Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and readData passes it directly to new byte[length] with no upper-bound check. An unauthenticated attacker can cause the JVM to attempt an allocation of up to 2,147,483,647 bytes per connection, exhausting heap memory and crashing or severely degrading the DataNode process. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Casky was already ahead
This CVE exploits attack patterns that Casky's 577matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-40006 is a critical authentication bypass and resource exhaustion vulnerability affecting Apache IoTDB's AirGap pipe receiver. When the pipe_air_gap_receiver_enabled setting is true, the receiver opens port 9780 to unauthenticated TCP connections and reads a 32-bit integer directly from user input without validation. An attacker can exploit the readData method by supplying an arbitrarily large length value, forcing the application to allocate massive byte arrays and exhausting server memory. This vulnerability affects any organization deploying IoTDB with AirGap piping enabled in production environments, particularly those managing critical infrastructure data pipelines where data integrity and availability are paramount.
Casky's 577 matching security skills, powered by Claude AI's extended reasoning capabilities, detect the attack patterns associated with this CVE by mapping across four MITRE ATT&CK tactic categories. Practitioners using Casky would identify reconnaissance activity (TA0001) probing port 9780, initial access attempts (TA0001) exploiting the missing authentication check, resource exploitation (TA0040) patterns showing sudden memory allocation spikes, and impact events (TA0040) correlating with denial-of-service indicators. The platform's skills specifically flag CWE-306 (missing authentication) violations, CWE-770 (unbounded resource allocation) signatures, and CWE-789 (memory allocation patterns) anomalies. Security practitioners would observe findings highlighting unauthenticated socket connections on IoTDB's AirGap port combined with suspicious byte array allocation patterns, enabling rapid threat detection and mitigation before memory exhaustion occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-40006.
Casky has 577 skills that investigate the attack patterns behind CVE-2026-40006. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →Access with Stolen Session Cookie
identity access management · low
Access with Stolen Session Cookie
penetration testing · medium
Access with Stolen Session Cookie
cryptography · low
Account Access Removal
cloud security · low
Account Manipulation
cloud security · low
Account Manipulation
identity access management · low
Account Manipulation
identity access management · low
Account Manipulation: Account Linking
cloud security · low
Account Manipulation: Add Authorized User
identity access management · low
Account Manipulation: Change Account Details
cloud security · low
Account Manipulation: Change of Payment Details
phishing defense · medium
Account Manipulation: Enable Account Features
identity access management · low
Account Manipulation: Enable Account Features
identity access management · low
Account Takeover
red teaming · high
Account Takeover
identity access management · low
Account Takeover
identity access management · low
Account Takeover
identity access management · low
Account Takeover
incident response · low
Account Takeover
red teaming · high
Account Takeover
phishing defense · medium
Account Takeover: Exposed Login Credential
soc operations · low
Account Takeover: Exposed Login Credential
red teaming · high
Account Takeover: Exposed Login Credential
phishing defense · medium
Account Takeover: Exposed Login Credential
identity access management · low
Account Takeover: Exposed Login Credential
identity access management · low
Account Takeover: Exposed Login Credential
incident response · low
Account Takeover: Exposed Login Credential
identity access management · low
Account Takeover: Exposed Login Credential
threat hunting · low
Account Takeover: Password Reset
identity access management · low
Adversary-in-the-Browser: Malicious JavaScript Injection
network security · medium
Adversary-in-the-Middle
identity access management · low
analyzing-android-malware-with-apktool
malware analysis · medium
analyzing-apt-group-with-mitre-navigator
threat intelligence · low
analyzing-bootkit-and-rootkit-samples
malware analysis · medium
analyzing-campaign-attribution-evidence
threat intelligence · low
analyzing-cloud-storage-access-patterns
cloud security · low
analyzing-cobalt-strike-beacon-configuration
malware analysis · medium
analyzing-cobaltstrike-malleable-c2-profiles
malware analysis · medium
analyzing-command-and-control-communication
malware analysis · medium
analyzing-cyber-kill-chain
threat intelligence · low
analyzing-dns-logs-for-exfiltration
soc operations · low
