Search Skills
Search across 54932 indexed skills
hunting-for-dns-based-persistence
Attackers establish DNS-based persistence by hijacking DNS records, creating unauthorized subdomains, abusing wildcard DNS entries, or modifying NS de...
implementing-application-whitelisting-with-applocker
Use this skill when: Implementing application control to prevent unauthorized software execution on Windows endpoints Meeting compliance requirements ...
implementing-aws-iam-permission-boundaries
IAM permission boundaries are an advanced AWS feature that sets the maximum permissions an identity-based policy can grant to an IAM entity (user or r...
exploiting-insecure-deserialization
During authorized penetration tests when applications process serialized data (cookies, API parameters, message queues) When identifying Java serializ...
exploiting-ipv6-vulnerabilities
Testing whether dual-stack networks have consistent security controls for both IPv4 and IPv6 traffic Demonstrating risks from unmanaged IPv6 on networ...
exploiting-ms17-010-eternalblue-vulnerability
MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the...
exploiting-nopac-cve-2021-42278-42287
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have wri...
exploiting-oauth-misconfiguration
During authorized penetration tests when the application uses OAuth 2.0 or OpenID Connect for authentication When assessing "Sign in with Google/Faceb...
exploiting-smb-vulnerabilities-with-metasploit
Testing Windows systems for critical SMB vulnerabilities (EternalBlue, EternalRomance, PrintNightmare) during authorized penetration tests Demonstrati...
exploiting-sql-injection-vulnerabilities
Testing web application input parameters for SQL injection vulnerabilities during an authorized penetration test Validating that parameterized queries...
exploiting-template-injection-vulnerabilities
During authorized penetration tests when user input is rendered through a server-side template engine When testing error pages, email templates, PDF g...
detecting-pass-the-hash-attacks
When proactively hunting for indicators of detecting pass the hash attacks in the environment After threat intelligence indicates active campaigns usi...