Skill UI

Detects AI-generated voice phishing by extracting MFCC and spectral cues, scoring batches, and outputting forensic reports for incident response and red/blue team exercises.

Implements end-to-end FIDO2/WebAuthn hardware security key authentication, covering server configuration, registration and authentication ceremonies, YubiKey enrollment, and passkey migration so high-value accounts gain phishing-resistant, passwordless MFA.

Covers comprehensive HTML injection attack scenarios, detection tips, and tooling so security testers can validate and document injection points, phishing overlays, and reflected or stored payloads during vulnerability assessments.

This comprehensive checklist provides a detailed methodology for simulating the initial access phase in red team engagements and penetration testing. It covers a wide spectrum of modern attack vectors, including advanced social engineering (e.g., deepfake, BEC), sophisticated phishing (spear/smishing), exploiting exposed perimeter services (RDP/VPN), and identifying cloud misconfigurations. Use this guide when planning or executing the initial foothold stage to ensure comprehensive coverage against modern threats.

This playbook details the methodology for detecting and exploiting subdomain takeover vulnerabilities. It focuses on identifying CNAME/NS/MX records pointing to deprovisioned or unclaimed cloud resources (e.g., AWS S3 buckets, Heroku apps). Understanding these weaknesses allows attackers to serve malicious content under the victim's trusted domain, leading to phishing, credential theft, and security bypasses.