analyzing-golang-malware-with-ghidra
malware analysis · medium
analyzing-heap-spray-exploitation
malware analysis · medium
analyzing-kubernetes-audit-logs
container security · low
analyzing-linux-audit-logs-for-intrusion
incident response · low
analyzing-macro-malware-in-office-documents
malware analysis · medium
analyzing-malicious-pdf-with-peepdf
malware analysis · medium
analyzing-malicious-url-with-urlscan
phishing defense · medium
analyzing-malware-behavior-with-cuckoo-sandbox
malware analysis · medium
analyzing-malware-family-relationships-with-malpedia
threat intelligence · low
analyzing-malware-persistence-with-autoruns
malware analysis · medium
analyzing-malware-sandbox-evasion-techniques
malware analysis · medium
analyzing-memory-dumps-with-volatility
malware analysis · medium
analyzing-network-covert-channels-in-malware
malware analysis · medium
analyzing-network-flow-data-with-netflow
network security · medium
analyzing-network-packets-with-scapy
network security · medium
analyzing-network-traffic-for-incidents
incident response · low
analyzing-network-traffic-of-malware
malware analysis · medium
analyzing-network-traffic-with-wireshark
network security · medium
analyzing-office365-audit-logs-for-compromise
cloud security · low
analyzing-packed-malware-with-upx-unpacker
malware analysis · medium
analyzing-pdf-malware-with-pdfid
malware analysis · medium
analyzing-persistence-mechanisms-in-linux
threat hunting · low
analyzing-powershell-empire-artifacts
threat hunting · low
analyzing-security-logs-with-splunk
incident response · low
analyzing-supply-chain-malware-artifacts
malware analysis · medium
analyzing-threat-actor-ttps-with-mitre-attack
threat intelligence · low
analyzing-threat-actor-ttps-with-mitre-navigator
threat intelligence · low
analyzing-threat-intelligence-feeds
threat intelligence · low
analyzing-threat-landscape-with-misp
threat intelligence · low
analyzing-windows-event-logs-in-splunk
soc operations · low
attacking-entra-id-with-roadtools
identity access management · low
attacking-oauth-with-device-code-phishing
identity access management · low
auditing-aws-s3-bucket-permissions
cloud security · low
auditing-azure-active-directory-configuration
cloud security · low
auditing-cloud-with-cis-benchmarks
cloud security · low
auditing-entra-id-with-aadinternals
identity access management · low
auditing-gcp-iam-permissions
cloud security · low
auditing-kubernetes-rbac-privilege-escalation
container security · low
auditing-terraform-infrastructure-for-security
cloud security · low
auditing-tls-certificate-transparency-logs
threat intelligence · low
automating-ioc-enrichment
threat intelligence · low
benchmarking-kubernetes-with-kube-bench
container security · low
Browser Session Hijacking
cloud security · low
Brute Force: Credential Stuffing
threat intelligence · low
building-adversary-infrastructure-tracking-system
threat intelligence · low
building-attack-pattern-library-from-cti-reports
threat intelligence · low
building-automated-malware-submission-pipeline
soc operations · low
building-c2-infrastructure-with-sliver-framework
red teaming · high
building-c2-redirector-infrastructure
red teaming · high
building-cloud-siem-with-sentinel
cloud security · low
building-detection-rule-with-splunk-spl
soc operations · low
building-detection-rules-with-sigma
soc operations · low
building-incident-response-dashboard
soc operations · low
building-incident-response-playbook
incident response · low
building-incident-timeline-with-timesketch
incident response · low
building-ioc-defanging-and-sharing-pipeline
threat intelligence · low
building-ioc-enrichment-pipeline-with-opencti
threat intelligence · low
building-malware-incident-communication-template
incident response · low
building-red-team-c2-infrastructure-with-havoc
red teaming · high
building-role-mining-for-rbac-optimization
identity access management · low
building-soc-escalation-matrix
soc operations · low
building-soc-metrics-and-kpi-tracking
soc operations · low
building-threat-actor-profile-from-osint
threat intelligence · low
building-threat-feed-aggregation-with-misp
threat intelligence · low
building-threat-hunt-hypothesis-framework
threat hunting · low
building-threat-intelligence-enrichment-in-splunk
soc operations · low
building-threat-intelligence-feed-integration
soc operations · low
building-threat-intelligence-platform
threat intelligence · low
building-vulnerability-scanning-workflow
soc operations · low
coercing-authentication-with-coercer-petitpotam
red teaming · high
collecting-indicators-of-compromise
incident response · low
collecting-open-source-intelligence
threat intelligence · low
collecting-threat-intelligence-with-misp
threat intelligence · low
collecting-volatile-evidence-from-compromised-host
incident response · low
conducting-api-security-testing
penetration testing · medium
conducting-cloud-incident-response
