Skill UI

ROADtools is a comprehensive offensive toolkit for Microsoft Entra ID (Azure AD). It consists of ROADrecon for offline directory enumeration (users, groups, roles, policies) and roadtx for advanced token acquisition and exchange. It is designed for authorized red-teaming and penetration testing to discover attack paths and pivot tokens across various Microsoft resources.

This skill simulates advanced red-teaming techniques targeting Microsoft Entra ID's OAuth 2.0 device-code flow and illicit consent mechanisms. It demonstrates how attackers can steal access and refresh tokens, bypass Multi-Factor Authentication (MFA), and pivot across various Microsoft 365 services. It is designed for authorized security testing to validate token protection and conditional access policies.

This toolkit provides comprehensive offensive and administrative capabilities for Microsoft Entra ID, Azure AD, and AD FS. It allows authorized penetration testers to perform unauthenticated reconnaissance, acquire various access tokens, and critically, test for federation backdoors (Golden SAML). It is essential for validating identity-attack resilience and producing detailed hardening recommendations during red-team engagements.

CHIPSEC is an open-source framework designed to assess the low-level security configuration of x86 platform firmware and hardware. It verifies critical security controls such as SPI flash write protection, BIOS locks, SMM/SMRR configuration, and Secure Boot variable integrity. Users can run automated tests, dump SPI flash memories for forensics, and detect potential firmware implants that persist below the operating system layer.

This skill details how to forcefully coerce a target machine account (e.g., a Domain Controller) to authenticate to an attacker-controlled relay. It combines tools like Coercer and PetitPotam, leveraging various RPC protocols (MS-EFSR, MS-RPRN) to achieve NTLM relay. This technique ultimately enables domain compromise by forcing authentication into services like AD CS Web Enrollment (ESC8).

This skill provides a comprehensive, cross-platform workflow for auditing UEFI firmware security. It detects advanced threats like bootkits (e.g., BlackLotus, Bootkitty) and Secure Boot bypasses by verifying the integrity of the platform's trust chain. Key checks include confirming Secure Boot status, assessing the currency and application of DBX revocations, and examining the protection of critical EFI variables using specialized tools. Essential for hardware security assessments and forensic investigation.

A powerful offensive security toolkit for red-teaming and penetration testing. It systematically enumerates and exploits various misconfigurations within Active Directory Certificate Services (AD CS) using Certipy. This allows attackers to forge privileged certificates, perform PKINIT authentication, and achieve domain compromise and privilege escalation, even without knowing user passwords. Ideal for validating security hardening.

This advanced protocol forces the AI to conduct a thorough context audit before attempting any complex task. It mandates reading every relevant file, identifying architectural gaps, and providing a detailed orientation statement. It is essential for multi-file modifications, system design, and debugging to prevent acting on assumptions and maintain high code accuracy. The AI cannot proceed until all unknown variables are resolved.