Login
Download

Skill UI

Browse and discover 9785+ curated skills
All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages
Search x , found 5890 results
Default Newest Most Downloaded

Exploiting Insecure Deserialization Vulnerabilities

exploiting-insecure-deserialization
mukul975/Anthropic-Cybersecurity-Skills
359
A comprehensive guide for authorized penetration testers on identifying and exploiting insecure deserialization vulnerabilities across multiple languages (Java, PHP, Python, .NET). Covers techniques for generating payloads using tools like ysoserial and phpggc, and testing various application components such as cookies, HTTP parameters, and message queues to achieve potential Remote Code Execution (RCE).
View Details

IPv6 Vulnerability Exploitation Toolkit

exploiting-ipv6-vulnerabilities
mukul975/Anthropic-Cybersecurity-Skills
224
This comprehensive guide outlines methods to identify and exploit specific IPv6 vulnerabilities, including SLAAC spoofing, Router Advertisement (RA) manipulation, and Neighbor Discovery Protocol (NDP) attacks. It is designed strictly for authorized penetration testing to assess dual-stack security controls, detect unauthorized tunnels (like Teredo or 6to4), and validate network defenses against IPv6-specific threats. Always obtain explicit written authorization before use.
View Details

Exploiting JWT Algorithm Confusion

exploiting-jwt-algorithm-confusion-attack
mukul975/Anthropic-Cybersecurity-Skills
136
This skill demonstrates how to exploit JWT algorithm confusion vulnerabilities. It targets APIs that do not strictly enforce the cryptographic algorithm (alg) specified in the token header. Techniques covered include downgrading from asymmetric algorithms (RS256) to symmetric ones (HS256) using the public key as the secret, performing alg:none bypasses, and manipulating key identifiers (kid, jku, x5u) to achieve authentication bypass and token forgery.
View Details

Kerberoasting Attacks with Impacket Tool

exploiting-kerberoasting-with-impacket
mukul975/Anthropic-Cybersecurity-Skills
393
A comprehensive guide detailing the Kerberoasting technique (T1558.003) used in Active Directory environments. This method exploits service accounts by requesting and subsequently cracking Kerberos TGS tickets offline, allowing attackers to compromise credentials. Instructions cover enumeration, ticket request, cracking with tools like Hashcat/John the Ripper, and credential validation, for authorized red team and penetration testing purposes.
View Details

Exploiting Mass Assignment in REST APIs

exploiting-mass-assignment-in-rest-apis
mukul975/Anthropic-Cybersecurity-Skills
123
A detailed guide on discovering and exploiting Mass Assignment vulnerabilities in REST APIs. Users learn to inject unexpected parameters into API requests (POST, PUT, PATCH) to bypass authorization controls, escalate privileges (e.g., changing 'role'), and modify sensitive fields (e.g., 'balance', 'isAdmin') during security assessments and bug bounty hunting.
View Details

Exploiting EternalBlue MS17-010 Vulnerability

exploiting-ms17-010-eternalblue-vulnerability
mukul975/Anthropic-Cybersecurity-Skills
348
Detailed guide on exploiting the critical MS17-010 (EternalBlue) vulnerability in SMBv1 protocol. This technique allows for remote code execution (RCE) on unpatched Windows systems. Primarily used in authorized red teaming, penetration testing, and advanced security analysis to simulate real-world attacks and assess network defense posture.
View Details

Exploiting noPac for Domain Admin Escalation

exploiting-nopac-cve-2021-42278-42287
mukul975/Anthropic-Cybersecurity-Skills
216
This skill details exploiting the noPac vulnerability chain, combining CVE-2021-42278 (sAMAccountName spoofing) and CVE-2021-42287 (KDC PAC confusion). It allows an authenticated standard domain user to escalate privileges to Domain Admin, potentially compromising the entire domain. It is designed for authorized red team exercises and penetration testing against vulnerable Active Directory environments.
View Details

NoSQL Injection Vulnerability Exploitation Guide

exploiting-nosql-injection-vulnerabilities
mukul975/Anthropic-Cybersecurity-Skills
137
This comprehensive guide details advanced techniques for detecting and exploiting NoSQL injection vulnerabilities across various databases like MongoDB and CouchDB. It covers critical attack vectors, including authentication bypass using operators ($ne, $gt), blind data extraction via $regex, and executing arbitrary server-side JavaScript through the $where clause. Essential reading for penetration testers and security researchers assessing NoSQL backends.
View Details

Exploiting OAuth And OIDC Misconfigurations

exploiting-oauth-misconfiguration
mukul975/Anthropic-Cybersecurity-Skills
480
A comprehensive guide for penetration testers detailing methods to identify and exploit misconfigurations in OAuth 2.0 and OpenID Connect (OIDC) flows. Techniques cover redirect URI manipulation, authorization code theft, token leakage via headers, and scope escalation during security assessments.
View Details

Exploiting Prototype Pollution In JavaScript

exploiting-prototype-pollution-in-javascript
mukul975/Anthropic-Cybersecurity-Skills
186
A comprehensive skill for detecting and exploiting JavaScript prototype pollution vulnerabilities in both client-side and server-side applications. It demonstrates advanced property injection techniques to achieve critical security outcomes, including Cross-Site Scripting (XSS), Remote Code Execution (RCE), and authentication/authorization bypass, especially in Node.js environments and JSON merging scenarios.
View Details

Exploiting Race Condition Web Vulnerabilities

exploiting-race-condition-vulnerabilities
mukul975/Anthropic-Cybersecurity-Skills
419
A comprehensive guide and technique set for detecting and exploiting race condition vulnerabilities in web applications. It focuses on bypassing rate limits, exploiting Time-of-Check-to-Time-of-Use (TOCTOU) flaws, and duplicating transactions using advanced methods like Turbo Intruder's single-packet attack. Ideal for security assessments of state-changing operations (e.g., payments, inventory management, coupon redemption).
View Details

Exploiting SSRF for Internal Network Access

exploiting-server-side-request-forgery
mukul975/Anthropic-Cybersecurity-Skills
247
A comprehensive guide detailing the methodology for identifying and exploiting Server-Side Request Forgery (SSRF). This technique is critical in authorized penetration testing, allowing attackers to pivot from public-facing applications to internal resources. Use cases include stealing cloud provider metadata (AWS, GCP), scanning private IP ranges, and accessing internal APIs and admin panels.
View Details
Prev123...270271272273274275276...489490491Next
Language
简体中文
English