Multi-step exploit zinciri analizi — low/medium severity bulgulari critical chain'e baglama, stealth+impact scoring advisory.
LLM application red team — OWASP LLM Top 10, prompt injection, RAG poisoning, MCP server abuse, agent tool abuse, jailbreak testing advisory.
Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework.
Mobile application pentest — Android/iOS, MASTG/MASVS, Frida/Objection dynamic analiz, sertifika pinning bypass, IPC test advisory.
Network reconnaissance and port scanning using Naabu, hping3, and complementary tools
Yetkili penetration testing engagement orchestrator — scope declaration, OPSEC tagging, evidence handling disiplini.
Pentest especializado para pfSense CE e Plus — cobre todas as superfícies de ataque a partir da rede externa e interna, mapeado ao PTES e ao código-fonte real do pfSense
Privilege escalation methodology — Linux + Windows + container escape advisory. LinPEAS/WinPEAS analizi, SUID/capability abuse, kernel exploit secimi.
Reconnaissance ve enumeration advisory — Nmap/Nessus/Nikto/BloodHound output parsing, attack surface prioritization, next-step onerisi.
Penetration test rapor yazimi — executive summary, technical writeup, CVSS scoring, remediation roadmap advisory.
Social engineering pentest methodology — phishing strategy, pretexting, vishing senaryosu, awareness training advisory. Live phishing operation YOK.
DISA STIG (Security Technical Implementation Guide) audit + GPO remediation + keep-open justification advisory.
Threat modeling — STRIDE, DREAD, attack tree, data flow diagram, MITRE ATT&CK Navigator integration. Triggers on threat model, STRIDE, DREAD, attack tree, DFD, data flow diagram,…
Web application security testing methodology — OWASP Top 10, SSRF, IDOR, auth bypass, injection sinifi advisory. Burp/ZAP cikti analizi.
Wireless network pentest — WPA/WPA2/WPA3, evil twin, 802.1X enterprise, Bluetooth advisory. Triggers on wireless pentest, WiFi, WPA2, WPA3, PMKID, evil twin, deauth, Aircrack,…
Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments
Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.
Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,
Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,
Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength.
Execute HTTP Parameter Pollution attacks to bypass input validation, WAF rules, and security controls by injecting
Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session
Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces,
Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting
Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,
Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,
Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps
GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing
Conduct authorized physical penetration testing using tailgating, badge cloning, lock bypassing, and rogue device
Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with
Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener
Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions
Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE,
Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,
Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,
Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3
Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak
Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root…
Adversarially re-review a PM artifact, recommendation, or AI-generated critique that already exists. Use as a second pass after another skill (pm-evaluator, pm-prd-drafter,…
Comprehensive knowledge about Linux privilege escalation. Provides methodologies for enumerating and exploiting privesc vectors including SUID binaries, sudo permissions,…
Provide comprehensive techniques for escalating privileges from a low-privileged user to root/administrator access on compromised Linux and Windows systems.
Run automated red-team and failure scans against an LLM or RAG app before users find the breakage.
All-in-one prompt engineering competition toolkit — attack generation, defense hardening, real-time analysis, and pattern reference for AI security tournaments like Clash of…
Use when evaluating prompts, LLM outputs, red-team suites, or model behavior with local eval configs and safe provider/cost controls.
Red-team an Agentforce agent against prompt-injection and jailbreak attacks; codify test cases and guardrails.
Prompt injection testing. USE WHEN prompt injection, jailbreak, LLM security, AI security assessment, pentest AI application, test chatbot vulnerabilities.
Pwn/Binary kategorisi SKILL.md — BOF, ROP, kernel exploit araçları kurma rehberi
Recon-ng is a full-featured modular reconnaissance framework written in Python, designed to conduct web-based open source intelligence (OSINT) gathering quickly and thoroughly.
Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations.
Run local adversarial attack passes against agents, RAG pipelines, and chatbots to surface concrete failure classes before production rollout.
Interactively prepares a targeted Red Team Review package. It conducts a brief discovery interview to determine the threat model, generates a strict security auditor prompt,…
Use when creating or reviewing red-team eval plugins, attack templates, grader rubrics, safety fixtures, or model-risk test metadata.
(Industry standard: Review and Critique Pattern) Primary Use Case: Iterative generation paired with adversarial review, continuing until an 'Approved' verdict is reached.
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting.
Adversarial verification for AI-generated legal content with systematic fact-checking, source validation, and quality control.
Spawn a one-shot red-team subagent to challenge a milestone result. Calibrated to return "nothing substantive" when the work is sound — does not invent issues to seem thorough.
Analyze YOU — not your content, but your unique knowledge intersections, unexploited strengths, hidden expertise, and personal competitive moat. Content-dna analyzes your output.
White-box security audit. Blue-teamer and lead red-teamer run in parallel isolation for an independent first pass — neither sees the other's output during reconnaissance.