Skill UI

This expert playbook details advanced attack vectors specific to the HTTP/2 protocol. It covers sophisticated techniques such as h2c smuggling, exploiting pseudo-header discrepancies, HPACK compression vulnerabilities, and abusing stream multiplexing. Use this skill for professional penetration testing and security auditing of H2 services, especially for bypassing proxy-level controls and WAFs.

A comprehensive playbook for advanced mobile security assessments of iOS applications. Covers both jailbroken and non-jailbroken environments, focusing on critical attack vectors such as keychain extraction, URL scheme hijacking, Universal Links exploitation via AASA misconfigurations, runtime memory manipulation (Frida/Objection), and binary protection analysis.

A comprehensive playbook detailing advanced techniques for attacking Kubernetes clusters. Covers API server access, RBAC privilege escalation, service account token abuse, etcd secrets extraction, Kubelet exploitation, and various container escapes. This guide is essential for security professionals and red teams performing deep security assessments on cloud-native infrastructure.

A comprehensive guide for managing and operating the KubeSphere network extension. This skill provides detailed instructions on installing, upgrading, enabling, or disabling the network extension, managing Calico IPPool resources, configuring NetworkPolicies, and troubleshooting network isolation flows within a Kubernetes cluster environment. Essential for platform engineers and DevOps teams.

A comprehensive playbook detailing advanced techniques for post-exploitation security bypass on Linux systems. Covers escaping restricted shells (rbash), evading noexec/read-only filesystems using in-memory execution (DDexec, memfd_create), and circumventing mandatory access controls like AppArmor and SELinux. Essential for penetration testing and red team operations.

A comprehensive guide detailing various 802.11 management frame attacks, including deauthentication and disassociation. It covers targeted single-client deauth for handshake capture, broadcast DoS attacks, and advanced action-frame exploitation to bypass PMF (802.11w). Essential for professional penetration testing and wireless vulnerability assessment.

A comprehensive guide detailing attack methodologies for Z-Wave smart home networks. Techniques covered include sniffing during inclusion (S0/S2), exploiting key derivation flaws, performing replay attacks on unauthenticated nodes, and crucial hub compromise (pivoting) to gain full control over the entire mesh network. Essential reading for IoT penetration testing.

A comprehensive methodology designed for authorized external reconnaissance and red-teaming operations. It covers the full attack surface mapping lifecycle, including asset discovery, confidence scoring (Tentative, Firm, Confirmed), and developing structured, evidence-based client deliverables. Essential for ethical hacking, bug bounty, and assessing an organization's external digital footprint.

A comprehensive playbook for advanced security testing, focusing on race conditions and TOCTOU (Time-of-check to time-of-use) vulnerabilities in web applications. It guides users to exploit non-atomic, state-changing operations (e.g., coupons, balance deductions, single-use rewards) by sending highly synchronized, parallel requests (including HTTP/2 single-packet attacks). Essential for identifying weaknesses in authorization and transactional integrity.

A comprehensive guide for cryptanalysts detailing advanced attack vectors against RSA cryptography. This playbook covers factorization methods, small exponent exploits (e.g., Hastad Broadcast), lattice-based attacks (Wiener's, Boneh-Durfee), and methods exploiting protocol weaknesses like padding oracles. Essential for CTF challenges and authorized security assessments.

This expert playbook details advanced techniques for exploiting stack-based vulnerabilities, including classic buffer overflows, Return-Oriented Programming (ROP), ret2libc, and specialized gadgets like ret2csu and SROP. It provides comprehensive guidance on bypassing modern memory mitigations (NX, ASLR, PIE) to hijack program control flow and achieve reliable remote code execution in userland binaries.

WizTelemetry Notification is the core notification component of the KubeSphere observability platform. It ingests alerts, cloud events, and audit logs in a multi-tenant Kubernetes environment. It intelligently routes and distributes notifications to various channels (Email, Slack, DingTalk, etc.) based on sophisticated label matching and predefined routing rules, ensuring reliable and targeted communication in complex cloud deployments.