Skill UI

Provides a workflow for authorized penetration testing across AWS, Azure, and GCP to discover IAM, storage, serverless, and compute weaknesses, leveraging Pacu, ScoutSuite, Prowler, and cloud-native tools.

This skill provides methods for comprehensive forensic acquisition of data from major cloud services, including Google Drive, OneDrive, Dropbox, and Box. It collects evidence through both API-based remote acquisition and local endpoint artifact analysis, making it essential for incident response, security assessments, and digital forensic investigations.

A comprehensive tool for auditing container security posture by detecting potential escape vectors. It analyzes Kubernetes Pod specs for dangerous configurations, such as running in privileged mode, dangerous capability assignments (like CAP_SYS_ADMIN), host namespace sharing, and writable hostPath mounts. Ideal for security assessments and incident response to prevent container breakout.

LaZagne is an open-source post-exploitation tool utilized by red teams to harvest stored credentials from compromised endpoints. It supports Windows, Linux, and macOS, extracting passwords from browsers (Chrome, Edge), databases (MySQL, SQLite), system vaults (DPAPI, LSA), and various applications. It is crucial for privilege escalation and lateral movement during authorized security assessments.

This skill provides a comprehensive guide to systematic dark web monitoring, involving scanning underground forums, paste sites, and marketplaces for organizational threats. It covers setting up Tor-based crawling, automating credential leak detection (e.g., HIBP integration), and analyzing threat intelligence (CTI) using Python. Essential for proactive incident response and security auditing.

A comprehensive guide to deploying deception technologies, including honeypots, honeytokens, and decoy systems, within a Security Operations Center (SOC). This skill is used to detect advanced attackers who bypass perimeter defenses by monitoring lateral movement, credential abuse, and internal reconnaissance. It provides high-fidelity, near-zero false positive alerts and is essential for threat hunting and incident response strategy.

This guide provides a comprehensive methodology for performing directory traversal and path traversal testing on web applications. It covers identifying file path parameters, executing basic payloads (Linux/Windows), bypassing common security filters using encoding (URL, double, UTF-8), and automating the process with tools like ffuf and dotdotpwn. It also details advanced steps for local file inclusion (LFI) and potential escalation to Remote Code Execution (RCE) via log poisoning.

This comprehensive guide outlines the phased rollout process for DMARC (Domain-based Message Authentication, Reporting, and Conformance). It details moving from monitoring (p=none) through quarantine (p=quarantine) to full rejection (p=reject). Adopting DMARC is critical for anti-spoofing, ensuring that only authorized senders can use your domain, thereby significantly reducing phishing and unauthorized email traffic.

This skill enables sophisticated runtime dynamic analysis of Android applications using industry-standard tools like Frida and Objection. It is used to observe application behavior, intercept API calls, monitor network traffic, and bypass client-side security protections (e.g., root detection, anti-debugging). Essential for identifying vulnerabilities and analyzing obfuscated code that static analysis cannot reach.

Perform interactive malware analysis in the ANY.RUN cloud sandbox to trigger real-time behavior, inspect process trees, monitor network traffic, and capture system changes without local sandbox setup.

This skill guides comprehensive Google Cloud Platform (GCP) security auditing. It uses GCPBucketBrute for enumerating storage buckets and testing access permissions. Furthermore, it analyzes gcloud IAM bindings to detect overly permissive roles, identify service account key exposure, and map potential privilege escalation paths, ensuring robust security assessment for cloud environments.

Perform comprehensive security assessments for Google Cloud Platform environments. This tool audits critical security components—including IAM policies, firewall rules, and storage permissions—against industry benchmarks like the CIS GCP Foundations Benchmark. It helps organizations establish secure baselines and ensure continuous compliance across multiple GCP projects.