Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)
Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network
Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7.
Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure
Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller
Analyze exploit intelligence for a vulnerability against the current repository
Deploy resource optimization and opportunity cost awareness mode. Use when need to balance exploration vs exploitation, feel trade-offs viscerally, or optimize portfolio thinking.
Analyze in-game economy systems including soft and hard currency source-sink balance, inflation projection modeling, loot table drop rate fairness and pity system evaluation,…
Audite un projet tech (code source + expérience rendue) et évalue son adéquation à 5 cohortes générationnelles (Boomers, Gen X, Millennials, Gen Z, Gen Alpha).
Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.
Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD.
Scans Git repositories for leaked secrets using Gitleaks, TruffleHog, and custom regex patterns. Detects API keys, AWS credentials, private keys, and database connection strings…
Jailbreak API-served LLMs using G0DM0D3 techniques — Parseltongue input obfuscation (33 techniques), GODMODE CLASSIC system prompt templates, ULTRAPLINIAN multi-model racing,…
Hardware and embedded security research capabilities. Interface with JTAG debuggers, analyze SPI/I2C communications, dump and analyze firmware, support fault injection,…
Scans codebases for hardcoded secrets using HashiCorp Vault SDK and truffleHog patterns. Integrates with Vault Transit engine for automatic secret rotation and re-encryption of…
华为云渗透测试方法论。当目标使用华为云服务、发现 obs.*.myhuaweicloud.com 资产、获取华为云 AK/SK、在 ECS 实例内可访问 169.254.169.254 OpenStack 风格元数据、或需要对华为云 IAM/ECS/OBS/RDS/CCE/FunctionGraph 等服务进行安全评估时使用。覆盖 IAM…
Adversarial course design audit across 5 dimensions: alignment stress test, evidence verification, cognitive load analysis, learner persona simulation, and prerequisite chain…
Apply IN10 Red Teaming to organize adversarial review to find vulnerabilities through simulated attack.
Check ELF or PE binaries for hardening gaps like NX, PIE, RELRO, stack canaries, and Fortify before release or incident review.
Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure
iOS 应用渗透测试方法论。涵盖 IPA 静态分析(反编译/Plist分析/二进制检查)、动态分析(Frida/Objection/Cycript)、数据存储安全(Keychain/NSUserDefaults/CoreData)、网络通信安全、越狱检测绕过、URL Scheme 滥用。当 Agent 需要测试 iOS 应用安全、分析 IPA 文件、或绕过…
Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root…
· Advise on product, engineering, design, and business decisions with constructive and adversarial lenses.
· Administer Kali: apt, branches, metapackages, images, live USB persistence, NetHunter, wireless/GPU.
Use this when: red-team my optimization metric, find ways to game my metric, metric pre-mortem, adversarial metric evaluation, gaming vectors for my KPI, what could an agent…
Performs an uncompromising L5 Enterprise Red Team Audit on a given plugin against the 39-point architectural maturity matrix.
Adversarial verification for AI-generated legal content. Use when fact-checking legal documents, validating citations, detecting hallucinations, scoring document quality, or…
本地资源库导航——字典库(Dic)、Payload库、POC库的结构和使用方法。当需要使用 ffuf/spray 目录爆破、密码爆破、或构造 Fuzz payload 时必读。覆盖字典选择策略、payload 模板调用、POC 库搜索方法。字典库统一安装在 /pentest 目录下
· Handle authorized privesc, CTFs, post-exploitation on Linux, containers, K8s. Triggers: 'privesc', 'CTF', 'pentest', 'post-exploitation', 'container escape', 'SUID', 'GTFOBins'.
