mukul975
The exploiting-constrained-delegation-abuse skill guides authorized Active Directory testing of Kerberos constrained delegation abuse. It covers enumeration, S4U2self and S4U2proxy ticket requests, and practical paths to lateral movement or privilege escalation. Use it when you need a repeatable guide for penetration testing, not a generic Kerberos overview.
by mukul975
detecting-lateral-movement-in-network helps detect post-compromise lateral movement in enterprise networks using Windows event logs, Zeek telemetry, SMB, RDP, and SIEM correlation. It is useful for threat hunting, incident response, and detecting-lateral-movement-in-network for Security Audit reviews with practical detection workflows.
by mukul975
detecting-attacks-on-historian-servers helps detect suspicious activity on OT historian servers like OSIsoft PI, Ignition, and Wonderware at the IT/OT boundary. Use this detecting-attacks-on-historian-servers guide for Incident Response, unauthorized queries, data manipulation, API abuse, and lateral-movement triage.
by mukul975
The configuring-microsegmentation-for-zero-trust skill helps design and validate least-privilege workload-to-workload policies for zero trust environments. Use this guide to segment applications, reduce lateral movement, and turn observed traffic into enforceable rules for Security Audit and operations.
