Skill UI

This skill deploys Remote Browser Isolation (RBI) as a core component of a Zero Trust security architecture. It implements sophisticated isolation policies utilizing URL categorization, risk-based routing, and Content Disarming and Reconstruction (CDR) for file sanitization. It provides robust data loss prevention controls, effectively mitigating zero-day exploits, phishing, and data exfiltration across isolated web sessions, and integrating with SWG and ZTNA platforms.

This guide details the architecture and deployment of resilient Command and Control (C2) redirectors. By using tools like Nginx and Apache, operators establish an intermediary layer that filters beacon traffic based on malleable C2 profiles. This setup protects the true team server from detection, takedown, and analysis (OPSEC), enabling advanced techniques like domain fronting and traffic shaping for low attribution.

This skill is designed for proactive firmware forensics and advanced threat hunting. It analyzes the EFI System Partition (ESP) to detect sophisticated, pre-OS persistence mechanisms, such as UEFI bootkits (e.g., BlackLotus, ESPecter). Detection methods include verifying file hashes against a trusted golden baseline, checking Secure Boot signatures, scanning with YARA, and flagging structural anomalies within the ESP.

This skill guides the deployment and operation of the Havoc C2 framework, enabling advanced adversary emulation. It utilizes Yaotl profiles to generate highly evasive agents (Demon) that employ sophisticated techniques like indirect syscalls and sleep obfuscation. The scope covers the full red-teaming lifecycle, including C2 setup, payload generation, post-exploitation, and lateral movement, making it ideal for authorized security testing and validating EDR detection capabilities.