Skill UI

This comprehensive guide covers essential security patterns for Perl development, addressing common vulnerabilities like SQL Injection, XSS, Path Traversal, and Shell Injection. It details best practices including using Perl's Taint Mode, implementing strict allow-list validation, performing safe file operations, and executing external commands securely to ensure robust and resilient applications.

This skill provides comprehensive guidance and detection rules for identifying fileless malware, in-memory attacks, and living-off-the-land techniques. It covers detecting PowerShell exploitation, reflective DLL injection, WMI abuse, and registry-resident threats, enabling security teams to build robust detections when traditional antivirus fails.

This skill performs a comprehensive security audit of Model Context Protocol (MCP) server configurations found in .mcp.json files. It is designed to identify critical vulnerabilities, including hardcoded secrets (API keys, tokens), dangerous shell injection patterns, unpinned dependencies, and compliance issues regarding approved server lists. Use this skill during security reviews, project onboarding, or pre-commit checks to ensure secure deployment.

This curriculum covers foundational exploitation techniques essential for binary security analysis. Users will learn to control program execution flow, including overwriting EIP/RIP, constructing ROP chains, implementing ret2libc, and shellcode injection. It provides practical, hands-on exercises on stack overflows and heap manipulation in a controlled Linux environment, establishing the core primitives needed before tackling modern mitigation bypasses.

This comprehensive guide serves as a reference for offensive security professionals developing custom x86/x64 shellcode. It details advanced concepts including Position-Independent Code (PIC), PEB traversal for API resolution, safe memory allocation (avoiding RWX), and sophisticated process injection methods (e.g., APC injection, threadless techniques). Learn how to bypass modern AV/EDR detection using advanced evasion techniques like API hashing, encryption, direct syscalls, and abusing PE structures.

A comprehensive playbook detailing expert techniques for OS command injection vulnerabilities. It covers all shell metacharacters, blind injection, time-based detection, out-of-band exfiltration methods, and common vulnerable code patterns across PHP, Python, and Node.js. Essential for security analysts and penetration testers.

This router serves as the main entry point for comprehensive injection testing. It helps security professionals classify dangerous input flows—such as XSS, SQLi, SSRF, XXE, etc.—by determining the final sink or interpreter (e.g., browser context, database, XML parser, shell). Use it when unsure which specific injection vector to prioritize.

A comprehensive playbook detailing advanced JNDI injection techniques. Covers the abuse of JNDI lookups via RMI and LDAP, focusing on critical vulnerabilities like Log4Shell (CVE-2021-44228), deserialization gadgets, and post-8u191 bypass methods. Essential for deep-dive security testing and vulnerability research.