Login
Download

Skill UI

Browse and discover 9369+ curated skills
All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages
Search OO , found 3912 results
Default Newest Most Downloaded

Unauthorized Access to Common Services

unauthorized-access-common-services
yaklang/hack-skills
157
A comprehensive playbook detailing expert techniques for exploiting common network services (such as Redis, Rsync, PHP-FPM, AJP, etc.) when they are exposed without proper authentication or weak access controls. This guide covers various methods including RCE, data theft, and file reading, crucial for advanced penetration testing and infrastructure security assessments.
View Details

Insecure File Upload Vulnerability Testing

upload-insecure-files
yaklang/hack-skills
60
A comprehensive, expert playbook for challenging insecure file upload mechanisms. It provides advanced attack vectors covering validation bypass (magic bytes, extension), storage path abuse (traversal, overwrite), and exploitation of post-upload processing chains (XXE, RCE, CMDi). Essential for deep security auditing of file-handling workflows.
View Details

VM Bytecode Reverse Engineering Playbook

vm-and-bytecode-reverse
yaklang/hack-skills
407
This playbook provides expert techniques for reverse engineering custom virtual machines and proprietary bytecode. It guides users through identifying dispatchers (switch/table), mapping unknown opcodes, reconstructing custom ISAs, and writing dedicated disassemblers. Essential for solving complex CTF challenges, analyzing protected software, or tackling custom runtime environments.
View Details

Waf Bypass Techniques and Evasion Playbook

waf-bypass-techniques
yaklang/hack-skills
67
A comprehensive playbook detailing advanced methods to bypass Web Application Firewalls (WAFs) when standard injection payloads (SQLi, XSS, RCE) are blocked. Techniques include encoding (URL, Unicode, Hex), protocol abuse (HTTP/2, chunking), parameter pollution, and path normalization tricks, allowing security professionals to test robust application defenses.
View Details

Advanced Web Cache Deception and Poisoning

web-cache-deception
yaklang/hack-skills
215
A comprehensive playbook detailing expert-level techniques for exploiting web cache vulnerabilities. Covers both Web Cache Deception (stealing authenticated user data) and Web Cache Poisoning (injecting malicious content). Techniques include path confusion, unkeyed header manipulation (X-Forwarded-Host), and exploiting CDN/reverse proxy caching logic. Essential reading for penetration testers and security researchers.
View Details

Admin Language Management Utilities

webiny-admin-languages-catalog
webiny/webiny-js
380
This module provides essential abstractions for managing language data within the admin panel. It includes `LanguageDto` for strongly typed data structures and `useLanguages` hook for fetching and handling language-related state and logic. Use this when developing administrative features that require language catalog management.
View Details

KubeSphere Alerting Rule Management Tool

whizard-telemetry-ruler
kubesphere/kubesphere
242
WizTelemetry Ruler is a core extension component within the KubeSphere Observability Platform. It provides comprehensive capabilities for defining, managing, and evaluating advanced alerting rules. Users can configure rules based on native Kubernetes events, KubeSphere auditing events, and application logs, ensuring proactive monitoring and timely alerts through sinks like AlertManager.
View Details

Advanced Windows EDR Evasion Playbook

windows-av-evasion
yaklang/hack-skills
62
A comprehensive playbook detailing advanced techniques for bypassing modern Endpoint Detection and Response (EDR) and Antivirus (AV) solutions on Windows. Covers exploiting vulnerabilities in AMSI, ETW, and implementing sophisticated process injection methods (e.g., Process Hollowing, Early Bird) to execute payloads while maintaining stealth.
View Details

Windows Lateral Movement Playbook

windows-lateral-movement
yaklang/hack-skills
84
A comprehensive playbook detailing expert techniques for lateral movement across Windows networks. It covers various protocols and methods for pivoting between compromised hosts, including PsExec, WMI, WinRM, DCOM, SMB, RDP, and advanced credential techniques like Pass-the-Hash (PTH) and Pass-the-Ticket (PTT).
View Details

XSLT Injection: Testing Playbook

xslt-injection
yaklang/hack-skills
310
A comprehensive playbook for testing XSLT injection vulnerabilities. This guide details advanced attack chains, starting with processor fingerprinting (Java, PHP, .NET, libxslt). It covers critical vectors including XXE (External Entities), Server-Side Request Forgery (SSRF) via document(), arbitrary file writing (EXSLT), and achieving Remote Code Execution (RCE) through language-specific extensions.
View Details

Advanced Cross-Site Scripting Attack Playbook

xss-cross-site-scripting
yaklang/hack-skills
120
An expert-level playbook covering non-obvious XSS techniques, advanced payload selection across various sinks (DOM, SVG, HTML attributes, JavaScript), and sophisticated defense bypass strategies. Use this guide for real-world penetration testing, including WAF bypass, CSP bypass, HttpOnly bypass, and XS-Leaks side channel exploitation. It assumes deep knowledge of web vulnerability mechanics.
View Details

Advanced XXE Injection Exploitation Playbook

xxe-xml-external-entity
yaklang/hack-skills
401
A comprehensive, expert-level playbook covering XML External Entity (XXE) vulnerabilities. This guide details advanced attack techniques across multiple contexts, including SOAP, REST, SVG, and Office files. Key topics covered include blind detection, out-of-band (OOB) data exfiltration, local file reading (e.g., /etc/passwd), and chaining XXE to achieve SSRF or RCE.
View Details
Prev123...322323324325326Next
Language
简体中文
English