Skill UI

A comprehensive skill for assessing mobile applications (Android and iOS) for vulnerabilities related to deep links, custom URI schemes, and intent handling. This skill identifies risks such as unauthorized access, data injection, intent hijacking, and improper validation of App Links or Universal Links, crucial for robust mobile security testing.

This skill provides a comprehensive guide for identifying and exploiting insecure local data storage vulnerabilities in Android and iOS applications. It covers analyzing plaintext credentials, unencrypted SQLite databases, insecure SharedPreferences, and improper keychain/keystore usage. Essential for performing robust mobile penetration testing focused on OWASP M9.

A comprehensive guide for intercepting and analyzing HTTP/HTTPS traffic from mobile applications using Burp Suite. This skill walks through configuring proxies on Android and iOS, handling CA certificate installation, and executing advanced penetration testing techniques. It is essential for assessing API security, identifying data leakage, and finding authentication vulnerabilities in mobile client-server communications.

Automates the static security analysis of Android APK/AAB files using the Mobile Security Framework (MobSF). This skill identifies critical vulnerabilities such as hardcoded secrets, insecure permissions, weak cryptography, and structural flaws (mapping to OWASP Mobile Top 10) without requiring application execution. It is essential for integrating security gates into CI/CD pipelines, performing pre-release quality assurance, and enhancing penetration testing coverage.

This skill enables sophisticated runtime dynamic analysis of Android applications using industry-standard tools like Frida and Objection. It is used to observe application behavior, intercept API calls, monitor network traffic, and bypass client-side security protections (e.g., root detection, anti-debugging). Essential for identifying vulnerabilities and analyzing obfuscated code that static analysis cannot reach.

This skill provides advanced techniques for bypassing SSL/TLS certificate pinning in Android and iOS applications. It supports interception of HTTPS traffic during authorized security assessments, covering pinning mechanisms like OkHttp, TrustManager, NSURLSession, and utilizes tools such as Frida and Objection for comprehensive testing.

This comprehensive guide outlines the end-to-end workflow for mobile device forensics, covering data acquisition and analysis for both iOS and Android platforms. It details techniques using commercial tools like Cellebrite UFED and open-source utilities (ALEAPP, iLEAPP, ADB). This methodology is critical for investigating deleted messages, call logs, location data, and application artifacts in legal or corporate investigations.

A comprehensive guide for reverse engineering Android malware. It details how to use JADX and accompanying tools (apktool, androguard) to analyze APK metadata, extract permissions, decompile Java/Kotlin source code, and identify malicious functionalities like data exfiltration, C2 communication, and overlay attacks. Ideal for mobile threat analysis and security research.

This skill is designed for assessing the security of Android inter-process communication (IPC) by systematically testing intents, broadcast receivers, content providers, and exported components. It helps identify critical vulnerabilities such as intent injection, unauthorized data leakage, and component hijacking, which are crucial during mobile penetration testing and security audits.

Evaluates pitch decks slide by slide, benchmarking against the 11-slide VC template, scoring every section, flagging common killer patterns, and benchmarking versus famous decks for actionable fundraising feedback.

Executes a structured VC valuation workflow that ingests SaaS or startup metrics, runs DCF, comparable revenue multiples, and SaaS health models via Python, and synthesizes a defensible valuation, runway, and capital-efficiency narrative for users planning fundraising or benchmarking.

Guides founders through business decisions by focusing on profitability, lean spending, remote-first teams, bootstrap fundraising, and sustainable scaling so ventures survive and grow without burning out resources.