Public benchLIVE

What's on the bench.

5,040
Artifacts
26
Industries
18
Reads / week

All artifacts

5040
Industry
SKILL0

Performing Ot Network Security Assessment

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

cybersecurity-soc+2
0
SKILL0

Performing Osint With Spiderfoot

Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance, and structured result analysis across 200+ data sources

cybersecurity-soc
0
SKILL0

Performing Open Source Intelligence Gathering

Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s

cybersecurity-soc+1
0
SKILL0

Performing Oil Gas Cybersecurity Assessment

This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream (exploration/production), midstream (pipeline/transport), and downstream (refining/distribution) operations. It addresses SCADA systems controlling pipeline operations, DCS for refinery process control, safety instrumented systems for hazardous processes, remote terminal units at unmanned wellhead sites, and compliance with API 1164, TSA Pipeline Security Directives, IEC 62443, and NIST Cybersecurity Framework for critical infrastructure.

cybersecurity-soc
0
SKILL0

Performing OAuth Scope Minimization Review

Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.

cybersecurity-soc
0
SKILL0

Performing Nist Csf Maturity Assessment

The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.

cybersecurity-soc
0
SKILL0

Performing Network Traffic Analysis With Tshark

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files

cybersecurity-soc
0
SKILL0

Performing Network Packet Capture Analysis

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.

cybersecurity-soc
0
SKILL0

Performing Mobile Device Forensics With Cellebrite

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.

cybersecurity-soc
0
SKILL0

Performing Mobile App Certificate Pinning Bypass

Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception during authorized security assessments. Covers OkHttp, TrustManager, NSURLSession, and third-party pinning library bypass techniques using Frida, Objection, and custom scripts. Activates for requests involving certificate pinning bypass, SSL pinning defeat, mobile TLS interception, or proxy-resistant app testing.

cybersecurity-soc
0
SKILL0

Performing Memory Forensics With Volatility3 Plugins

Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.

cybersecurity-soc
0
SKILL0

Performing Malware Triage With Yara

Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences, and structural characteristics against known malware families and suspicious indicators. Covers rule writing, scanning, and integration with analysis pipelines. Activates for requests involving YARA rule creation, malware classification, pattern matching, sample triage, or signature-based detection.

cybersecurity-soc
0
SKILL0

Performing Malware Persistence Investigation

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.

cybersecurity-soc
0
SKILL0

Performing Malware Ioc Extraction

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist

cybersecurity-soc
0
SKILL0

Performing Malware Hash Enrichment With Virustotal

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.

cybersecurity-soc
0
SKILL0

Performing Log Source Onboarding In Siem

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.

cybersecurity-soc
0
SKILL0

Performing Log Analysis For Forensic Investigation

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.

cybersecurity-soc
0
SKILL0

Performing Linux Log Forensics Investigation

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.

cybersecurity-soc
0
SKILL0

Performing Lateral Movement Detection

Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.

cybersecurity-soc
0
SKILL0

Performing Kubernetes Penetration Testing

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools

cybersecurity-soc
0
SKILL0

Performing Kubernetes Etcd Security Assessment

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.

cybersecurity-soc
0
SKILL0

Performing Kubernetes Cis Benchmark With Kube Bench

Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.

cybersecurity-soc
0
SKILL0

Performing Kerberoasting Attack

Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names

cybersecurity-soc
0
SKILL0

Performing JWT None Algorithm Attack

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.

cybersecurity-soc
0

Want your own bench?

Free for crews of 5. Connect your team in minutes.

Sign up free