Skill UI

Guides systematic detection and exploitation of cross-site scripting and HTML injection flaws, covering stored/reflected/DOM vectors, payload crafting, and remediation advice for web security assessments.

Run targeted file path traversal assessments to find directory traversal and LFI vulnerabilities across web parameters, verify exploitation payloads, and document sensitive files exposed via automated fuzzing and manual checks.

A rigorous framework designed to audit GitHub Actions workflows for exploitable security vulnerabilities. This skill focuses strictly on real-world attack patterns, requiring every identified finding to include a concrete exploitation scenario (Entry Point, Payload, Impact). Ideal for securing CI/CD pipelines against external attackers.

This guide provides a comprehensive walkthrough for deploying and configuring a production-grade Command and Control (C2) infrastructure using the open-source Havoc framework. It covers setting up the Teamserver, configuring secure HTTPS listeners, implementing redirectors (e.g., Nginx), and deploying Demon agents for advanced post-exploitation red team operations. This skill is essential for authorized security assessments and building robust defensive countermeasures.

This skill provides comprehensive guidance and detection rules for identifying fileless malware, in-memory attacks, and living-off-the-land techniques. It covers detecting PowerShell exploitation, reflective DLL injection, WMI abuse, and registry-resident threats, enabling security teams to build robust detections when traditional antivirus fails.

This comprehensive guide details advanced techniques for detecting and exploiting NoSQL injection vulnerabilities across various databases like MongoDB and CouchDB. It covers critical attack vectors, including authentication bypass using operators ($ne, $gt), blind data extraction via $regex, and executing arbitrary server-side JavaScript through the $where clause. Essential reading for penetration testers and security researchers assessing NoSQL backends.

This comprehensive guide details the professional process of detecting and exploiting SQL injection vulnerabilities using the powerful sqlmap tool. It covers the entire workflow, from initial vulnerability identification and basic scanning to database enumeration, data dumping, advanced exploitation (like file reading and OS command execution), and WAF bypass techniques, ensuring thorough penetration testing reporting.

This skill details the exploitation of the critical Zerologon vulnerability (CVE-2020-1472) found in the Microsoft Netlogon Remote Protocol. It allows an unauthenticated attacker to compromise a domain controller by resetting its machine account password. The guide covers the complete attack chain, including initial exploitation, credential dumping via DCSync, and subsequent privilege escalation in Active Directory environments. Used exclusively for authorized red teaming and security testing.

A comprehensive guide for analyzing binary exploitation techniques, covering buffer overflows, ROP chains, and memory corruption vulnerabilities. It details the use of specialized tools like pwntools, checksec, and ROPgadget for identifying and developing exploits in ELF binaries during authorized security assessments and CTF challenges. Focuses on advanced offensive security practices.

This skill details advanced techniques for performing stealthy lateral movement across Windows domains using Windows Management Instrumentation (WMI). It covers the abuse of native tools like Impacket's wmiexec.py and CrackMapExec, enabling remote command execution, Pass-the-Hash attacks, and fileless techniques, crucial for authorized red team engagements and security auditing.

This tool implements the Stakeholder-Specific Vulnerability Categorization (SSVC) framework, providing a structured decision-tree methodology for advanced vulnerability prioritization. It moves beyond traditional CVSS scoring by incorporating critical factors such as active exploitation status (CISA KEV), technical impact, automatability, and mission prevalence. It generates actionable remediation priorities (Track, Attend, Act) to guide security teams in managing risk and improving security program maturity.

Provides step-by-step techniques for assessing AWS security, covering IAM enumeration, privilege escalation, SSRF metadata attacks, S3/Lambda exploitation, and red-team persistence workflows with recommended tools and commands.