Skill UI

This skill provides a comprehensive guide for identifying and exploiting insecure local data storage vulnerabilities in Android and iOS applications. It covers analyzing plaintext credentials, unencrypted SQLite databases, insecure SharedPreferences, and improper keychain/keystore usage. Essential for performing robust mobile penetration testing focused on OWASP M9.

A comprehensive guide for authorized penetration testers on identifying and exploiting insecure deserialization vulnerabilities across multiple languages (Java, PHP, Python, .NET). Covers techniques for generating payloads using tools like ysoserial and phpggc, and testing various application components such as cookies, HTTP parameters, and message queues to achieve potential Remote Code Execution (RCE).

This comprehensive guide outlines methods to identify and exploit specific IPv6 vulnerabilities, including SLAAC spoofing, Router Advertisement (RA) manipulation, and Neighbor Discovery Protocol (NDP) attacks. It is designed strictly for authorized penetration testing to assess dual-stack security controls, detect unauthorized tunnels (like Teredo or 6to4), and validate network defenses against IPv6-specific threats. Always obtain explicit written authorization before use.

A comprehensive guide detailing the Kerberoasting technique (T1558.003) used in Active Directory environments. This method exploits service accounts by requesting and subsequently cracking Kerberos TGS tickets offline, allowing attackers to compromise credentials. Instructions cover enumeration, ticket request, cracking with tools like Hashcat/John the Ripper, and credential validation, for authorized red team and penetration testing purposes.

Detailed guide on exploiting the critical MS17-010 (EternalBlue) vulnerability in SMBv1 protocol. This technique allows for remote code execution (RCE) on unpatched Windows systems. Primarily used in authorized red teaming, penetration testing, and advanced security analysis to simulate real-world attacks and assess network defense posture.

This skill details exploiting the noPac vulnerability chain, combining CVE-2021-42278 (sAMAccountName spoofing) and CVE-2021-42287 (KDC PAC confusion). It allows an authenticated standard domain user to escalate privileges to Domain Admin, potentially compromising the entire domain. It is designed for authorized red team exercises and penetration testing against vulnerable Active Directory environments.

A comprehensive guide detailing the methodology for identifying and exploiting Server-Side Request Forgery (SSRF). This technique is critical in authorized penetration testing, allowing attackers to pivot from public-facing applications to internal resources. Use cases include stealing cloud provider metadata (AWS, GCP), scanning private IP ranges, and accessing internal APIs and admin panels.

A comprehensive guide for authorized penetration testing, demonstrating how to identify and exploit critical vulnerabilities in the SMB protocol (e.g., EternalBlue, PrintNightmare). This skill covers network enumeration, lateral movement techniques (Pass-the-Hash, SMB Relay), and post-exploitation activities using Metasploit and Impacket tools to assess enterprise network security posture.

This comprehensive guide details the professional process of detecting and exploiting SQL injection vulnerabilities using the powerful sqlmap tool. It covers the entire workflow, from initial vulnerability identification and basic scanning to database enumeration, data dumping, advanced exploitation (like file reading and OS command execution), and WAF bypass techniques, ensuring thorough penetration testing reporting.

A comprehensive guide and set of payloads for detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities. This skill covers various template engines like Jinja2, Twig, Freemarker, and more, allowing users to achieve Remote Code Execution (RCE) during penetration testing.

The Metasploit Framework is the industry standard platform for penetration testing and vulnerability validation. It provides numerous modules (exploits, payloads, auxiliaries) used to confirm if identified security weaknesses are genuinely exploitable. This guide details using Metasploit in a structured, risk-based workflow for authorized testing, including vulnerability checking, post-exploitation assessment, and patch verification.

This comprehensive guide outlines techniques for authorized penetration testing of real-time web applications using WebSocket connections. It covers discovering various WebSocket endpoints, testing for authentication bypass, identifying Cross-Site WebSocket Hijacking (CSWSH) vulnerabilities, and assessing message handling for injection flaws (SQLi, XSS). Essential for securing chat, trading, and live notification platforms.