skills.homes logoskills.homescapability registry
home/categories/system-admin
category focus

System Admin

Server management and administrative utilities.

3817 스킬all categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
system-admin
4.2K

configuring-windows-defender-advanced-settings

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

mukul975
mukul975
tools
open
system-admin
4.2K

configuring-windows-event-logging-for-detection

Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for threat detection and forensic investigation. Use when enabling audit policies for logon events, process creation, privilege use, and object access to feed SIEM detection rules. Activates for requests involving Windows audit policy, event log configuration, security logging, or detection-oriented logging.

mukul975
mukul975
tools
open
system-admin
4.2K

containing-active-breach

Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed security breach. Implements short-term and long-term containment using network segmentation, endpoint isolation, credential revocation, and access control modifications. Activates for requests involving breach containment, lateral movement prevention, network isolation, active threat containment, or live incident response.

mukul975
mukul975
tools
open
system-admin
4.2K

deploying-osquery-for-endpoint-monitoring

Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running processes, open ports, installed software, and system configuration. Use when building visibility into endpoint state, threat hunting across fleet, or implementing compliance monitoring. Activates for requests involving osquery deployment, endpoint visibility, fleet management, or SQL-based endpoint querying.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-azure-storage-account-misconfigurations

Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-kerberoasting-attacks

Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with SPNs for offline password cracking.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-malicious-scheduled-tasks-with-sysmon

Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe), 11 (File Create for task XML), and Windows Security Event 4698/4702. The analyst correlates task creation with suspicious parent processes, public directory paths, and encoded command arguments to identify persistence and lateral movement via scheduled tasks. Activates for requests involving scheduled task detection, Sysmon persistence hunting, or T1053.005 Scheduled Task/Job analysis.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-modbus-command-injection-attacks

Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized write operations, anomalous function codes, malformed frames, and deviations from established communication baselines using ICS-aware IDS and protocol deep packet inspection.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-port-scanning-with-fail2ban

Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts, and network reconnaissance, automatically banning offending IP addresses and alerting security teams to suspicious network probing.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-privilege-escalation-attempts

Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse across Windows and Linux.

mukul975
mukul975
tools
open
system-admin
4.2K

detecting-t1548-abuse-elevation-control-mechanism

Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.

mukul975
mukul975
tools
open
system-admin
4.2K

eradicating-malware-from-infected-systems

Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.

mukul975
mukul975
tools
open
system-admin
4.2K

exploiting-constrained-delegation-abuse

Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users via S4U2self and S4U2proxy extensions for lateral movement and privilege escalation.

mukul975
mukul975
tools
open
system-admin
4.2K

exploiting-kerberoasting-with-impacket

Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active Directory service accounts.

mukul975
mukul975
tools
open
system-admin
4.2K

implementing-usb-device-control-policy

Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.

mukul975
mukul975
tools
open
system-admin
4.2K

hardening-docker-daemon-configuration

Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.

mukul975
mukul975
tools
open
system-admin
4.2K

hardening-linux-endpoint-with-cis-benchmark

Hardens Linux endpoints using CIS Benchmark recommendations for Ubuntu, RHEL, and CentOS to reduce attack surface, enforce security baselines, and meet compliance requirements. Use when deploying new Linux servers, remediating audit findings, or establishing security baselines for Linux infrastructure. Activates for requests involving Linux hardening, CIS benchmarks for Linux, server security baselines, or Linux configuration compliance.

mukul975
mukul975
tools
open
system-admin
4.2K

hunting-for-shadow-copy-deletion

Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring vssadmin, wmic, and PowerShell shadow copy commands.

mukul975
mukul975
tools
open
system-admin
4.2K

hunting-for-t1098-account-manipulation

Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group membership changes, and credential modifications using Windows Security Event Logs.

mukul975
mukul975
tools
open
system-admin
4.2K

implementing-anti-ransomware-group-policy

Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements AppLocker rules, Software Restriction Policies, Controlled Folder Access, attack surface reduction rules, and network protection settings. Activates for requests involving Windows GPO hardening against ransomware, AppLocker configuration, Controlled Folder Access setup, or endpoint protection via Group Policy.

mukul975
mukul975
tools
open
system-admin
4.2K

implementing-aws-config-rules-for-compliance

Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom rules aligned to CIS and PCI DSS frameworks, configuring automatic remediation with SSM Automation, and aggregating compliance data across accounts.

mukul975
mukul975
tools
open
system-admin
4.2K

implementing-azure-defender-for-cloud

Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.

mukul975
mukul975
tools
open
system-admin
4.2K

implementing-cloud-waf-rules

This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare to protect cloud-hosted applications against OWASP Top 10 attacks. It details configuring managed rule sets, creating custom rules for business logic protection, implementing rate limiting, deploying bot management, and reducing false positives through rule tuning and logging analysis.

mukul975
mukul975
tools
open
system-admin
4.2K

implementing-delinea-secret-server-for-pam

Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration, role-based access policies, automated password rotation, session recording, and integration with Active Directory and cloud platforms. Activates for requests involving PAM deployment, privileged credential vaulting, secret server administration, or password rotation automation.

mukul975
mukul975
tools
open
Previous
Page 17 / 160
Next