incident response · low
conducting-cloud-penetration-testing
cloud security · low
conducting-domain-persistence-with-dcsync
red teaming · high
conducting-external-reconnaissance-with-osint
penetration testing · medium
conducting-full-scope-red-team-engagement
red teaming · high
conducting-internal-network-penetration-test
penetration testing · medium
conducting-internal-reconnaissance-with-bloodhound-ce
red teaming · high
conducting-malware-incident-response
incident response · low
conducting-man-in-the-middle-attack-simulation
network security · medium
conducting-memory-forensics-with-volatility
incident response · low
conducting-mobile-app-penetration-test
penetration testing · medium
conducting-network-penetration-test
penetration testing · medium
conducting-pass-the-ticket-attack
red teaming · high
conducting-post-incident-lessons-learned
incident response · low
conducting-wireless-network-penetration-test
penetration testing · medium
configuring-active-directory-tiered-model
identity access management · low
configuring-aws-verified-access-for-ztna
zero trust architecture · low
configuring-certificate-authority-with-openssl
cryptography · low
configuring-host-based-intrusion-detection
endpoint security · low
configuring-hsm-for-key-storage
cryptography · low
configuring-microsegmentation-for-zero-trust
zero trust architecture · low
configuring-multi-factor-authentication-with-duo
identity access management · low
configuring-network-segmentation-with-vlans
network security · medium
configuring-pfsense-firewall-rules
network security · medium
configuring-snort-ids-for-intrusion-detection
network security · medium
configuring-suricata-for-network-monitoring
network security · medium
configuring-tls-1-3-for-secure-communications
cryptography · low
configuring-windows-defender-advanced-settings
endpoint security · low
configuring-windows-event-logging-for-detection
endpoint security · low
configuring-zscaler-private-access-for-ztna
zero trust architecture · low
containing-active-breach
incident response · low
Conversion to Physical Monetary Instruments: Cash
ransomware defense · medium
Conversion to Physical Monetary Instruments: Cash
ransomware defense · medium
Conversion to Physical Monetary Instruments: Cash
incident response · low
Conversion to Physical Monetary Instruments: Cash
incident response · low
Convert to Cryptocurrency
cloud security · low
Convert to Cryptocurrency
ransomware defense · medium
Convert to Cryptocurrency
ransomware defense · medium
correlating-security-events-in-qradar
soc operations · low
correlating-threat-campaigns
threat intelligence · low
Create Fake Materials: Fake Website
phishing defense · medium
Create Fake Materials: Fake Website
threat intelligence · low
Create Fake Materials: Fake Website
penetration testing · medium
Create Fake Materials: Fake Website
phishing defense · medium
Create Fake Materials: Fake Website
threat hunting · low
Create Fake Materials: Fake Website
phishing defense · medium
Create Fake Materials: Fake Website
phishing defense · medium
Delete Relevant Emails
phishing defense · medium
deobfuscating-javascript-malware
malware analysis · medium
deobfuscating-powershell-obfuscated-malware
malware analysis · medium
deploying-cloudflare-access-for-zero-trust
zero trust architecture · low
deploying-edr-agent-with-crowdstrike
endpoint security · low
deploying-osquery-for-endpoint-monitoring
endpoint security · low
deploying-palo-alto-prisma-access-zero-trust
zero trust architecture · low
deploying-software-defined-perimeter
zero trust architecture · low
deploying-tailscale-for-zero-trust-vpn
zero trust architecture · low
detecting-anomalies-in-industrial-control-systems
ot ics security · medium
detecting-api-enumeration-attacks
api security · medium
detecting-arp-poisoning-in-network-traffic
network security · medium
detecting-attacks-on-historian-servers
ot ics security · medium
detecting-attacks-on-scada-systems
ot ics security · medium
detecting-aws-guardduty-findings-automation
cloud security · low
detecting-aws-iam-privilege-escalation
cloud security · low
detecting-azure-lateral-movement
cloud security · low
detecting-azure-service-principal-abuse
cloud security · low
detecting-azure-storage-account-misconfigurations
cloud security · low
detecting-broken-object-property-level-authorization
api security · medium
detecting-cloud-threats-with-guardduty
cloud security · low
detecting-command-and-control-over-dns
network security · medium
detecting-container-drift-at-runtime
container security · low
detecting-container-escape-attempts
container security · low
detecting-container-escape-with-falco-rules
container security · low
detecting-container-runtime-threats-with-falco
container security · low
detecting-dcsync-attack-in-active-directory
threat hunting · low
detecting-dll-sideloading-attacks
threat hunting · low
detecting-dnp3-protocol-anomalies
ot ics security · medium