Reproduces the full prefill sensitivity analysis pipeline for reward hacking indicators. Use when evaluating how susceptible model checkpoints are to exploit-eliciting prefills,…
When the user wants to critically review marketing output for errors, inconsistencies, and risks. Also use when 'red team,' 'challenge,' 'devil's advocate,' 'tegenargumenten,'…
Metasploit Framework 调用方法论(一行式 + 交互式)。当需要利用操作系统级漏洞(如 EternalBlue/MS17-010)、数据库远程漏洞(如 PostgreSQL/MySQL RCE)、网络服务漏洞(SMB/RDP/FTP)、需要生成 payload、启动反弹 shell handler、或后渗透操作时使用。MSF 拥有…
Symbolic execution analysis using Mythril for deep vulnerability detection in smart contracts. Supports configurable transaction depth, timeout settings, and proof-of-concept…
使用 Nikto 进行 Web 服务器漏洞扫描。当需要检测 Web 服务器的已知漏洞、过时软件版本、危险文件/CGI、配置错误时使用。Nikto 内置 7000+ 检查项,覆盖 OWASP 常见问题。任何涉及 Web 漏洞扫描、服务器安全检查、配置审计的场景都应使用此技能
IoT and embedded device security testing methodology. Covers hardware reconnaissance (UART, JTAG, SWD, SPI flash, I2C EEPROM, eMMC chip-off), firmware acquisition (vendor portals,…
Wireless / 802.11 attack methodology for red team engagements and wireless security assessments. Covers monitor-mode setup, WPA/WPA2-PSK handshake capture and PMKID attacks, WPA3…
Wi-Fi reconnaissance methodology — adapter selection, monitor mode and packet injection setup, regulatory domain handling, multi-band airspace mapping, hidden SSID discovery,…
WPA/WPA2-PSK attack methodology — four-way handshake capture via targeted deauthentication, PMKID attacks (no client required), hcxdumptool / hcxpcapngtool conversion to hashcat…
Zigbee, Thread, and Matter mesh-protocol attack methodology — IEEE 802.15.4 sniffing with TI CC2531 / CC2540 / Sonoff Zigbee Dongle E, KillerBee toolkit, Touchlink commissioning…
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue…
Jeff Bezos' method for identifying and capturing massive market opportunities through customer obsession and long-term thinking
Comprehensive OSINT methodology for external red-team operations and authorized attack-surface assessments.
对象存储(S3/OSS/COS/OBS)Bucket 误配利用。当发现 AWS S3、阿里云 OSS、腾讯云 COS、华为云 OBS 等对象存储服务,或在 HTTP 响应中看到 x-amz-*、x-oss-*、x-cos-* 等 Header 时使用。覆盖 Bucket 枚举、ACL 误配检测、公开读写利用、Bucket 接管、Object…
Structure une demande DIVA en texte libre (user story + criteres d'acceptation, ou ticket myService d'anomalie) en JSON canonique : type de demande, titre, resume, acteurs,…
Static-analysis penetration test that hunts for exploitable vulnerabilities with proof-of-concept payloads and fix code.
Active Directory pentest methodology — BloodHound graph analiz, Kerberos abuse, ACL exploitation, lateral movement path advisory.
API security testing — REST/GraphQL/WebSocket, OWASP API Top 10, JWT/OAuth analiz, mass assignment, broken object-level authorization advisory.
Guide méthodologique pour tests d'intrusion et évaluation de sécurité. À utiliser pour préparer ou conduire un pentest.
Business logic flaw hunting — price manipulation, race condition, workflow bypass, authorization edge case advisory.
Bug bounty methodology — HackerOne/Bugcrowd/Intigriti, deduplication, rapor yazimi, severity scoring, payout maksimizasyonu advisory.
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of…
CI/CD red team methodology — GitHub Actions, GitLab CI, Jenkins pipeline guvenlik analizi, secret leak, workflow injection advisory.
Cloud security pentest — AWS/Azure/GCP IAM analiz, lateral path, container escape pattern, serverless abuse advisory.
Provide a comprehensive command reference for penetration testing tools including network scanning, exploitation, password cracking, and web application testing.
Autonomous penetration testing coordinator using ReAct methodology. Automatically activates when user provides a target IP or asks to start penetration testing.
Credential testing methodology — hash crack secimi, wordlist generation, password spray (advisory), default cred audit.
CTF (Capture the Flag) challenge solving advisory — HackTheBox, TryHackMe, PicoCTF, web/pwn/rev/crypto/forensics.
Detection engineering — Sigma, Splunk SPL, Elastic KQL, Microsoft Sentinel KQL, YARA, Suricata rule yazimi advisory.
Penetration testing engagement planning — scoping, ROE drafting, phased timeline, MITRE ATT&CK mapping, kickoff/closeout dokumantasyonu.