Loading...
Loading...
Found 2,558 Skills
Lattice-based cryptanalysis playbook. Use when attacking RSA via Coppersmith small roots, recovering DSA/ECDSA nonces from bias, solving knapsack problems, or applying LLL/BKZ reduction to cryptographic constructions.
Binary protection bypass playbook. Use when identifying and bypassing ASLR, PIE, NX/DEP, stack canary, RELRO, FORTIFY_SOURCE, CET, and MTE protections in ELF binaries to enable exploitation.
Apply when deciding or implementing permissions and authorization boundaries for VTEX IO apps. Covers manifest policies, outbound-access rules, least-privilege design, and how service routes or integrations map to explicit permissions. Use for deciding who is authorized to call or consume a capability, adding new integrations, exposing protected routes, or reviewing app permissions for overreach or missing access.
Use when securing ASP.NET Core Web API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates Auth0.AspNetCore.Authentication.Api for REST APIs receiving access tokens from frontends or mobile apps. Also handles DPoP proof-of-possession token binding. Triggers on: AddAuth0ApiAuthentication, .NET Web API auth, JWT validation, UseAuthentication, UseAuthorization.
Skill for working with the BlueHammer vulnerability proof-of-concept repository, covering build, usage, and code patterns.
Troubleshoot public network IPv4/IPv6 egress, country/region, ASN/organization, DNS, default route, utun status, as well as browser-side Server Response and WebRTC exposure on macOS + Chrome. Applicable for scenarios where users need to check IP and region consistency, VPN/proxy takeover status, IPv6 issues or browser network exposure, and output detailed O&M reports and review links.
Critical PowerShell changes, deprecations, and migrations for 2025
Validate, lint, audit, or fix .gitlab-ci.yml pipelines, stages, and jobs.
Investigates completed flash-loan and atomic DeFi incidents across EVM and Solana from public txs—borrow-execute-repay fingerprints, oracle/pool/governance vectors, full trace reconstruction, impact quantification, and mitigations. Use when the user asks for flash loan exploit analysis, atomic attack post-mortems, large-borrow suspicious tx triage, or evidence-structured case studies from explorer data and read-only simulation—not for designing new attacks on live protocols.
Mitigation patterns for privileged-access and governance-adjacent DeFi failures, anchored on the public Drift Protocol incident analysis in Chainalysis’s blog—social engineering, Solana durable nonces, oracle and collateral abuse, multisig governance, and operational monitoring. Use when hardening signer processes, reviewing admin surfaces, or teaching post-incident lessons—not for designing exploits or attributing actors without evidence.
Points to Michał Zalewski’s (lcamtuf) canonical American Fuzzy Lop (AFL) documentation at lcamtuf.coredump.cx/afl—coverage-guided fuzzing concepts, afl-fuzz usage, and historical technical notes for C/C++ targets. Use when the user cites AFL classic, lcamtuf’s AFL page, or needs the original upstream reference—not as a substitute for current AFL++ docs or authorized fuzzing policy.
Comprehensive map and workflows for the API domain. Triggers when users ask to 'design an API', 'secure the APIs', 'update endpoints', 'view the API ecosystem', or want to see all available API orchestration skills.