Skill UI

This skill provides a comprehensive guide to detecting and analyzing heap spray exploitation techniques from raw memory dumps. Utilizing Volatility3's advanced plugins (such as malfind and vadinfo), users can identify key forensic artifacts like NOP sled patterns, suspicious executable memory regions, and embedded shellcode. It is essential for malware analysts and digital forensics investigators conducting incident response.

Pass-the-Ticket (PtT) is a critical post-exploitation technique used in red teaming and offensive security assessments. It allows an attacker to move laterally across a network by utilizing stolen Kerberos tickets (TGT or TGS) without ever needing the user's password. This skill outlines the process of dumping tickets from memory (e.g., LSASS) and injecting them into a current session to impersonate a high-privilege user for access to sensitive resources.

This skill provides comprehensive detection methods for credential dumping techniques, a critical post-exploitation phase in cyber attacks. It targets the extraction of sensitive credentials from LSASS memory, SAM registry hives, and NTDS.dit using advanced security visibility. Detection relies on analyzing Sysmon Event ID 10 (ProcessAccess), Windows Security logs, and complex SIEM correlation rules, making it essential for SOC analysts and threat hunters investigating advanced persistent threats (APTs).

This skill provides comprehensive guidance and detection rules for identifying fileless malware, in-memory attacks, and living-off-the-land techniques. It covers detecting PowerShell exploitation, reflective DLL injection, WMI abuse, and registry-resident threats, enabling security teams to build robust detections when traditional antivirus fails.

A comprehensive guide for analyzing binary exploitation techniques, covering buffer overflows, ROP chains, and memory corruption vulnerabilities. It details the use of specialized tools like pwntools, checksec, and ROPgadget for identifying and developing exploits in ELF binaries during authorized security assessments and CTF challenges. Focuses on advanced offensive security practices.

This expert playbook details advanced techniques for converting an arbitrary memory write primitive into full Remote Code Execution (RCE). It covers targeting multiple system structures across different glibc versions, including GOT entries, __malloc_hook, __free_hook, _IO_FILE vtables, and function arrays. Essential for exploiting modern, hardened binaries and mastering advanced binary exploitation.

This advanced playbook details expert techniques for format string exploitation. It covers arbitrary stack reading (%p), memory writing (%n), and exploiting weaknesses like GOT/hook overwrites. Essential for CTF challenges and binary vulnerability analysis to achieve reliable Remote Code Execution (RCE).

A comprehensive playbook detailing advanced techniques for exploiting glibc heap vulnerabilities using ptmalloc2. Covers various memory corruption primitives, including Use-After-Free, double free, and overflows. Provides version-specific guidance on bypassing modern protections like safe-linking (glibc >= 2.32) and RCE methods for post-2.34 environments.

A comprehensive playbook for advanced mobile security assessments of iOS applications. Covers both jailbroken and non-jailbroken environments, focusing on critical attack vectors such as keychain extraction, URL scheme hijacking, Universal Links exploitation via AASA misconfigurations, runtime memory manipulation (Frida/Objection), and binary protection analysis.

A comprehensive playbook detailing advanced techniques for post-exploitation security bypass on Linux systems. Covers escaping restricted shells (rbash), evading noexec/read-only filesystems using in-memory execution (DDexec, memfd_create), and circumventing mandatory access controls like AppArmor and SELinux. Essential for penetration testing and red team operations.