Skill UI

This skill provides a comprehensive framework for performing privilege escalation assessments post-initial compromise. It guides testers in identifying paths from low-privilege access to root or SYSTEM-level control on both Linux and Windows operating systems. Techniques covered include abusing SUID binaries, exploiting misconfigured services, leveraging kernel vulnerabilities, and harvesting credentials.

This skill covers advanced techniques used in red teaming and penetration testing to elevate privileges from a low-level user to root access on a compromised Linux system. It details how to enumerate and exploit various vectors, including SUID/SGID binaries, misconfigured sudo rules, kernel vulnerabilities (e.g., Dirty Pipe), Cron job abuse, and abusing system services. Essential for comprehensive security assessments.

A comprehensive tool for conducting deep security assessments of SSL/TLS server configurations. It uses the sslyze library to evaluate supported protocol versions (e.g., TLS 1.0-1.3), cipher suite strength, certificate chain validity, HSTS enforcement, and scan for critical vulnerabilities like Heartbleed and ROBOT. Ideal for security auditing and incident response.

This skill simulates and detects critical software supply chain attacks, including typosquatting via Levenshtein distance, dependency confusion detection against private registries, and package integrity verification using SHA-256 hashing. It also performs comprehensive vulnerability scanning against known CVEs using pip-audit. It is essential for security assessments, compliance audits, and incident response when validating software component trustworthiness.

This comprehensive guide details the process of performing authenticated and unauthenticated vulnerability assessments using Tenable Nessus. It covers everything from advanced scan configuration (port discovery, credentialing, plugin setup) to detailed result analysis, including cross-referencing CVEs and prioritizing remediation based on CVSS scores and exploit availability. Ideal for compliance auditing, penetration testing, and maintaining system patch compliance.

A comprehensive guide for performing systematic security assessments on web applications. Following the OWASP Web Security Testing Guide (WSTG), this process identifies critical vulnerabilities such as broken authentication, authorization flaws (IDOR), SQL injection, and Cross-Site Scripting (XSS). The workflow covers reconnaissance, mapping, and advanced testing techniques using tools like Burp Suite and sqlmap, ensuring deep coverage beyond automated scanner capabilities. Ideal for pre-production security validation and compliance audits.

A comprehensive guide detailing the use of Tenable Nessus, an industry-leading vulnerability scanner. Learn how to configure advanced scan policies, perform both authenticated and unauthenticated scans across servers, network devices, and web applications. This skill covers end-to-end processes from execution to result analysis and reporting.

This comprehensive guide details advanced network reconnaissance using Nmap's full capabilities. It covers sophisticated host discovery across multiple protocols, deep port scanning with timing and performance tuning, accurate service version enumeration, and OS fingerprinting. Furthermore, it teaches advanced techniques like firewall evasion (fragmentation, spoofing) and running NSE scripts for systematic vulnerability detection, crucial for authorized security assessment reports.

This skill guides the implementation of comprehensive security controls for container registries. It details workflows for vulnerability scanning using Trivy and Grype, generating Software Bill of Materials (SBOMs) with Syft, and enforcing image authenticity using Cosign and Sigstore. It is essential for building robust CI/CD pipelines and preventing supply chain attacks by ensuring only scanned, signed, and compliant images are deployed.

Harbor is an open-source container registry designed for robust security and compliance. This guide details the comprehensive workflow for securing your container ecosystem by implementing advanced features such as vulnerability scanning (Trivy), image signing (Notary/Cosign), Role-Based Access Control (RBAC), and content trust policies. Learn how to enforce image provenance and maintain strict access control in Kubernetes environments.

This comprehensive guide outlines the end-to-end security lifecycle for Kubernetes applications deployed via Helm. It covers critical topics such as chart provenance verification (GPG signing), template scanning (using tools like kubesec and checkov), enforcing strict security contexts, managing secrets securely (ExternalSecrets), and defining robust RBAC rules for CI/CD pipelines.

This skill provides comprehensive security hardening guidelines for serverless compute platforms like AWS Lambda, Azure Functions, and Google Cloud Functions. It covers essential security pillars including enforcing least privilege IAM roles, integrating robust secrets management (e.g., AWS Secrets Manager), automating dependency vulnerability scanning within CI/CD pipelines, and implementing strict input validation to mitigate risks such as injection and credential theft. Ideal for DevSecOps practitioners and security architects.