detecting-dns-exfiltration-with-dns-query-analysis
network security · medium
detecting-email-account-compromise
incident response · low
detecting-email-forwarding-rules-attack
threat hunting · low
detecting-entra-offensive-tools-in-graph-logs
soc operations · low
detecting-evasion-techniques-in-endpoint-logs
endpoint security · low
detecting-exfiltration-over-dns-with-zeek
network security · medium
detecting-fileless-attacks-on-endpoints
endpoint security · low
detecting-fileless-malware-techniques
malware analysis · medium
detecting-golden-ticket-attacks-in-kerberos-logs
threat hunting · low
detecting-insider-threat-behaviors
threat hunting · low
detecting-kerberoasting-attacks
threat hunting · low
detecting-lateral-movement-in-network
network security · medium
detecting-lateral-movement-with-splunk
threat hunting · low
detecting-lateral-movement-with-zeek
network security · medium
detecting-malicious-scheduled-tasks-with-sysmon
threat hunting · low
detecting-mimikatz-execution-patterns
threat hunting · low
detecting-misconfigured-azure-storage
cloud security · low
detecting-modbus-command-injection-attacks
ot ics security · medium
detecting-modbus-protocol-anomalies
ot ics security · medium
detecting-network-anomalies-with-zeek
network security · medium
detecting-network-scanning-with-ids-signatures
network security · medium
detecting-ntlm-relay-with-event-correlation
threat hunting · low
detecting-pass-the-hash-attacks
threat hunting · low
detecting-port-scanning-with-fail2ban
network security · medium
detecting-privilege-escalation-attempts
threat hunting · low
detecting-privilege-escalation-in-kubernetes-pods
container security · low
detecting-process-hollowing-technique
threat hunting · low
detecting-process-injection-techniques
malware analysis · medium
detecting-rootkit-activity
malware analysis · medium
detecting-s3-data-exfiltration-attempts
cloud security · low
detecting-serverless-function-injection
cloud security · low
detecting-service-account-abuse
threat hunting · low
detecting-shadow-api-endpoints
api security · medium
detecting-shadow-it-cloud-usage
cloud security · low
detecting-stuxnet-style-attacks
ot ics security · medium
detecting-suspicious-oauth-application-consent
cloud security · low
detecting-suspicious-powershell-execution
threat hunting · low
detecting-t1055-process-injection-with-sysmon
threat hunting · low
detecting-t1548-abuse-elevation-control-mechanism
threat hunting · low
detecting-wmi-persistence
threat hunting · low
Device Fingerprint Spoofing
identity access management · low
Device Fingerprint Spoofing
identity access management · low
Electronic Funds Transfer: Wire Transfer
ransomware defense · medium
Electronic Funds Transfer: Wire Transfer
phishing defense · medium
Electronic Funds Transfer: Wire Transfer
threat intelligence · low
Email Spoofing
threat intelligence · low
emulating-cloud-attacks-with-stratus-red-team
cloud security · low
enumerating-cloud-with-cloudfox
cloud security · low
eradicating-malware-from-infected-systems
incident response · low
escaping-containers-to-host
container security · low
evaluating-threat-intelligence-platforms
threat intelligence · low
executing-active-directory-attack-simulation
penetration testing · medium
executing-red-team-engagement-planning
red teaming · high
executing-red-team-exercise
penetration testing · medium
exploiting-active-directory-certificate-services-esc1
red teaming · high
exploiting-active-directory-with-bloodhound
red teaming · high
exploiting-adcs-with-certipy
red teaming · high
exploiting-api-injection-vulnerabilities
api security · medium
exploiting-aws-with-pacu
cloud security · low
exploiting-bgp-hijacking-vulnerabilities
network security · medium
exploiting-broken-function-level-authorization
api security · medium
exploiting-constrained-delegation-abuse
red teaming · high
exploiting-excessive-data-exposure-in-api
api security · medium
exploiting-ipv6-vulnerabilities
network security · medium
exploiting-jwt-algorithm-confusion-attack
api security · medium
exploiting-kerberoasting-with-impacket
red teaming · high
exploiting-ms17-010-eternalblue-vulnerability
red teaming · high
exploiting-nopac-cve-2021-42278-42287
red teaming · high
exploiting-smb-vulnerabilities-with-metasploit
network security · medium
exploiting-sql-injection-vulnerabilities
penetration testing · medium
exploiting-zerologon-vulnerability-cve-2020-1472
red teaming · high
extracting-config-from-agent-tesla-rat
malware analysis · medium
extracting-iocs-from-malware-samples
malware analysis · medium
fleet-hunting-with-velociraptor
threat hunting · low
Gather Customer Information
threat intelligence · low
generating-threat-intelligence-reports
threat intelligence · low
hardening-docker-containers-for-production
container security · low
hardening-docker-daemon-configuration
container security · low
hardening-linux-endpoint-with-cis-benchmark
endpoint security · low
