Login
Download

Skill UI

Browse and discover 9677+ curated skills
All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages
Total 6072 skills
Default Newest Most Downloaded

Advanced SQL Injection Exploitation Guide

sqli-sql-injection
yaklang/hack-skills
263
A comprehensive and advanced playbook for mastering SQL injection techniques. It covers critical areas including WAF bypass, out-of-band data exfiltration, second-order injection, and exploitation strategies across major database systems (MySQL, MSSQL, Oracle, PostgreSQL). Essential for professional penetration testing and security auditing.
View Details

Server-Side Request Forgery Expert Playbook

ssrf-server-side-request-forgery
yaklang/hack-skills
460
This comprehensive playbook details expert techniques for exploiting Server-Side Request Forgery (SSRF). It covers bypassing URL filters, accessing cloud metadata endpoints (AWS, GCP, Azure), utilizing advanced protocols like Gopher, and chaining vulnerabilities to achieve Remote Code Execution (RCE) in real-world scenarios. Ideal for penetration testers and security researchers.
View Details

Advanced SSTI Exploitation Techniques

ssti-server-side-template-injection
yaklang/hack-skills
57
This expert playbook provides comprehensive techniques for exploiting Server-Side Template Injection (SSTI). It covers polyglot detection probes, engine fingerprinting (Jinja2, Twig, FreeMarker, etc.), sandbox escape mechanisms (MRO chains), and advanced bypass techniques. Essential reading for security researchers and penetration testers assessing application vulnerabilities.
View Details

Subdomain Takeover Detection And Exploitation

subdomain-takeover
yaklang/hack-skills
495
This playbook details the methodology for detecting and exploiting subdomain takeover vulnerabilities. It focuses on identifying CNAME/NS/MX records pointing to deprovisioned or unclaimed cloud resources (e.g., AWS S3 buckets, Heroku apps). Understanding these weaknesses allows attackers to serve malicious content under the victim's trusted domain, leading to phishing, credential theft, and security bypasses.
View Details

Symbolic Execution and Constraint Solving Playbook

symbolic-execution-tools
yaklang/hack-skills
166
This playbook provides advanced techniques for symbolic execution using angr, Z3, and Unicorn Engine. It covers automating CTF challenges, handling constraint solving patterns, function hooking, memory manipulation, and emulating custom virtual machines for binary analysis and key recovery.
View Details

Expert Symmetric Cipher Attack Playbook

symmetric-cipher-attacks
yaklang/hack-skills
221
This playbook provides expert-level techniques for cryptanalysis of symmetric encryption. It details how to exploit weaknesses in various modes and algorithms, including CBC padding oracle attacks, ECB mode exploitation, bit flipping attacks, stream cipher key reuse, and meet-in-the-middle attacks. Essential for authorized penetration testing and CTF challenges.
View Details

PHP Type Juggling and Weak Comparison Bypass

type-juggling
yaklang/hack-skills
254
A comprehensive guide to exploiting PHP's loose type checking (using '==') and type juggling mechanics. This skill is crucial for bypassing security controls like authentication checks, HMAC/signature validations, and token comparisons that fail to use strictly typed comparisons (===) or timing-safe functions (hash_equals). Includes techniques for magic hash collisions and PHP version delta analysis.
View Details

Unauthorized Access to Common Services

unauthorized-access-common-services
yaklang/hack-skills
157
A comprehensive playbook detailing expert techniques for exploiting common network services (such as Redis, Rsync, PHP-FPM, AJP, etc.) when they are exposed without proper authentication or weak access controls. This guide covers various methods including RCE, data theft, and file reading, crucial for advanced penetration testing and infrastructure security assessments.
View Details

Insecure File Upload Vulnerability Testing

upload-insecure-files
yaklang/hack-skills
60
A comprehensive, expert playbook for challenging insecure file upload mechanisms. It provides advanced attack vectors covering validation bypass (magic bytes, extension), storage path abuse (traversal, overwrite), and exploitation of post-upload processing chains (XXE, RCE, CMDi). Essential for deep security auditing of file-handling workflows.
View Details

VM Bytecode Reverse Engineering Playbook

vm-and-bytecode-reverse
yaklang/hack-skills
407
This playbook provides expert techniques for reverse engineering custom virtual machines and proprietary bytecode. It guides users through identifying dispatchers (switch/table), mapping unknown opcodes, reconstructing custom ISAs, and writing dedicated disassemblers. Essential for solving complex CTF challenges, analyzing protected software, or tackling custom runtime environments.
View Details

Advanced Web Cache Deception and Poisoning

web-cache-deception
yaklang/hack-skills
215
A comprehensive playbook detailing expert-level techniques for exploiting web cache vulnerabilities. Covers both Web Cache Deception (stealing authenticated user data) and Web Cache Poisoning (injecting malicious content). Techniques include path confusion, unkeyed header manipulation (X-Forwarded-Host), and exploiting CDN/reverse proxy caching logic. Essential reading for penetration testers and security researchers.
View Details

Admin Language Management Utilities

webiny-admin-languages-catalog
webiny/webiny-js
380
This module provides essential abstractions for managing language data within the admin panel. It includes `LanguageDto` for strongly typed data structures and `useLanguages` hook for fetching and handling language-related state and logic. Use this when developing administrative features that require language catalog management.
View Details
Prev123...493494495496497498499...504505506Next
Language
简体中文
English