Skill UI

Pass-the-Ticket (PtT) is a critical post-exploitation technique used in red teaming and offensive security assessments. It allows an attacker to move laterally across a network by utilizing stolen Kerberos tickets (TGT or TGS) without ever needing the user's password. This skill outlines the process of dumping tickets from memory (e.g., LSASS) and injecting them into a current session to impersonate a high-privilege user for access to sensitive resources.

A comprehensive guide on configuring advanced email security gateways (SEGs) to detect and block sophisticated, targeted spearphishing attacks. This skill covers essential detection layers, including impersonation protection, real-time URL detonation, attachment sandboxing, and creating custom behavioral rules. It is crucial for SOC analysts and security engineers building robust email threat defense systems.

This guide details the exploitation of the Active Directory Certificate Services (AD CS) ESC1 vulnerability. By leveraging misconfigurations, an attacker can request certificates impersonating high-privileged users (e.g., Domain Admins). The workflow covers AD enumeration, forging certificates with arbitrary Subject Alternative Names (SANs), authenticating via PKINIT, and ultimately escalating domain privileges using tools like mimikatz. Essential for authorized red team and penetration testing.

A comprehensive guide to implementing Mimecast Targeted Threat Protection (TTP). This suite defends against sophisticated phishing, spearphishing, and Business Email Compromise (BEC) attacks by integrating four core modules: URL Protect, Attachment Protect, Impersonation Protect, and Internal Email Protect. Follow the detailed workflow to secure your organizational communications and meet compliance standards.

This skill guides the implementation of Mobile Application Management (MAM) policies, enabling robust data protection for corporate assets on both managed and unmanaged mobile devices (BYOD). It covers configuring app-level controls such as Data Loss Prevention (DLP), selective wiping, and containerization using platforms like Microsoft Intune and Azure AD. Use this when enforcing data separation between personal and work environments without requiring full device enrollment.

This advanced code review skill forces genuine perspective shifts by employing three hostile reviewer personas: the Saboteur (production breaks), the New Hire (maintainability), and the Security Auditor (OWASP-informed). It ensures that all code reviews are critically rigorous, eliminating superficial "Looks Good To Me" approvals and catching blind spots missed by the original author or general AI models. Use it before merging a PR for maximum confidence.