Claude Code Skills·Claude Skills·The open SKILL.md registry for Claude
ClaudSkillsAuthors › mahipal

mahipal

756 Claude Code skills authored by mahipal.

updated 2026-07-06 · showing 1–60 of 756 by quality score

Average Pro QualityScore: 78.8/100

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute
Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain
Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases
Enforce Kubernetes network segmentation using Calico CNI network policies and global network policies to control
Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,
Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment
Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary
Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header
Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications
Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,
Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated
Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce
Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,
Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates
Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe),
Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,
Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and
Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication
Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for
Perform security analysis of Siemens S7comm and S7CommPlus protocols used by SIMATIC S7 PLCs to identify vulnerabilities
Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive
Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service
Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,
Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,
Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization,
Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,
Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API
Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,
Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution,
Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,
Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based
Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise
Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions,
Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate
Implement BGP route origin validation using RPKI with Route Origin Authorizations, RPKI-to-Router protocol, and
Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false
Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security
Container escape is a critical attack technique where an adversary breaks out of container isolation to access
Analyzes network traffic generated by malware during sandbox execution or live incident response to identify
Executes authorized attack simulations against Active Directory environments to identify misconfigurations,
Run NVIDIA garak probe suites against an LLM endpoint to test for jailbreaks, prompt injection, data leakage, and toxic generation, then interpret the hit-rate report for triage…
Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious
Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,
Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible
Reverse engineers iOS applications using Frida dynamic instrumentation to understand internal logic, extract
Performs API inventory and discovery to identify all API endpoints in an organization''s environment including
Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection
Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,
Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic
Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes
Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics
Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging,
Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling,
Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log,
Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,
Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying
Search all 756 skills by mahipal →