Loading...
Loading...
Found 73 Skills
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Professional Skills and Methodologies for LDAP Injection Vulnerability Testing
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques. Use when implementing security testing pipelines, conducting security audits, or validating application security controls.
Role of Web Security Testing and Penetration Engineer, focusing on JavaScript reverse engineering and browser security research. Trigger scenarios: (1) JS reverse analysis: identification of encryption algorithms (SM2/SM3/SM4/AES/RSA), obfuscated code restoration, Cookie anti-crawling bypass, WASM reverse engineering (2) Browser debugging: XHR breakpoints, event listening, infinite debugger bypass, Source Map restoration (3) Hook technology: writing XHR/Header/Cookie/JSON/WebSocket/Canvas Hooks (4) Security product analysis: Offensive and defensive analysis of JS security products such as Ruishu, Jiasule, Chuangyudun, etc. (5) Legal scenarios such as CTF competitions, authorized penetration testing, security research, etc.
Expert security engineering covering application security, infrastructure security, threat modeling, penetration testing, and compliance.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for SSRF reachability, internal route probing, metadata-service access, credential pivoting, and token-to-accepted-privilege chains. Use when the user asks to trace SSRF sources, internal hosts, metadata endpoints, link-local tokens, service-account credentials, or explain how a server-side fetch edge turns into accepted access. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
IDOR and broken object authorization testing playbook. Use when requests expose object identifiers, tenant boundaries, writable fields, or missing object-level authorization checks.
JWT and OAuth token attack playbook. Use when validating token trust, signing algorithms, key handling, claim abuse, bearer flows, and OAuth account-binding weaknesses.
Network protocol attack playbook. Use when exploiting layer 2/3 protocols including ARP spoofing, LLMNR/NBT-NS/mDNS poisoning, WPAD abuse, DHCPv6 attacks, VLAN hopping, STP manipulation, DNS spoofing, IPv6 attacks, and IDS/IPS evasion.
Professional Skills and Methodologies for Command Injection Vulnerability Testing
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step authorization gaps.