hardening-windows-endpoint-with-cis-benchmark
endpoint security · low
hunting-advanced-persistent-threats
threat intelligence · low
hunting-evtx-with-chainsaw
threat hunting · low
hunting-for-anomalous-powershell-execution
threat hunting · low
hunting-for-beaconing-with-frequency-analysis
threat hunting · low
hunting-for-cobalt-strike-beacons
threat hunting · low
hunting-for-command-and-control-beaconing
threat hunting · low
hunting-for-data-exfiltration-indicators
threat hunting · low
hunting-for-data-staging-before-exfiltration
threat hunting · low
hunting-for-dcom-lateral-movement
threat hunting · low
hunting-for-dcsync-attacks
threat hunting · low
hunting-for-defense-evasion-via-timestomping
threat hunting · low
hunting-for-dns-based-persistence
threat hunting · low
hunting-for-dns-tunneling-with-zeek
threat hunting · low
hunting-for-domain-fronting-c2-traffic
threat hunting · low
hunting-for-lateral-movement-via-wmi
threat hunting · low
hunting-for-living-off-the-cloud-techniques
threat hunting · low
hunting-for-living-off-the-land-binaries
threat hunting · low
hunting-for-lolbins-execution-in-endpoint-logs
threat hunting · low
hunting-for-ntlm-relay-attacks
threat hunting · low
hunting-for-persistence-mechanisms-in-windows
threat hunting · low
hunting-for-persistence-via-wmi-subscriptions
threat hunting · low
hunting-for-process-injection-techniques
threat hunting · low
hunting-for-registry-persistence-mechanisms
threat hunting · low
hunting-for-registry-run-key-persistence
threat hunting · low
hunting-for-scheduled-task-persistence
threat hunting · low
hunting-for-shadow-copy-deletion
threat hunting · low
hunting-for-startup-folder-persistence
threat hunting · low
hunting-for-supply-chain-compromise
threat hunting · low
hunting-for-suspicious-scheduled-tasks
threat hunting · low
hunting-for-t1098-account-manipulation
threat hunting · low
hunting-for-unusual-network-connections
threat hunting · low
hunting-for-unusual-service-installations
threat hunting · low
hunting-for-webshell-activity
threat hunting · low
hunting-saas-sso-token-abuse
soc operations · low
Impersonate Account Holder
phishing defense · medium
Impersonate Account Holder
phishing defense · medium
implementing-aes-encryption-for-data-at-rest
cryptography · low
implementing-alert-fatigue-reduction
soc operations · low
implementing-api-abuse-detection-with-rate-limiting
api security · medium
implementing-api-gateway-security-controls
api security · medium
implementing-api-key-security-controls
api security · medium
implementing-api-rate-limiting-and-throttling
api security · medium
implementing-api-schema-validation-security
api security · medium
implementing-api-security-posture-management
api security · medium
implementing-api-security-testing-with-42crunch
api security · medium
implementing-api-threat-protection-with-apigee
api security · medium
implementing-application-whitelisting-with-applocker
endpoint security · low
implementing-aws-config-rules-for-compliance
cloud security · low
implementing-aws-iam-permission-boundaries
identity access management · low
implementing-aws-macie-for-data-classification
cloud security · low
implementing-aws-nitro-enclave-security
cloud security · low
implementing-aws-security-hub
cloud security · low
implementing-aws-security-hub-compliance
cloud security · low
implementing-azure-defender-for-cloud
cloud security · low
implementing-beyondcorp-zero-trust-access-model
zero trust architecture · low
implementing-bgp-security-with-rpki
network security · medium
implementing-cisa-zero-trust-maturity-model
zero trust architecture · low
implementing-cloud-dlp-for-data-protection
cloud security · low
implementing-cloud-security-posture-management
cloud security · low
implementing-cloud-trail-log-analysis
cloud security · low
implementing-cloud-waf-rules
cloud security · low
implementing-cloud-workload-protection
cloud security · low
implementing-conditional-access-policies-azure-ad
identity access management · low
implementing-conduit-security-for-ot-remote-access
ot ics security · medium
implementing-container-image-minimal-base-with-distroless
container security · low
implementing-container-network-policies-with-calico
container security · low
implementing-ddos-mitigation-with-cloudflare
network security · medium
implementing-device-posture-assessment-in-zero-trust
zero trust architecture · low
implementing-diamond-model-analysis
threat intelligence · low
implementing-digital-signatures-with-ed25519
cryptography · low
implementing-disk-encryption-with-bitlocker
endpoint security · low
implementing-dmarc-dkim-spf-email-security
phishing defense · medium
implementing-dragos-platform-for-ot-monitoring
ot ics security · medium
implementing-email-sandboxing-with-proofpoint
phishing defense · medium
implementing-end-to-end-encryption-for-messaging
cryptography · low
implementing-endpoint-dlp-controls
endpoint security · low
