Skill UI

A comprehensive playbook for advanced security testing, focusing on race conditions and TOCTOU (Time-of-check to time-of-use) vulnerabilities in web applications. It guides users to exploit non-atomic, state-changing operations (e.g., coupons, balance deductions, single-use rewards) by sending highly synchronized, parallel requests (including HTTP/2 single-packet attacks). Essential for identifying weaknesses in authorization and transactional integrity.

A comprehensive playbook for professional bug bounty hunting and penetration testing. This guide covers systematic reconnaissance, from initial asset discovery (subdomains, IPs) and technology fingerprinting to advanced endpoint and source code mining. Learn the structured methodology used by top hunters to maximize coverage and find high-severity vulnerabilities.

This expert playbook covers advanced techniques for testing HTTP request smuggling and desynchronization vulnerabilities. It is critical when front proxies, CDNs, or load balancers disagree with the origin server on message framing (Content-Length vs Transfer-Encoding), or during protocol downgrades (HTTP/2 to HTTP/1). Use this to uncover deep security flaws like WAF bypass and session hijacking.

This skill provides a comprehensive playbook for testing the security of SAML-based Single Sign-On (SSO) solutions. It focuses on validating assertion trust by checking signature coverage, audience and recipient restrictions, handling of Assertion Consumer Service (ACS), and identifying potential XML parsing weaknesses or IdP/SP confusion flaws. Use this when evaluating enterprise authentication systems for critical security vulnerabilities.

A comprehensive playbook covering advanced smart contract audit techniques for Solidity/EVM. Focuses on critical patterns like reentrancy (cross-contract), integer overflows, access control misuse, delegatecall exploits, flash loans, and advanced MEV/front-running attacks. Essential for securing DeFi protocols.

This comprehensive playbook details expert techniques for exploiting Server-Side Request Forgery (SSRF). It covers bypassing URL filters, accessing cloud metadata endpoints (AWS, GCP, Azure), utilizing advanced protocols like Gopher, and chaining vulnerabilities to achieve Remote Code Execution (RCE) in real-world scenarios. Ideal for penetration testers and security researchers.

This expert playbook provides comprehensive techniques for exploiting Server-Side Template Injection (SSTI). It covers polyglot detection probes, engine fingerprinting (Jinja2, Twig, FreeMarker, etc.), sandbox escape mechanisms (MRO chains), and advanced bypass techniques. Essential reading for security researchers and penetration testers assessing application vulnerabilities.

This expert playbook details advanced techniques for exploiting stack-based vulnerabilities, including classic buffer overflows, Return-Oriented Programming (ROP), ret2libc, and specialized gadgets like ret2csu and SROP. It provides comprehensive guidance on bypassing modern memory mitigations (NX, ASLR, PIE) to hijack program control flow and achieve reliable remote code execution in userland binaries.

This playbook details the methodology for detecting and exploiting subdomain takeover vulnerabilities. It focuses on identifying CNAME/NS/MX records pointing to deprovisioned or unclaimed cloud resources (e.g., AWS S3 buckets, Heroku apps). Understanding these weaknesses allows attackers to serve malicious content under the victim's trusted domain, leading to phishing, credential theft, and security bypasses.

This playbook provides expert-level techniques for exploiting common infrastructure services that are exposed without proper authentication. Coverage includes Redis RCE, Rsync data theft, PHP-FPM code execution, AJP file reads, and MongoDB/Hadoop vulnerabilities. Essential for deep penetration testing and security auditing.

A comprehensive playbook detailing expert-level techniques for exploiting web cache vulnerabilities. Covers both Web Cache Deception (stealing authenticated user data) and Web Cache Poisoning (injecting malicious content). Techniques include path confusion, unkeyed header manipulation (X-Forwarded-Host), and exploiting CDN/reverse proxy caching logic. Essential reading for penetration testers and security researchers.

A comprehensive playbook detailing advanced techniques for bypassing modern Endpoint Detection and Response (EDR) and Antivirus (AV) solutions on Windows. Covers exploiting vulnerabilities in AMSI, ETW, and implementing sophisticated process injection methods (e.g., Process Hollowing, Early Bird) to execute payloads while maintaining stealth.