Skill UI

This guide outlines a comprehensive workflow for detecting and preventing the exposure of sensitive AWS credentials (access keys, session tokens) within source code repositories, CI/CD pipelines, and configuration files. It utilizes TruffleHog for deep historical scanning and integrates git-secrets for robust pre-commit hooks, significantly reducing the risk of credential theft and unauthorized account access.

This skill demonstrates how to exploit the Windows Data Protection API (DPAPI) to extract sensitive, encrypted secrets, including saved user credentials, browser logins, RDP passwords, and vault data. It covers online, offline, and domain-wide decryption techniques, essential for post-exploitation red team engagements and penetration testing.

This skill guides the deployment and strategic use of honeytokens and canarytokens (decoy credentials, files, URLs, etc.). These high-fidelity decoys are designed to detect unauthorized access, insider threats, or adversary reconnaissance by triggering alerts upon any interaction, providing early warning deep within the kill chain.