implementing-envelope-encryption-with-aws-kms
cryptography · low
implementing-file-integrity-monitoring-with-aide
endpoint security · low
implementing-gcp-binary-authorization
cloud security · low
implementing-gcp-organization-policy-constraints
cloud security · low
implementing-gcp-vpc-firewall-rules
cloud security · low
implementing-ics-firewall-with-tofino
ot ics security · medium
implementing-iec-62443-security-zones
ot ics security · medium
implementing-image-provenance-verification-with-cosign
container security · low
implementing-immutable-backup-with-restic
ransomware defense · medium
implementing-just-in-time-access-provisioning
identity access management · low
implementing-jwt-signing-and-verification
cryptography · low
implementing-kubernetes-network-policy-with-calico
container security · low
implementing-kubernetes-pod-security-standards
container security · low
implementing-memory-protection-with-dep-aslr
endpoint security · low
implementing-microsegmentation-with-guardicore
zero trust architecture · low
implementing-mitre-attack-coverage-mapping
soc operations · low
implementing-nerc-cip-compliance-controls
ot ics security · medium
implementing-network-access-control
network security · medium
implementing-network-access-control-with-cisco-ise
network security · medium
implementing-network-intrusion-prevention-with-suricata
network security · medium
implementing-network-policies-for-kubernetes
container security · low
implementing-network-segmentation-for-ot
ot ics security · medium
implementing-network-segmentation-with-firewall-zones
network security · medium
implementing-network-traffic-analysis-with-arkime
network security · medium
implementing-network-traffic-baselining
network security · medium
implementing-next-generation-firewall-with-palo-alto
network security · medium
implementing-opa-gatekeeper-for-policy-enforcement
container security · low
implementing-ot-incident-response-playbook
ot ics security · medium
implementing-ot-network-traffic-analysis-with-nozomi
ot ics security · medium
implementing-passwordless-authentication-with-fido2
identity access management · low
implementing-patch-management-for-ot-systems
ot ics security · medium
implementing-pod-security-admission-controller
container security · low
implementing-privileged-session-monitoring
identity access management · low
implementing-purdue-model-network-segmentation
ot ics security · medium
implementing-rbac-hardening-for-kubernetes
container security · low
implementing-rsa-key-pair-management
cryptography · low
implementing-runtime-security-with-tetragon
container security · low
implementing-secrets-management-with-vault
cloud security · low
implementing-security-information-sharing-with-stix2
threat intelligence · low
implementing-siem-use-cases-for-detection
soc operations · low
implementing-soar-automation-with-phantom
soc operations · low
implementing-soar-playbook-with-palo-alto-xsoar
soc operations · low
implementing-stix-taxii-feed-integration
threat intelligence · low
implementing-supply-chain-security-with-in-toto
container security · low
implementing-taxii-server-with-opentaxii
threat intelligence · low
implementing-threat-intelligence-lifecycle-management
threat intelligence · low
implementing-threat-modeling-with-mitre-attack
soc operations · low
implementing-ticketing-system-for-incidents
soc operations · low
implementing-usb-device-control-policy
endpoint security · low
implementing-velociraptor-for-ir-collection
incident response · low
implementing-zero-knowledge-proof-for-authentication
cryptography · low
implementing-zero-standing-privilege-with-cyberark
identity access management · low
implementing-zero-trust-dns-with-nextdns
zero trust architecture · low
implementing-zero-trust-for-saas-applications
zero trust architecture · low
implementing-zero-trust-in-cloud
cloud security · low
implementing-zero-trust-network-access
cloud security · low
implementing-zero-trust-network-access-with-zscaler
zero trust architecture · low
Indicator Removal
ransomware defense · medium
Indicator Removal
ransomware defense · medium
Insider Access Abuse
ransomware defense · medium
Insider Access Abuse
zero trust architecture · low
Insider Access Abuse
identity access management · low
investigating-insider-threat-indicators
soc operations · low
managing-intelligence-lifecycle
threat intelligence · low
mapping-attack-paths-with-bloodhound-ce
red teaming · high
mapping-mitre-attack-techniques
threat intelligence · low
migrating-to-post-quantum-cryptography
cryptography · low
modeling-threats-with-opencti
threat intelligence · low
moving-laterally-with-netexec
penetration testing · medium
operating-havoc-c2
red teaming · high
operating-sliver-c2
red teaming · high
operationalizing-misp-threat-feeds
threat intelligence · low
performing-access-review-and-certification
identity access management · low
performing-active-directory-bloodhound-analysis
