GitHub
Skills harvested from GitHub repositories
14810 skills availabletesting-for-xml-injection-vulnerabilities
When testing applications that process XML input (SOAP APIs, XML-RPC, file uploads) During penetration testing of applic...
testing-for-sensitive-data-exposure
During authorized penetration tests when assessing data protection controls When evaluating applications for GDPR, PCI D...
testing-for-open-redirect-vulnerabilities
When testing login/logout flows that redirect users to specified URLs During assessment of OAuth authorization endpoints...
testing-for-host-header-injection
When testing password reset functionality for token theft via host manipulation During assessment of web caching behavio...
testing-for-broken-access-control
During authorized penetration tests as the primary assessment for OWASP A01:2021 - Broken Access Control When evaluating...
testing-api-authentication-weaknesses
Assessing REST API authentication mechanisms for bypass vulnerabilities before production deployment Testing JWT token i...
securing-serverless-functions
When deploying Lambda functions or Azure Functions with access to sensitive data or cloud APIs When auditing existing se...
securing-remote-access-to-ot-environment
When implementing or upgrading remote access architecture for OT environments When onboarding vendors who require remote...
securing-historian-server-in-ot-environment
When deploying a new historian server in an OT environment and configuring it securely from the start When hardening an ...
securing-container-registry-with-harbor
Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated...
securing-container-registry-images
When establishing security controls for container image registries (ECR, ACR, GCR, Docker Hub) When building CI/CD pipel...
securing-api-gateway-with-aws-waf
When deploying API Gateway endpoints that require protection against common web attacks When implementing rate limiting ...
scanning-kubernetes-manifests-with-kubesec
Kubesec is an open-source security risk analysis tool developed by ControlPlane that inspects Kubernetes resource manife...
scanning-containers-with-trivy-in-cicd
When building Docker container images in CI/CD and needing automated vulnerability scanning before registry push When es...
reverse-engineering-ransomware-encryption-routine
Modern ransomware uses hybrid encryption combining symmetric algorithms (AES-256-CBC/CTR, ChaCha20, Salsa20) for file en...
reverse-engineering-malware-with-ghidra
Static and dynamic analysis have identified suspicious functionality that requires deeper code-level understanding You n...
reverse-engineering-ios-app-with-frida
Use this skill when: Analyzing iOS app internals during authorized security assessments without source code Extracting e...
reverse-engineering-dotnet-malware-with-dnspy
A malware sample is identified as a .NET assembly (C#, VB.NET, F#) requiring decompilation Analyzing .NET-based malware ...
reverse-engineering-android-malware-with-jadx
A suspicious Android APK has been reported as malicious or flagged by mobile threat detection Analyzing Android banking ...
remediating-s3-bucket-misconfiguration
When AWS Config or Security Hub reports S3 buckets with public access or missing encryption When a security scan reveals...
performing-windows-artifact-analysis-with-eric-zimmerman-tools
Eric Zimmerman's EZ Tools suite is a collection of open-source forensic utilities that have become the global standard f...
performing-wifi-password-cracking-with-aircrack
Assessing the strength of WPA/WPA2/WPA3 passphrases during authorized wireless penetration tests Testing whether wireles...
performing-web-application-vulnerability-triage
Web application vulnerability triage is the process of reviewing findings from DAST (Dynamic Application Security Testin...
performing-web-application-scanning-with-nikto
Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files...