Penetration Testing

executing-red-team-exercise is a cybersecurity skill for planning and tracking realistic red team exercises. It supports adversary emulation across reconnaissance, technique selection, execution, and detection-gap review, making it useful for Security Audit work and ATT&CK-aligned assessments.

conducting-external-reconnaissance-with-osint skill for passive external footprinting, attack surface mapping, and Security Audit prep using public sources like DNS, crt.sh, Shodan, GitHub, and leak data. Built for authorized reconnaissance with clear scope control, source separation, and practical findings.

conducting-cloud-penetration-testing helps you plan and execute authorized cloud assessments across AWS, Azure, and GCP. Use it to find IAM misconfigurations, metadata exposure, public resources, and escalation paths, then turn results into a security audit report. It fits the conducting-cloud-penetration-testing skill for Security Audit workflows.

conducting-api-security-testing helps authorized testers assess REST, GraphQL, and gRPC APIs for auth, authorization, rate limiting, input validation, and business-logic flaws using an OWASP API Security Top 10 workflow. Use it for structured, evidence-based API security testing and security audit reviews.

The analyzing-ios-app-security-with-objection skill helps authorized testers run runtime iOS app security checks with Objection and Frida. Use it to review keychain exposure, filesystem storage, cookies, SSL pinning, jailbreak detection, and other client-side defenses during a Security Audit. Includes workflow guidance, install steps, and practical usage notes.

analyzing-cyber-kill-chain helps map intrusion activity to the Lockheed Martin Cyber Kill Chain to show what happened, where defenses held or failed, and which controls could have stopped the attack earlier. It is useful for incident response, detection-gap analysis, and analyzing-cyber-kill-chain for Threat Intelligence.

ffuf-web-fuzzing is a practical skill for discovering hidden web content, testing routes and parameters, and fuzzing authenticated targets with raw requests, auto-calibration, and result analysis. It fits security testers who need a repeatable ffuf-web-fuzzing guide for penetration testing and Security Audit workflows.