red teaming · high
performing-active-directory-compromise-investigation
incident response · low
performing-active-directory-penetration-test
penetration testing · medium
performing-ai-driven-osint-correlation
threat intelligence · low
performing-alert-triage-with-elastic-siem
soc operations · low
performing-api-fuzzing-with-restler
api security · medium
performing-api-inventory-and-discovery
api security · medium
performing-api-rate-limiting-bypass
api security · medium
performing-api-security-testing-with-postman
api security · medium
performing-arp-spoofing-attack-simulation
network security · medium
performing-automated-malware-analysis-with-cape
malware analysis · medium
performing-aws-account-enumeration-with-scout-suite
cloud security · low
performing-aws-privilege-escalation-assessment
cloud security · low
performing-bandwidth-throttling-attack-simulation
network security · medium
performing-cloud-asset-inventory-with-cartography
cloud security · low
performing-cloud-forensics-with-aws-cloudtrail
cloud security · low
performing-cloud-incident-containment-procedures
incident response · low
performing-cloud-log-forensics-with-athena
cloud security · low
performing-cloud-native-forensics-with-falco
cloud security · low
performing-cloud-native-threat-hunting-with-aws-detective
cloud security · low
performing-cloud-penetration-testing-with-pacu
cloud security · low
performing-container-escape-detection
container security · low
performing-container-security-scanning-with-trivy
container security · low
performing-dark-web-monitoring-for-threats
threat intelligence · low
performing-deception-technology-deployment
soc operations · low
performing-disk-forensics-investigation
incident response · low
performing-dmarc-policy-enforcement-rollout
phishing defense · medium
performing-dns-enumeration-and-zone-transfer
network security · medium
performing-docker-bench-security-assessment
container security · low
performing-dynamic-analysis-with-any-run
malware analysis · medium
performing-endpoint-forensics-investigation
endpoint security · low
performing-endpoint-vulnerability-remediation
endpoint security · low
performing-external-network-penetration-test
penetration testing · medium
performing-false-positive-reduction-in-siem
soc operations · low
performing-firmware-malware-analysis
malware analysis · medium
performing-gcp-penetration-testing-with-gcpbucketbrute
cloud security · low
performing-gcp-security-assessment-with-forseti
cloud security · low
performing-graphql-depth-limit-attack
api security · medium
performing-graphql-introspection-attack
api security · medium
performing-hardware-security-module-integration
cryptography · low
performing-hash-cracking-with-hashcat
cryptography · low
performing-ics-asset-discovery-with-claroty
ot ics security · medium
performing-indicator-lifecycle-management
threat intelligence · low
performing-insider-threat-investigation
incident response · low
performing-ioc-enrichment-automation
soc operations · low
performing-iot-security-assessment
penetration testing · medium
performing-ip-reputation-analysis-with-shodan
threat intelligence · low
performing-jwt-none-algorithm-attack
api security · medium
performing-kerberoasting-attack
red teaming · high
performing-kubernetes-cis-benchmark-with-kube-bench
container security · low
performing-kubernetes-etcd-security-assessment
container security · low
performing-kubernetes-penetration-testing
container security · low
performing-lateral-movement-detection
soc operations · low
performing-lateral-movement-with-wmiexec
red teaming · high
performing-log-source-onboarding-in-siem
soc operations · low
performing-malware-hash-enrichment-with-virustotal
threat intelligence · low
performing-malware-ioc-extraction
threat intelligence · low
performing-malware-triage-with-yara
malware analysis · medium
performing-memory-forensics-with-volatility3-plugins
malware analysis · medium
performing-network-traffic-analysis-with-tshark
network security · medium
performing-network-traffic-analysis-with-zeek
network security · medium
performing-oil-gas-cybersecurity-assessment
ot ics security · medium
performing-open-source-intelligence-gathering
red teaming · high
performing-osint-with-spiderfoot
threat intelligence · low
performing-ot-network-security-assessment
ot ics security · medium
performing-ot-vulnerability-assessment-with-claroty
ot ics security · medium
performing-ot-vulnerability-scanning-safely
ot ics security · medium
performing-packet-injection-attack
network security · medium
performing-physical-intrusion-assessment
red teaming · high
performing-plc-firmware-security-analysis
ot ics security · medium
performing-post-quantum-cryptography-migration
cryptography · low
performing-power-grid-cybersecurity-assessment
ot ics security · medium
performing-privilege-escalation-assessment
penetration testing · medium
performing-privilege-escalation-on-linux
red teaming · high
