cybersecuritySkill
Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing patterns. Uses the Python netflow library to decode flow records, builds traffic baselines, and applies statistical analysis to identify flows with abnormal byte counts, connection durations, and periodic timing patterns.
Network Security
analyzingdataflownetwork
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing
Network Security
network-forensicspacket-analysispcapprotocol-dissection+2
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.
Network Security
network-securitypacket-analysispcaptraffic-analysis+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept, analyze, and modify network traffic for testing encryption enforcement, certificate validation, and detection capabilities.
Network Security
bettercapettercapmitmmitmproxy+1
ATT&CK3, 3 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce access control between segments, and reduce the attack surface by limiting lateral movement paths in enterprise network environments.
Network Security
802.1qnetwork-securitynetwork-segmentationswitch-security+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation, control traffic flow, and protect internal network zones in enterprise and small-to-medium business environments.
Network Security
firewallnatnetwork-securitynetwork-segmentation+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious activity using custom and community rulesets, preprocessors, and alert output plugins on authorized network segments.
Network Security
idsintrusion-detectionnetwork-securityrule-writing+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for real-time network traffic inspection, threat detection, and integration with SIEM platforms for centralized security monitoring.
Network Security
idsipsnetwork-monitoringnetwork-security+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.
Network Security
arp-poisoningarp-spoofingarpwatchdynamic-arp-inspection+4
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools (Iodine, dnscat2, dns2tcp, Cobalt Strike DNS beacon), domain generation algorithms (DGA), encoded payload delivery via TXT/CNAME records, and DNS beaconing patterns. Covers Shannon entropy analysis of query subdomains, statistical anomaly detection, ML-based DGA classification, passive DNS correlation, and Zeek/Suricata signature development. Activates for requests involving DNS-based C2 detection, DNS tunnel identification, suspicious DNS traffic investigation, or DGA domain classification.
Network Security
c2dgadnsnetwork-forensics+2
ATT&CK11, 11 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.
Network Security
data-exfiltrationdns-exfiltrationdns-tunnelingdnscat2+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns
Network Security
dns-exfiltrationentropy-analysisthreat-huntingzeek
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows, SMB traffic, and RDP sessions using Zeek, Velociraptor, and SIEM correlation rules to detect attackers moving between systems.
Network Security
lateral-movementnetwork-securitypass-the-hashsiem+1
ATT&CK10, 10 mappingsNIST CSF4, 4 mappingsD3FEND5, 5 mappings
cybersecuritySkill
Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log, smb_files.log, dce_rpc.log, kerberos.log, and ntlm.log to identify SMB file transfers, NTLM account spray activity, remote service execution, and anomalous internal connections.
Network Security
dce-rpclateral-movementnetwork-forensicsntlm-spray+2
ATT&CK13, 13 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate structured logs, detect anomalous behavior, and create custom detection scripts for threat hunting and incident response.
Network Security
anomaly-detectionnetwork-monitoringnetwork-securitythreat-hunting+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.
Network Security
idsnetwork-securitynmap-detectionport-scanning+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts, and network reconnaissance, automatically banning offending IP addresses and alerting security teams to suspicious network probing.
Network Security
automated-defensefail2banintrusion-preventionnetwork-security+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation, RPKI deployment, and BGP monitoring defenses against prefix hijacking and route leak attacks on internet routing infrastructure.
Network Security
bgpnetwork-securityroute-hijackingrouting-security+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding, and IPv6 tunneling during authorized assessments to test dual-stack security controls and IPv6-aware network defenses.
Network Security
dual-stack-securityipv6network-securityrouter-advertisement+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration tests to demonstrate risks from unpatched Windows systems, misconfigured shares, and weak authentication in enterprise networks.
Network Security
eternalblueexploitationmetasploitnetwork-security+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and ROV policies on Cisco and Juniper routers to prevent route hijacking.
Network Security
bgpbgp-securityinternet-routingprefix-hijack+5
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation policies with URL categorization and risk-based routing, content disarming and reconstruction (CDR) for file sanitization, data loss prevention controls within isolated sessions, and integration with Secure Web Gateway and ZTNA platforms. Based on Cloudflare Browser Isolation, Menlo Security, and Zscaler RBI approaches. Use when hardening web access against zero-day exploits, phishing, credential theft, and browser-based data exfiltration.
Network Security
browser-isolationcdrcontent-disarmingrbi+3
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.
Network Security
bot-managementcloudflareddosddos-mitigation+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch configurations to enforce identity-based access policies, posture assessment, and automatic VLAN assignment for authorized devices.
Network Security
802.1xnacnetwork-securitypacketfence+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass, posture assessment, and dynamic VLAN assignment for network access control.
Network Security
802.1xcisco-isedynamic-vlaneap-tls+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploy and configure Suricata as a network intrusion prevention system with custom rules, Emerging Threats rulesets, and inline traffic inspection for real-time threat blocking.
Network Security
emerging-threatsidsinline-modeintrusion-prevention+5
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.
Network Security
acleast-west-trafficfirewall-zoneslateral-movement+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API v3 to search sessions, download PCAPs, analyze connection patterns, detect beaconing behavior, and identify suspicious network flows. Monitors DNS queries, HTTP traffic, and TLS certificate anomalies across captured traffic.
Network Security
arkimefull-packet-capturenetwork-forensicsnetwork-security+2
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Build network traffic baselines from NetFlow/IPFIX data using Python pandas for statistical analysis, z-score anomaly detection, and hourly/daily traffic pattern profiling
Network Security
anomaly-detectionbaseliningipfixnetflow+3
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies, SSL decryption, and threat prevention profiles for enterprise network security.
Network Security
app-idfirewallnetwork-securityngfw+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy to demonstrate man-in-the-middle risks, test network detection capabilities, and validate ARP inspection countermeasures.
Network Security
arp-spoofingettercaplayer2-attackmitm+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments to test quality-of-service controls, application resilience, and network monitoring detection of traffic manipulation attacks.
Network Security
bandwidth-throttlingnetwork-resiliencenetwork-securityqos+1
ATT&CK4, 4 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during authorized reconnaissance to identify attack surface, misconfigurations, and information disclosure in target domains.
Network Security
dnsenumerationnetwork-securityreconnaissance+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files
Network Security
network-forensicspacket-analysispcappyshark+3
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.
Network Security
forensicsidsnetwork-monitoringnids+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Crafts and injects custom network packets using Scapy, hping3, and Nemesis during authorized security assessments to test firewall rules, IDS detection, protocol handling, and network stack resilience against malformed and spoofed traffic.
Network Security
hping3network-securitypacket-injectionprotocol-testing+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Simulates SSL stripping attacks using sslstrip, Bettercap, and mitmproxy in authorized environments to test HSTS enforcement, certificate validation, and HTTPS upgrade mechanisms that protect users from downgrade attacks on encrypted connections.
Network Security
hstshttpsnetwork-securityssl-stripping+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.
Network Security
certificate-managementforward-proxyhttps-inspectionman-in-the-middle+4
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Assess SSL/TLS server configurations using the sslyze Python library to evaluate cipher suites, certificate chains, protocol versions, HSTS headers, and known vulnerabilities like Heartbleed and ROBOT.
Network Security
certificatecipher-suitesnetwork-securityssl+3
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments to test VLAN segmentation effectiveness and validate switch port security configurations against Layer 2 bypass attacks.
Network Security
802.1qlayer2-attacknetwork-securityswitch-security+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary attacks during authorized wireless security assessments to evaluate passphrase strength and wireless network security posture.
Network Security
aircrack-ngnetwork-securitywifiwireless-security+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak encryption, and unauthorized clients through passive RF monitoring.
Network Security
802.11kismetrf-monitoringrogue-ap+5
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings
cybersecuritySkill
Performs advanced network reconnaissance using Nmap's scripting engine, timing controls, evasion techniques, and output parsing to discover hosts, enumerate services, detect vulnerabilities, and fingerprint operating systems across authorized target networks.
Network Security
network-securitynmapport-scanningreconnaissance+1
ATT&CK5, 5 mappingsNIST CSF4, 4 mappings