All Skills

Total 50,483 skills, Security & Compliance has 1971 skills

Showing 12 of 1971 skills

Per page

Downloads

Sort

Security & Complianceyaklang/hack-skills

saml-sso-assertion-attacks

SAML SSO assertion attack playbook. Use when testing signature validation, assertion wrapping, audience restrictions, ACS handling, XML trust boundaries, and enterprise SSO flaws.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

business-logic-vulnerabilities

Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step authorization gaps.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

crlf-injection

CRLF injection playbook. Use when user input reaches HTTP response headers, Location redirects, Set-Cookie values, or log files where carriage-return/line-feed characters can split or inject content.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

business-logic-vuln

Entry P1 category router for business logic testing. Use when workflow abuse, race conditions, pricing flaws, or multi-step state attacks matter more than parser-level input injection.

🇨🇳|ChineseTranslated

Security & Complianceyaklang/hack-skills

api-recon-and-docs

API reconnaissance and documentation review playbook. Use when discovering endpoints, schemas, versions, OpenAPI specs, hidden docs, and surface area for API testing.

🇺🇸|EnglishTranslated

Security & Compliancemembranedev/application-s...

pliance

Pliance integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pliance data.

🇺🇸|EnglishTranslated

Security & Compliancemembranedev/application-s...

cobalt-io

Cobalt integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cobalt data.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

classical-cipher-analysis

Classical cipher analysis playbook. Use when encountering substitution ciphers, Vigenere, transposition, XOR, or encoded text in CTF challenges that requires frequency analysis, Kasiski examination, or known-plaintext cryptanalysis.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

windows-lateral-movement

Windows lateral movement playbook. Use when pivoting between Windows hosts via PsExec, WMI, WinRM, DCOM, RDP, pass-the-hash, overpass-the-hash, or pass-the-ticket techniques.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

ntlm-relay-coercion

NTLM relay and authentication coercion playbook. Use when capturing and relaying NTLM authentication to escalate privileges via SMB, LDAP, HTTP, or MSSQL relay targets, combined with PetitPotam, PrinterBug, and other coercion methods.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

ai-ml-security

AI/ML security playbook. Use when assessing model supply chain attacks (pickle RCE, poisoned weights), adversarial examples, model poisoning, model stealing, data privacy attacks (membership inference, model inversion), and autonomous agent security risks.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

browser-exploitation-v8

Browser and V8 exploitation playbook. Use when exploiting JavaScript engine vulnerabilities including JIT type confusion, incorrect bounds elimination, and V8 sandbox bypass to achieve renderer RCE and sandbox escape in Chrome/Chromium.

🇺🇸|EnglishTranslated