Skill UI

Assesses GraphQL API endpoints during authorized tests to expose introspection leaks, injection flaws, access control gaps, and denial-of-service risks across web, mobile, and microservice backends.

Uses the Shodan and InternetDB APIs in Python to enrich IP addresses, detail open ports/services, pull CVEs, and compute reputation scores to support threat triage and SOC workflows.

Provides steps and tooling for intercepting JWTs, crafting tokens with the alg header set to none, and submitting forged privileged claims to verify whether a service improperly skips signature verification during authorized security testing.

Systematically map Windows and Linux persistence vectors to reveal how malware survives reboots, enumerating autoruns, services, scheduled tasks, and WMI entries during incident response and threat hunting.

Performs OAuth 2.0 scope minimization reviews by inventorying service principals, delegated grants, and app role assignments to flag excessive permissions, risky consent patterns, and unused token grants across identity providers and SaaS integrations.

Continuously scrape Pastebin, GitHub Gists and similar paste services to detect leaked credentials or API keys through keyword alerts and regex-based pattern matching, enabling swift incident response before stolen data is weaponized.

This skill provides a comprehensive methodology for simulating privilege escalation attacks on compromised Linux and Windows environments. It guides the user through identifying vectors—including SUID abuse, misconfigured services, kernel vulnerabilities, cron job exploitation, and credential harvesting—to elevate initial low-privilege access to root or SYSTEM control. It is crucial for deep-dive penetration testing and assessing system security hardening.

This guide details advanced techniques used in red teaming and penetration testing to elevate user privileges from a low-level account to root access on a compromised Linux system. It covers exploiting misconfigurations, vulnerable services (like SUID/SGID binaries), improper sudo rules, kernel vulnerabilities (e.g., Dirty Pipe), and abuse of system services like Cron jobs and Systemd. Essential for authorized security assessments.

This comprehensive process validates whether users with elevated permissions (like domain admins, service accounts, and cloud IAM roles) still require their access. It enforces the principle of least privilege by systematically reviewing, certifying, and remediating excessive or orphaned high-level access, ensuring compliance with standards like SOC 2, PCI DSS, and SOX.

Performs comprehensive discovery and inventorying of privileged accounts across enterprise infrastructure, scanning admins, service, database, IAM, and app roles before feeding insights into PAM and compliance workflows.

Audits service accounts across Active Directory, cloud platforms, databases, and applications to spot orphaned, over-privileged, or non-compliant identities, assess rotations, and document dependencies for remediation.

Automates scheduled rotation of service account credentials across AD, cloud IAM, and application stores, updating all consumers, verifying health, and retiring old secrets to reduce compromise risk.