Loading...
Loading...
Found 173 Skills
RSA attack playbook for CTF and real-world cryptanalysis. Use when given RSA parameters (n, e, c) and need to recover plaintext by exploiting weak keys, small exponents, shared factors, or padding oracles.
Linux lateral movement playbook. Use after gaining initial access to pivot across Linux hosts via SSH hijacking, credential harvesting, internal pivoting, D-Bus exploitation, sudo token reuse, and shared filesystem abuse.
Générez des prompts optimisés pour chaque modèle de génération vidéo IA (Veo 3, Runway Gen-3, Kling 2.6, Pika), en exploitant leurs forces spécifiques. Use when: **Animer des frames de storyboard** - Transformer des images fixes en vidéo; **Choisir le bon modèle** - Sélectionner Veo, Runway, Kling ou Pika selon le besoin; **Optimiser la qualité de génération** - Prompts structurés pour meilleurs résultats; **Créer des transitions fluides** - Scene extension, first/last frame; **Utiliser le mo...
Claude Code subagents for offensive security research, penetration testing planning, recon analysis, exploit research, detection engineering, and security reporting
Conducts comprehensive network penetration tests against authorized target environments by performing host discovery, port scanning, service enumeration, vulnerability identification, and controlled exploitation to assess the security posture of network infrastructure. The tester follows PTES methodology from reconnaissance through post-exploitation and reporting. Activates for requests involving network pentest, infrastructure security assessment, internal network testing, or external perimeter testing.
FORGE + Agent Teams — Exploits Agent Teams for true parallel execution of FORGE agents. 3 patterns: pipeline (full pipeline with parallel stories), party (multi-agent debate), build (parallel story development). Requires CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1. Usage: /forge-team pipeline "objective" | /forge-team party "topic" | /forge-team build [STORY-IDs]
Enumerate and analyze client-side JavaScript for hidden endpoints, secrets, dangerous sinks, and exploitable browser behaviors.
Subdomain takeover detection and exploitation playbook. Use when targets have dangling CNAME/NS/MX records pointing to deprovisioned cloud resources, expired third-party services, or unclaimed SaaS tenants that an attacker can register to serve content under the victim's domain.
Apply social capital theory (Putnam, Coleman, Bourdieu, Burt) to analyze how network structures and trust generate value or impose constraints. Use this skill when the user needs to evaluate bridging vs bonding capital, identify structural holes or network closure benefits, assess community or organizational trust dynamics, or when they ask 'how does our network create value', 'are we too insular', or 'where are the structural holes we can exploit'.
Apply Smith and Lewis's paradox theory to identify and manage organizational tensions across performing, organizing, belonging, and learning dimensions. Use this skill when the user needs to diagnose persistent either/or tensions, design dynamic equilibrium strategies that embrace both poles, or when they ask 'why does solving this problem make it worse', 'how do we pursue exploration AND exploitation simultaneously', or 'why do our strategic tensions keep recurring despite resolution attempts'.
Apply the Efficient Market Hypothesis (Fama, 1970) to evaluate information incorporation in asset prices across weak, semi-strong, and strong forms. Use this skill when the user needs to assess market efficiency, determine if a trading strategy can generate abnormal returns, evaluate event studies, or when they ask 'can technical analysis work', 'does the market already know this', or 'is this anomaly exploitable'.
Mitigation patterns for privileged-access and governance-adjacent DeFi failures, anchored on the public Drift Protocol incident analysis in Chainalysis’s blog—social engineering, Solana durable nonces, oracle and collateral abuse, multisig governance, and operational monitoring. Use when hardening signer processes, reviewing admin surfaces, or teaching post-incident lessons—not for designing exploits or attributing actors without evidence.