Skill UI

A comprehensive methodology for identifying critical vulnerabilities in transactional applications (e-commerce, fintech, SaaS). This goes beyond standard OWASP Top 10 checks, focusing on flaws like workflow bypass, state machine violations, price manipulation, and role boundary abuse. It guides testers to map application flows, identify hidden endpoints, and quantify the potential financial impact of logic failures.

This skill provides a post-generation visual pass for academic presentation decks (Beamer/PPTX). It performs a per-page Codex review against a provided reference PDF to ensure visual weight, typography, and layout consistency. It specializes in fixing font scaling, text overflow, callout styles, and layout drift without altering core content, making sure the final output is polished and professional.

A comprehensive playbook covering advanced smart contract audit techniques for Solidity/EVM. Focuses on critical patterns like reentrancy (cross-contract), integer overflows, access control misuse, delegatecall exploits, flash loans, and advanced MEV/front-running attacks. Essential for securing DeFi protocols.

This expert playbook details advanced techniques for exploiting stack-based vulnerabilities, including classic buffer overflows, Return-Oriented Programming (ROP), ret2libc, and specialized gadgets like ret2csu and SROP. It provides comprehensive guidance on bypassing modern memory mitigations (NX, ASLR, PIE) to hijack program control flow and achieve reliable remote code execution in userland binaries.

A comprehensive, advanced playbook for conducting deep network traffic analysis and PCAP forensics. Covers essential skills like PCAP repair, advanced Wireshark filtering (HTTP, DNS, TLS), data extraction (file carving, credential harvesting), and detecting covert channels. It guides users through sophisticated techniques, including TLS decryption workflows and DNS tunneling identification.

A comprehensive, expert playbook for challenging insecure file upload mechanisms. It provides advanced attack vectors covering validation bypass (magic bytes, extension), storage path abuse (traversal, overwrite), and exploitation of post-upload processing chains (XXE, RCE, CMDi). Essential for deep security auditing of file-handling workflows.