performing-privileged-account-access-review
identity access management · low
performing-privileged-account-discovery
identity access management · low
performing-purple-team-exercise
soc operations · low
performing-s7comm-protocol-security-analysis
ot ics security · medium
performing-scada-hmi-security-assessment
ot ics security · medium
performing-serverless-function-security-review
cloud security · low
performing-service-account-audit
identity access management · low
performing-soap-web-service-security-testing
api security · medium
performing-soc-tabletop-exercise
soc operations · low
performing-ssl-certificate-lifecycle-management
cryptography · low
performing-ssl-stripping-attack
network security · medium
performing-ssl-tls-inspection-configuration
network security · medium
performing-ssl-tls-security-assessment
network security · medium
performing-static-malware-analysis-with-pe-studio
malware analysis · medium
performing-thick-client-application-penetration-test
penetration testing · medium
performing-threat-emulation-with-atomic-red-team
threat intelligence · low
performing-threat-hunting-with-elastic-siem
soc operations · low
performing-threat-hunting-with-yara-rules
threat hunting · low
performing-threat-intelligence-sharing-with-misp
threat intelligence · low
performing-threat-landscape-assessment-for-sector
threat intelligence · low
performing-user-behavior-analytics
soc operations · low
performing-vlan-hopping-attack
network security · medium
performing-vulnerability-scanning-with-nessus
penetration testing · medium
performing-web-application-penetration-test
penetration testing · medium
performing-wifi-password-cracking-with-aircrack
network security · medium
performing-wireless-network-penetration-test
penetration testing · medium
performing-wireless-security-assessment-with-kismet
network security · medium
performing-yara-rule-development-for-detection
malware analysis · medium
Phishing
threat intelligence · low
Phishing
threat intelligence · low
Phishing for Information
zero trust architecture · low
Phone Number Spoofing: Official Phone Number Spoofing
red teaming · high
post-exploiting-microsoft-graph-with-graphrunner
identity access management · low
processing-stix-taxii-feeds
threat intelligence · low
profiling-threat-actor-groups
threat intelligence · low
relaying-ntlm-for-adcs-esc8
red teaming · high
remediating-s3-bucket-misconfiguration
cloud security · low
Remote Access Tools
malware analysis · medium
Remote Access Tools
ransomware defense · medium
Remote Access Tools
malware analysis · medium
reverse-engineering-android-malware-with-jadx
malware analysis · medium
reverse-engineering-dotnet-malware-with-dnspy
malware analysis · medium
reverse-engineering-malware-with-ghidra
malware analysis · medium
reverse-engineering-rust-malware
malware analysis · medium
scanning-container-images-with-grype
container security · low
scanning-docker-images-with-trivy
container security · low
scanning-kubernetes-manifests-with-kubesec
container security · low
scanning-network-with-nmap-advanced
network security · medium
securing-api-gateway-with-aws-waf
cloud security · low
securing-aws-lambda-execution-roles
cloud security · low
securing-azure-with-microsoft-defender
cloud security · low
securing-container-registry-images
cloud security · low
securing-container-registry-with-harbor
container security · low
securing-helm-chart-deployments
container security · low
securing-historian-server-in-ot-environment
ot ics security · medium
securing-kubernetes-on-cloud
cloud security · low
securing-remote-access-to-ot-environment
ot ics security · medium
securing-serverless-functions
cloud security · low
Stage Capabilities: SEO Poisoning
threat intelligence · low
Steal Web Session Cookie
zero trust architecture · low
Steal Web Session Cookie
identity access management · low
Steal Web Session Cookie
identity access management · low
Structuring
ransomware defense · medium
testing-api-authentication-weaknesses
api security · medium
testing-api-for-broken-object-level-authorization
api security · medium
testing-api-for-mass-assignment-vulnerability
api security · medium
testing-for-xss-vulnerabilities
penetration testing · medium
testing-oauth2-implementation-flaws
api security · medium
testing-websocket-api-security
api security · medium
Transfer of funds
ransomware defense · medium
Transfer of funds
ransomware defense · medium
Transfer of funds
malware analysis · medium
Transfer of funds
soc operations · low
Transfer of funds
threat hunting · low
triaging-security-alerts-in-splunk
soc operations · low
triaging-security-incident
incident response · low
triaging-security-incident-with-ir-playbook
incident response · low
Use Alternate Authentication Material: Application Access Token
cloud security · low
Use Alternate Authentication Material: Application Access Token
cloud security · low
© 2026 Casky.AI, Inc. · AI Security Investigation