Loading...
Loading...
Found 164 Skills
Hash attack playbook. Use when exploiting length extension, MD5/SHA1 collisions, HMAC timing leaks, birthday attacks, or hash-based proof of work in CTF and authorized testing scenarios.
Symmetric cipher attack playbook. Use when exploiting block cipher mode weaknesses (CBC padding oracle, ECB cut-and-paste, bit flipping), stream cipher key reuse, or meet-in-the-middle attacks.
iOS pentesting playbook. Use when testing iOS applications for keychain extraction, URL scheme hijacking, Universal Links exploitation, runtime manipulation, binary protection analysis, data storage issues, and transport security bypass during authorized mobile security assessments.
Network protocol attack playbook. Use when exploiting layer 2/3 protocols including ARP spoofing, LLMNR/NBT-NS/mDNS poisoning, WPAD abuse, DHCPv6 attacks, VLAN hopping, STP manipulation, DNS spoofing, IPv6 attacks, and IDS/IPS evasion.
Apply social capital theory (Putnam, Coleman, Bourdieu, Burt) to analyze how network structures and trust generate value or impose constraints. Use this skill when the user needs to evaluate bridging vs bonding capital, identify structural holes or network closure benefits, assess community or organizational trust dynamics, or when they ask 'how does our network create value', 'are we too insular', or 'where are the structural holes we can exploit'.
Apply panel data analysis with fixed effects, random effects, and dynamic GMM to exploit longitudinal variation and control for unobserved heterogeneity. Use this skill when the user has repeated observations over time for multiple entities, needs to choose between FE and RE via Hausman test, or when they ask 'how do I control for firm-specific effects', 'fixed or random effects', or 'how to handle endogeneity in panels'.
Guides EVM Solidity DeFi triage from public verified source or bytecode—access control, proxies, oracle usage, reentrancy and CEI patterns, DEX/router integrations, and common vulnerability classes. Use when the user asks for Ethereum or L2 smart contract security review, Solidity audit triage, OpenZeppelin proxy risks, or EVM-specific DeFi patterns—not for live exploits or private keys.
ICS/SCADA protocol analysis and exploitation using Ettercap MITM, Scapy packet crafting, for Modbus/TCP, IEC 104, and DNP3 protocols. Trigger: When analyzing ICS protocols, MITM attacks, Modbus, IEC 104, or DNP3.
Use when analyzing revolutionary tactics that create or exploit societal disorder to seize power. Draws on Alinsky, Lenin, Mao, and historical case studies to explain how out-of-power actors disorganize, agitate, and consolidate during instability.
Security audit and code review checklist. Covers 30+ vulnerability types with real-world exploit cases (2021-2026) and EVMbench Code4rena patterns. Use when conducting security audits, code reviews, or pre-deployment security assessments.
Apply the Efficient Market Hypothesis (Fama, 1970) to evaluate information incorporation in asset prices across weak, semi-strong, and strong forms. Use this skill when the user needs to assess market efficiency, determine if a trading strategy can generate abnormal returns, evaluate event studies, or when they ask 'can technical analysis work', 'does the market already know this', or 'is this anomaly exploitable'.
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.