Skill UI

EvilGinx3 is an advanced Adversary-in-the-Middle (AiTM) framework designed for red teaming simulations. It goes beyond traditional credential harvesting by acting as a transparent proxy to intercept the entire authentication flow, including session cookies and Multi-Factor Authentication (MFA) tokens. This capability allows security professionals to assess the robustness of an organization's security posture against sophisticated account takeover attacks.

A comprehensive security auditing tool designed to assess a Kubernetes cluster's compliance posture against established CIS benchmarks. It performs deep checks on control plane components (API Server, etcd, Controller Manager), worker nodes, and Role-Based Access Control (RBAC). Use it for proactive security assessments, compliance validation, and hardening throughout the CI/CD lifecycle.

This guide provides a comprehensive methodology for assessing the security posture of Kubernetes etcd clusters. It covers critical areas including encryption at rest (for secrets), TLS transport security, access control validation, secure backup procedures, and network isolation checks, ensuring cluster data integrity and confidentiality.

This skill guides users through conducting a comprehensive maturity assessment using the NIST Cybersecurity Framework (CSF) 2.0. It covers calculating an organization's cybersecurity posture against the six core functions (Govern, Identify, Protect, Detect, Respond, Recover) and the four Implementation Tiers (Partial to Adaptive). The process culminates in detailed gap analysis and the creation of a strategic improvement roadmap.

This guide details how to use GoPhish, an open-source framework, to conduct authorized phishing simulations. You will learn the complete lifecycle, from deploying the tool and configuring SMTP profiles, to creating realistic email templates and cloning secure landing pages. The skill culminates in analyzing campaign results to assess organizational security posture and improve employee resilience against social engineering attacks.

A comprehensive tool designed for assessing the security posture of Programmable Logic Controller (PLC) firmware. It specializes in detecting critical vulnerabilities such as hardcoded credentials, undocumented debug interfaces, backdoor functions, and memory corruption flaws. The tool supports analyzing major industrial platforms (Siemens, Allen-Bradley) by performing static and dynamic analysis, and verifying firmware integrity against known-good baselines, adhering to standards like IEC 62443. Use only in authorized lab environments.

This skill guides the execution of structured purple team exercises, simulating real-world adversary techniques (Red Team) and validating the effectiveness of existing detection rules and controls (Blue Team). It is essential for Security Operations Center (SOC) teams to identify critical detection gaps, optimize analyst response playbooks, and enhance the overall security posture against specific threat actors mapped to MITRE ATT&CK techniques.

A specialized analyzer designed to examine Siemens S7comm and S7CommPlus protocol traffic. It helps security professionals assess the security posture of SIMATIC S7 PLCs, detecting vulnerabilities such as unauthorized program downloads, PLC stop commands, and potential integrity bypasses in Operational Technology (OT) environments.

A comprehensive tool for detecting Server-Side Request Forgery (SSRF) vulnerabilities. It probes cloud metadata endpoints (AWS, GCP, Azure), internal network services, and utilizes various protocol handlers (file://, gopher://) and bypass techniques (DNS rebinding, IP encoding) to assess application security posture during penetration testing or security auditing.

This tool provides a structured methodology for assessing the security posture of SCADA Human-Machine Interface (HMI) systems. It evaluates potential vulnerabilities in web-based HMIs, thin-client configurations, authentication mechanisms, and communication pathways between HMIs and PLCs, ensuring compliance alignment with rigorous standards like IEC 62443 and NIST SP 800-82.

A comprehensive framework for advanced forensic analysis of UEFI firmware and boot process integrity. It details methods to detect firmware implants in SPI flash, audit UEFI variables (PK, KEK, DB), inspect the EFI System Partition (ESP) for unauthorized components, and analyze boot chain anomalies. Ideal for investigating advanced persistent threats (APTs) and verifying system security posture against rootkits and bootkit techniques.

Checks AWS, Azure, and GCP configurations for IAM escalation paths, public storage exposure, open security groups, and IaC gaps, providing preventive findings with MITRE mapping for cloud posture management workflows.