GitHub
Skills harvested from GitHub repositories
14810 skills availablehunting-for-dcsync-attacks
When hunting for DCSync credential theft (MITRE ATT&CK T1003.006) After detecting Mimikatz or similar tools in the envir...
hunting-for-dcom-lateral-movement
Authorized Testing Disclaimer: The offensive techniques and attack simulations described in this skill are intended excl...
hunting-for-command-and-control-beaconing
When proactively hunting for compromised systems in the network After threat intel indicates C2 frameworks targeting you...
hunting-for-cobalt-strike-beacons
Cobalt Strike is the most prevalent command-and-control framework used by both red teams and threat actors. Beacon, its ...
hunting-for-beaconing-with-frequency-analysis
When proactively searching for compromised endpoints calling back to C2 infrastructure After threat intelligence reports...
hunting-for-anomalous-powershell-execution
PowerShell Script Block Logging (Event ID 4104) records the full deobfuscated script text executed on a Windows endpoint...
hunting-credential-stuffing-attacks
When investigating security incidents that require hunting credential stuffing attacks When building detection rules or ...
hunting-advanced-persistent-threats
Use this skill when: Conducting proactive threat hunting sprints (typically 2–4 week cycles) based on newly published AP...
hardening-linux-endpoint-with-cis-benchmark
Use this skill when: Hardening Linux servers (Ubuntu, RHEL, CentOS, Debian) against CIS benchmarks Automating Linux secu...
hardening-docker-daemon-configuration
The Docker daemon (dockerd) runs with root privileges and controls all container operations. Hardening its configuration...
extracting-windows-event-logs-artifacts
When investigating security incidents on Windows systems through event log analysis For detecting lateral movement, priv...
extracting-config-from-agent-tesla-rat
Agent Tesla is a .NET-based Remote Access Trojan (RAT) and keylogger that ranked among the top 10 malware variants in 20...
extracting-browser-history-artifacts
When investigating user web activity as part of a forensic examination During insider threat investigations to establish...
exploiting-zerologon-vulnerability-cve-2020-1472
Zerologon (CVE-2020-1472) is a critical elevation of privilege vulnerability (CVSS 10.0) in the Microsoft Netlogon Remot...
exploiting-websocket-vulnerabilities
During authorized penetration tests when the application uses WebSocket connections for real-time features When assessin...
exploiting-type-juggling-vulnerabilities
When testing PHP web applications for authentication bypass vulnerabilities During assessment of password comparison and...
exploiting-template-injection-vulnerabilities
During authorized penetration tests when user input is rendered through a server-side template engine When testing error...
exploiting-sql-injection-vulnerabilities
Testing web application input parameters for SQL injection vulnerabilities during an authorized penetration test Validat...
exploiting-smb-vulnerabilities-with-metasploit
Testing Windows systems for critical SMB vulnerabilities (EternalBlue, EternalRomance, PrintNightmare) during authorized...
exploiting-prototype-pollution-in-javascript
When testing Node.js or JavaScript-heavy web applications During assessment of APIs accepting deep-merged JSON objects W...
exploiting-oauth-misconfiguration
During authorized penetration tests when the application uses OAuth 2.0 or OpenID Connect for authentication When assess...
exploiting-nosql-injection-vulnerabilities
During web application penetration testing of applications using NoSQL databases When testing authentication mechanisms ...
exploiting-nopac-cve-2021-42278-42287
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against syst...
exploiting-ms17-010-eternalblue-vulnerability
MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution...