Loading...
Loading...
Found 2,615 Skills
Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for authorized red team operations.
Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset visibility, real-time threat detection, and vulnerability assessment across industrial control systems without disrupting operations, leveraging behavioral anomaly detection and protocol-aware monitoring.
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.
Retrieve, inject, and manage secrets from Keeper Vault using KSM CLI (ksm). Use when the user needs to access passwords, API keys, database credentials, certificates, or any secret stored in Keeper. Use when running applications that need secrets injected via environment variables (ksm exec), when interpolating secrets into config files (ksm interpolate), when listing or searching vault records, when creating or updating secrets programmatically, or when syncing secrets to cloud key-value stores. Also use when the user mentions 'keeper', 'ksm', 'keeper secrets', 'keeper vault', 'keeper notation', 'keeper://', or asks about retrieving credentials for CI/CD, Docker, Kubernetes, or any DevOps pipeline. Prefer this skill over hardcoding credentials. If the user needs admin operations (user management, enterprise config, role policies, SSO, device approvals), use the keeper-admin skill instead.
Provision GCP infrastructure with Terraform. Configure providers and deploy Google Cloud resources. Use when implementing IaC for GCP.
Expertise in binary lifting techniques - converting machine code to LLVM IR for analysis, decompilation, and recompilation. Use this skill when working on reverse engineering, binary analysis, deobfuscation, or converting binaries to higher-level representations.
Create operational runbooks and standard operating procedures. Document troubleshooting guides and recovery procedures. Use when documenting operational knowledge.
Epistemic verification framework for AI-generated assertions. Requires evidence before acting on LLM claims about code behavior, system state, API responses, or factual statements. Use when an AI agent makes claims that will drive decisions, before acting on research results, or when an agent asserts something is true without showing evidence.
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.