Security specialty

Penetration Testing

Browse every cataloged workflow for penetration testing, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

21 skills

cybersecuritySkill

Conducting API Security Testing

Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.

Penetration Testing
api-securityauthorization-testinggraphqlowasp-api-top10+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Conducting External Reconnaissance with OSINT

Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization's external attack surface without directly interacting with target systems. The tester gathers information from public sources including DNS records, certificate transparency logs, search engines, social media, code repositories, and data breach databases to build a comprehensive target profile. Activates for requests involving OSINT reconnaissance, external footprinting, attack surface mapping, or passive information gathering.

Penetration Testing
attack-surfacefootprintingosintpassive-recon+1
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Conducting Internal Network Penetration Test

Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify lateral movement paths, privilege escalation vectors, and sensitive data exposure within the corporate network.

Penetration Testing
assumed-breachimpacketinternal-pentestlateral-movement+3
ATT&CK, 11 mappingsNIST CSF, 4 mappingsD3FEND, 5 mappings
cybersecuritySkill

Conducting Mobile App Penetration Test

Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.

Penetration Testing
android-securityios-securitymobile-application-securitymobile-pentest+1
ATT&CK, 6 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 3 mappings
cybersecuritySkill

Conducting Network Penetration Test

Conducts comprehensive network penetration tests against authorized target environments by performing host discovery, port scanning, service enumeration, vulnerability identification, and controlled exploitation to assess the security posture of network infrastructure. The tester follows PTES methodology from reconnaissance through post-exploitation and reporting. Activates for requests involving network pentest, infrastructure security assessment, internal network testing, or external perimeter testing.

Penetration Testing
infrastructure-securitymetasploitnetwork-pentestnmap+1
ATT&CK, 6 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Conducting Social Engineering Penetration Test

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.

Penetration Testing
gophishosintphishingpretexting+5
ATT&CK, 8 mappingsNIST CSF, 4 mappingsATLAS, 2 mappingsAI RMF, 2 mappings
cybersecuritySkill

Conducting Wireless Network Penetration Test

Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing for weak encryption protocols, captive portal bypasses, evil twin attacks, WPA2/WPA3 handshake capture, rogue access point detection, and client-side attacks. The tester evaluates wireless authentication, network segmentation, and the effectiveness of wireless intrusion detection systems. Activates for requests involving wireless pentest, WiFi security assessment, WPA2/WPA3 testing, or rogue access point detection.

Penetration Testing
evil-twinwifi-securitywireless-pentestwpa2+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Executing Active Directory Attack Simulation

Executes authorized attack simulations against Active Directory environments to identify misconfigurations, weak credentials, dangerous privilege paths, and exploitable trust relationships that could lead to domain compromise. The tester uses BloodHound for attack path analysis, Mimikatz for credential extraction, and Impacket for protocol-level attacks including Kerberoasting, AS-REP Roasting, and delegation abuse. Activates for requests involving Active Directory pentest, AD attack simulation, domain compromise testing, or Kerberos attack assessment.

Penetration Testing
active-directorybloodhounddomain-compromisekerberoasting+1
ATT&CK, 5 mappingsNIST CSF, 4 mappingsD3FEND, 5 mappings
cybersecuritySkill

Executing Phishing Simulation Campaign

Executes authorized phishing simulation campaigns to assess an organization's susceptibility to email-based social engineering attacks. The tester designs realistic phishing scenarios, builds credential harvesting infrastructure, sends targeted phishing emails, and tracks open rates, click-through rates, and credential submission rates to measure human security awareness. Activates for requests involving phishing simulation, social engineering assessment, email security testing, or security awareness measurement.

Penetration Testing
email-securitygophishphishing-simulationsecurity-awareness+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Executing Red Team Exercise

Executes comprehensive red team exercises that simulate real-world adversary operations against an organization's people, processes, and technology. The red team operates with stealth as a primary objective, employing the full attack lifecycle from initial reconnaissance through objective completion while testing the organization's detection and response capabilities. This differs from penetration testing by focusing on adversary emulation rather than vulnerability identification. Activates for requests involving red team exercise, adversary simulation, adversary emulation, or full-scope offensive security assessment.

