Skill UI

A comprehensive guide detailing red team tactics based on the MITRE ATT&CK framework. It covers the entire adversary lifecycle, including reconnaissance, initial access, privilege escalation, defense evasion, lateral movement, and exfiltration. This skill is designed for authorized security assessments to simulate real-world threats and identify critical defensive gaps.

Parses AWS/Kong/Nginx API Gateway logs with pandas to spot BOLA/IDOR attempts, rate-limit evasion, credential scans, injection probes, and unusual methods, aiding SOC analysts investigating abuse or tuning detection rules.

Parse and examine Cobalt Strike Malleable C2 profiles with dissect.cobaltstrike and pyMalleableC2, extracting URI/HTTP patterns, sleep/jitter settings, and injection tactics to detect evasion and generate network detection rules for SOC teams.

Detect sandbox evasion techniques in malware by analyzing Cuckoo/AnyRun reports for timing checks, VM artifacts, user interaction gaps, and sleep inflation, helping SOC analysts flag sophisticated evasions for deeper review.

Detect defense-evasion techniques in endpoint logs by identifying log tampering, timestomping, process injection, security-tool disabling, and masquerading; use in threat hunting, detection engineering, or investigations that query telemetry from Sysmon, SIEM, or EDR.

Detects NTFS timestomping (MITRE T1070.006) by comparing $STANDARD_INFORMATION and $FILE_NAME timestamps from analyzeMFT/MFTECmd output, enabling threat hunters to flag anomalous temporal edits in forensic timelines.

Deploys the CAPEv2 sandbox stack to automatically submit malware samples, monitor behavior, dump payloads, parse configurations, and detect evasion during security assessments.

Execute HTTP Parameter Pollution attacks to probe web apps for input validation bypasses, split payloads for WAF evasion, and test how APIs, OAuth flows, or payment systems handle duplicate parameters.

A comprehensive guide to advanced network reconnaissance using Nmap. This skill covers multi-stage asset discovery, deep service enumeration, vulnerability scanning via the Nmap Scripting Engine (NSE), and advanced evasion techniques (e.g., fragmentation, decoys). It is designed for authorized penetration testing and thorough assessment of enterprise infrastructure.

This comprehensive checklist provides a deep dive into Endpoint Detection and Response (EDR) architecture and monitoring mechanisms. It details advanced evasion techniques, such as direct syscalls, AMSI bypass, kernel patching, and memory manipulation. This skill is essential for red team engagements, penetration testing, and advanced malware research to thoroughly assess and bypass modern security defenses.

This skill provides a deep dive into the architecture of low-level keyloggers. It covers techniques such as kernel driver hooks, using WH_KEYBOARD_LL, ETW-based input capture, and analyzing user-mode vs. kernel-mode approaches. Use this methodology to understand input capture mechanisms, research EDR evasion methods, or analyze malware architecture for advanced security threat detection.

This comprehensive guide serves as a reference for offensive security professionals developing custom x86/x64 shellcode. It details advanced concepts including Position-Independent Code (PIC), PEB traversal for API resolution, safe memory allocation (avoiding RWX), and sophisticated process injection methods (e.g., APC injection, threadless techniques). Learn how to bypass modern AV/EDR detection using advanced evasion techniques like API hashing, encryption, direct syscalls, and abusing PE structures.