Skill UI

A comprehensive tool for detecting and analyzing covert communication channels used by sophisticated malware. It focuses on identifying anomalies in network traffic, such as DNS tunneling, ICMP exfiltration, and steganographic HTTP abuse, which are used for Command and Control (C2) communication and data exfiltration. Ideal for security incident response, threat hunting, and building advanced network detection rules.

Examines packet captures, Zeek logs, and NetFlow data to uncover C2 channels, lateral movement, and exfiltration during security incidents, guiding analysts through capture, filtering, and IOC extraction workflows.

A comprehensive digital forensics technique used to investigate removable media usage. It parses artifacts from Windows registry (USBSTOR, MountedDevices), Event Logs, and SetupAPI logs to track which USB devices were connected, when they were used, and establishing a timeline for potential data exfiltration or insider threat activity.

This skill provides advanced threat hunting techniques to detect unauthorized data exfiltration. It guides the analysis of network traffic, DNS queries, and cloud uploads to identify unusual data flows, DNS tunneling, and abuse of encrypted channels, essential for incident response and preventing data loss.

This skill provides a comprehensive guide and methodology for identifying and exploiting Cross-Origin Resource Sharing (CORS) misconfigurations in web applications. It covers testing origin validation bypasses, analyzing preflight requests, and simulating data exfiltration during authorized penetration tests, crucial for assessing API security.

This guide details methodologies for identifying and exploiting XML External Entity (XXE) injection vulnerabilities in web applications. It covers basic file retrieval, blind XXE detection using out-of-band techniques, and data exfiltration, all critical steps during authorized penetration testing of XML-consuming APIs and services.

This skill provides a comprehensive guide and structured SQL templates for performing deep forensic investigations on AWS cloud logs. It utilizes AWS Athena to query massive datasets from CloudTrail, VPC Flow Logs, S3 access logs, and ALB logs. Ideal for detecting unauthorized access, data exfiltration, and privilege escalation during security incident response.

A powerful technique used when full XSS is blocked by CSP, sanitizers, or WAFs, but HTML injection is possible. It leverages unclosed HTML tags (like <img> or <link>) to capture and exfiltrate sensitive page data (CSRF tokens, session IDs, form values) by forcing the browser to include the subsequent content in a request URL.

A comprehensive and advanced playbook for mastering SQL injection techniques. It covers critical areas including WAF bypass, out-of-band data exfiltration, second-order injection, and exploitation strategies across major database systems (MySQL, MSSQL, Oracle, PostgreSQL). Essential for professional penetration testing and security auditing.

A comprehensive, expert-level playbook covering XML External Entity (XXE) vulnerabilities. This guide details advanced attack techniques across multiple contexts, including SOAP, REST, SVG, and Office files. Key topics covered include blind detection, out-of-band (OOB) data exfiltration, local file reading (e.g., /etc/passwd), and chaining XXE to achieve SSRF or RCE.