Penetration Testing
adversary-emulationcobalt-strikedetection-assessmentmitre-att&ck+1
ATT&CK, 5 mappingsNIST CSF, 4 mappingsD3FEND, 5 mappings
cybersecuritySkill

Exploiting SQL Injection Vulnerabilities

Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests using manual techniques and automated tools like sqlmap. The tester detects injection points through error-based, union-based, blind boolean, and time-based blind techniques across all major database engines (MySQL, PostgreSQL, MSSQL, Oracle) to demonstrate data extraction, authentication bypass, and potential remote code execution. Activates for requests involving SQL injection testing, SQLi exploitation, database security assessment, or injection vulnerability verification.

Penetration Testing
database-securityinjection-testingowasp-a03sql-injection+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Moving Laterally with NetExec

Use NetExec for SMB, WinRM, LDAP, and MSSQL enumeration, password spraying, and execution.

Penetration Testing
active-directorycredential-accesslateral-movementnetexec+4
ATT&CK, 9 mappingsNIST CSF, 1 mapping
cybersecuritySkill

Performing Active Directory Penetration Test

Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.

Penetration Testing
active-directoryadcsbloodhounddcsync+4
ATT&CK, 12 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing External Network Penetration Test

Conduct a comprehensive external network penetration test to identify vulnerabilities in internet-facing infrastructure using PTES methodology, reconnaissance, scanning, exploitation, and reporting.

Penetration Testing
exploitationexternal-pentestmetasploitnetwork-security+5
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing IoT Security Assessment

Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces, firmware, network communications, cloud APIs, and companion mobile applications. The tester uses firmware extraction and analysis, hardware debugging via UART and JTAG, network protocol analysis, and runtime exploitation to identify vulnerabilities across all layers of the IoT stack. Activates for requests involving IoT security testing, embedded device assessment, firmware security analysis, or smart device penetration testing.

Penetration Testing
embedded-systemsfirmware-analysishardware-hackingiot-security+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Privilege Escalation Assessment

Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege access to root or SYSTEM-level control. The tester enumerates misconfigurations, vulnerable services, kernel exploits, SUID binaries, unquoted service paths, and credential stores to demonstrate the full impact of an initial compromise. Activates for requests involving privilege escalation testing, local exploitation, post-compromise escalation, or OS-level security assessment.

Penetration Testing
linux-privesclocal-exploitationpost-exploitationprivilege-escalation+1
ATT&CK, 9 mappingsNIST CSF, 4 mappingsD3FEND, 5 mappings
cybersecuritySkill

Performing Thick Client Application Penetration Test

Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials, DLL hijacking, memory manipulation, and insecure API communication in desktop applications using dnSpy, Procmon, and Burp Suite.

Penetration Testing
api-interceptionbinary-analysisdesktop-applicationdll-hijacking+3
ATT&CK, 5 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 3 mappings
cybersecuritySkill

Performing Vulnerability Scanning with Nessus

Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities, misconfigurations, default credentials, and missing patches across network infrastructure, servers, and applications. The scanner correlates findings with CVE databases and CVSS scores to produce prioritized remediation guidance. Activates for requests involving vulnerability scanning, Nessus assessment, patch compliance checking, or automated vulnerability detection.

Penetration Testing
cvenessuspatch-managementtenable+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Web Application Penetration Test

Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.

Penetration Testing
application-securityburp-suiteowaspweb-application-pentest+1
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Wireless Network Penetration Test

Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3 keys, detecting rogue access points, and testing wireless segmentation using Aircrack-ng and related tools.

Penetration Testing
802.11aircrack-ngevil-twinkismet+5
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Testing for XSS Vulnerabilities

Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into reflected, stored, and DOM-based contexts to demonstrate client-side code execution, session hijacking, and user impersonation. The tester identifies all injection points and output contexts, crafts context-appropriate payloads, and bypasses sanitization and CSP protections. Activates for requests involving XSS testing, cross-site scripting assessment, client-side injection testing, or JavaScript injection vulnerability testing.

Penetration Testing
client-side-securitycross-site-scriptingjavascript-injectionowasp-a03+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings