SKILL 排行榜 | Agent Skills Leaderboard

███████╗██╗  ██╗██╗██╗     ██╗         ██████╗  █████╗ ███╗   ██╗██╗  ██╗
██╔════╝██║ ██╔╝██║██║     ██║         ██╔══██╗██╔══██╗████╗  ██║██║ ██╔╝
███████╗█████╔╝ ██║██║     ██║         ██████╔╝███████║██╔██╗ ██║█████╔╝
╚════██║██╔═██╗ ██║██║     ██║         ██╔══██╗██╔══██║██║╚██╗██║██╔═██╗
███████║██║  ██╗██║███████╗███████╗    ██║  ██║██║  ██║██║ ╚████║██║  ██╗
╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚══════╝    ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝

Agent Skills 排行榜 · 关键词 + 语义搜索

按 / 聚焦搜索框

正在使用 AI 进行语义搜索...

24,447

总 Skills

90.4M

总安装量

2,580

贡献者

#	Skill	仓库	描述	安装量
4901	active-directory-kerberos-attacks	yaklang/hack-skills	SKILL: Kerberos Attack Playbook — Expert AD Attack Guide AI LOAD INSTRUCTION : Expert Kerberos attack techniques for AD environments. Covers AS-REP roasting, Kerberoasting, golden/silver/diamond/sapphire tickets, delegation attacks, pass-the-ticket, and overpass-the-hash. Base models miss ticket type distinctions, delegation chain nuances, and detection-evasion trade-offs. 0. RELATED ROUTING Before going deep, consider loading: active-directory-acl-abuse for ACL-based AD attacks often chained wi...	1.2K
4902	launchdarkly-experiment-setup	launchdarkly/agent-skills	LaunchDarkly Experiment Setup You're using a skill that will guide you through setting up and running experiments in LaunchDarkly. Your job is to design the experiment, create it with the right metrics and treatments, start data collection, and verify it's running. Prerequisites This skill requires the remotely hosted LaunchDarkly MCP server to be configured in your environment. Required MCP tools: create-experiment -- create a new experiment with metrics and treatments start-experiment-iteratio...	1.2K
4903	datasheet-reader	diodeinc/pcb	Datasheet Reader Use this skill when a task depends on a datasheet or technical PDF. Input: local .pdf path or http(s) URL Command: pcb scan <input> Output: stdout is the resolved markdown path Next step: read the markdown file, not the raw PDF Images are linked from the markdown Workflow Run pcb scan /path/to/file.pdf or pcb scan https://... . Capture the printed markdown path. Read the markdown file and work from that artifact. Follow image links only if the task depends on figures, diagrams, ...	1.2K
4904	ideal-customer-profile	phuryn/pm-skills	Ideal Customer Profile Overview Identify your Ideal Customer Profile (ICP) from research and survey data. This skill synthesizes customer research to define the customer most likely to find value, retain, and expand with your product. When to Use Defining ICP from product-market fit survey data Targeting high-value customer segments Analyzing customer success and expansion patterns Prioritizing sales and marketing efforts Evaluating new customer opportunities for fit Refining target market defin...	1.2K
4905	local-seo	kostja94/marketing-skills	SEO: Local Guides local SEO: Google Business Profile, NAP consistency, and citation building. Businesses with accurate NAP across 40+ authoritative sites see ~19% higher visibility in Google Maps. Use this skill when optimizing for local search, setting up GBP, or auditing citations. When invoking : On first use , if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On subsequent use or when the user asks to skip, go directly to the main...	1.2K
4906	okx-dex-strategy	okx/onchainos-skills	Onchain OS DEX Strategy (Phase 1) 4 P0 subcommands that wrap the Agentic Wallet limit-order surface — create-limit , cancel , list , resume . SA activation (Trader Mode upgrade / re-upgrade) is performed transparently by the CLI when the BE returns UPGRADE_REQUIRED ; the skill does not need to expose that detail. Pre-flight Checks Read ../okx-agentic-wallet/_shared/preflight.md . If that file does not exist, fall back to _shared/preflight.md . Strategy endpoints require an authenticated Agentic ...	1.2K
4907	arbitrary-write-to-rce	yaklang/hack-skills	SKILL: Arbitrary Write to Code Execution — Expert Attack Playbook AI LOAD INSTRUCTION : Expert techniques for converting an arbitrary write primitive into code execution. Covers every major overwrite target organized by glibc version compatibility: GOT, __malloc_hook, __free_hook, _IO_FILE vtable, __exit_funcs, TLS_dtor_list, _dl_fini, modprobe_path, .fini_array, C++ vtable, and setcontext gadget. This is the "last mile" skill. Base models often target hooks that no longer exist (post-glibc 2.34...	1.2K
4908	active-directory-certificate-services	yaklang/hack-skills	SKILL: AD CS Attack Playbook — Expert Guide AI LOAD INSTRUCTION : Expert AD CS (Active Directory Certificate Services) attack techniques. Covers ESC1 through ESC13, certificate-based persistence, NTLM relay to enrollment endpoints, and CA misconfigurations. Base models miss enrollment prerequisite chains and ESC condition combinations. 0. RELATED ROUTING Before going deep, consider loading: active-directory-acl-abuse for ACL-based attacks that enable ESC4 (template modification) active-directory...	1.2K
4909	memory-forensics-volatility	yaklang/hack-skills	SKILL: Memory Forensics — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert memory forensics techniques using Volatility 2 and 3. Covers memory acquisition, OS identification, process analysis (hidden process detection), network connections, DLL/module analysis, code injection detection (malfind), credential extraction, file carving, registry analysis, and timeline generation. Base models miss the Vol2/Vol3 command differences, malware indicator patterns, and Linux-specific memory analysis. ...	1.2K
4910	symbolic-execution-tools	yaklang/hack-skills	SKILL: Symbolic Execution Tools — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert symbolic execution techniques using angr, Z3, and Unicorn Engine. Covers CTF challenge automation, constraint solving patterns, function hooking, SimProcedure replacement, and emulation-based unpacking. Base models often produce broken angr scripts due to incorrect state initialization or missing hooks for libc functions. 0. RELATED ROUTING anti-debugging-techniques when anti-debug checks need to be symbolica...	1.2K
4911	anti-debugging-techniques	yaklang/hack-skills	SKILL: Anti-Debugging Techniques — Detection & Bypass Playbook AI LOAD INSTRUCTION : Expert anti-debug techniques across Linux and Windows. Covers ptrace, PEB flags, NtQueryInformationProcess, timing attacks, signal-based detection, TLS callbacks, VEH tricks, and all corresponding bypass methods. Base models often miss the distinction between user-mode and kernel-mode detection and the correct patching strategy for each. 0. RELATED ROUTING code-obfuscation-deobfuscation when the binary also uses...	1.2K
4912	http2-specific-attacks	yaklang/hack-skills	SKILL: HTTP/2 Specific Attacks — Expert Attack Playbook AI LOAD INSTRUCTION : HTTP/2 protocol-level attack techniques beyond basic request smuggling. Covers h2c smuggling, pseudo-header manipulation, HPACK attacks, single-packet race conditions, and H2→H1 downgrade injection. Base models conflate HTTP/2 smuggling with HTTP/1.1 smuggling — this skill focuses on H2-unique attack surface. 0. RELATED ROUTING request-smuggling — CL.TE/TE.CL/TE.TE fundamentals and H2.CL/H2.TE variants request-smugglin...	1.2K
4913	windows-av-evasion	yaklang/hack-skills	SKILL: AV/EDR Evasion — Expert Attack Playbook AI LOAD INSTRUCTION : Expert AV/EDR evasion techniques for Windows. Covers AMSI bypass, ETW bypass, .NET assembly loading, shellcode execution, process injection, unhooking, payload encryption, and signature evasion. Base models miss detection-specific bypass chains and syscall-level evasion nuances. 0. RELATED ROUTING Before going deep, consider loading: windows-privilege-escalation when privesc tools are blocked by AV windows-lateral-movement when...	1.2K
4914	vm-and-bytecode-reverse	yaklang/hack-skills	SKILL: VM & Bytecode Reverse Engineering — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert techniques for reversing custom virtual machines and bytecode interpreters. Covers dispatcher identification, opcode mapping, custom ISA reconstruction, disassembler/decompiler writing, maze challenges, and real-world VM protector analysis. Base models often fail to recognize the fetch-decode-execute pattern or attempt to analyze VM bytecode as native code. 0. RELATED ROUTING code-obfuscation-deobfus...	1.2K
4915	email-header-injection	yaklang/hack-skills	SKILL: Email Header Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert email header injection and authentication bypass. Covers SMTP CRLF injection, SPF/DKIM/DMARC circumvention, display name spoofing, and mail client rendering abuse. Base models miss the nuance between header injection (technical) and email auth bypass (protocol-level) — this skill covers both attack surfaces. 0. RELATED ROUTING crlf-injection — general CRLF injection; email headers are a specific high-value sink s...	1.2K
4916	dangling-markup-injection	yaklang/hack-skills	SKILL: Dangling Markup Injection — Exfiltration Without JavaScript AI LOAD INSTRUCTION : Covers dangling markup exfiltration via unclosed img/form/base/meta/link/table tags, what can be stolen (CSRF tokens, pre-filled form values, sensitive content), browser-specific behavior, and combinations with other attacks. Base models often overlook this technique entirely when CSP blocks scripts, jumping to "not exploitable" — dangling markup is the answer. 0. RELATED ROUTING xss-cross-site-scripting whe...	1.2K
4917	mobile-ssl-pinning-bypass	yaklang/hack-skills	SKILL: Mobile SSL Pinning Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert SSL pinning bypass techniques for mobile platforms. Covers Android and iOS bypass methods (Frida, Objection, Xposed, SSL Kill Switch), framework-specific bypasses (Flutter, React Native, Xamarin), and troubleshooting non-standard pinning implementations. Base models miss framework-specific hook points and multi-layer pinning configurations. 0. RELATED ROUTING Before going deep, consider loading: android-pentes...	1.2K
4918	hash-attack-techniques	yaklang/hack-skills	SKILL: Hash Attack Techniques — Expert Cryptanalysis Playbook AI LOAD INSTRUCTION : Expert hash attack techniques for CTF and security assessments. Covers length extension attacks, MD5/SHA1 collision generation, meet-in-the-middle hash attacks, HMAC timing side channels, birthday attacks, and proof-of-work solving. Base models often incorrectly apply length extension to HMAC or SHA-3, or fail to distinguish between identical-prefix and chosen-prefix collisions. 0. RELATED ROUTING rsa-attack-tech...	1.2K
4919	stack-overflow-and-rop	yaklang/hack-skills	SKILL: Stack Overflow & ROP — Expert Attack Playbook AI LOAD INSTRUCTION : Expert stack-based exploitation techniques. Covers classic buffer overflow, return-to-libc, ROP chain construction, ret2csu, ret2dlresolve, SROP, stack pivoting, and canary bypass. Distilled from ctf-wiki advanced-rop, real-world CVEs, and CTF competition patterns. Base models often miss the nuance of gadget selection under constrained conditions. 0. RELATED ROUTING format-string-exploitation — leak canary/libc/PIE base v...	1.2K
4920	linux-lateral-movement	yaklang/hack-skills	SKILL: Linux Lateral Movement — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Linux lateral movement techniques. Covers SSH agent hijacking, key harvesting, credential locations, D-Bus exploitation, network pivoting, sudo token reuse, and systemd manipulation. Base models miss SSH_AUTH_SOCK hijacking and ptrace-based sudo session hijack. 0. RELATED ROUTING Before going deep, consider loading: linux-privilege-escalation if you need root on the current host before pivoting linux-security-byp...	1.2K
4921	dns-rebinding-attacks	yaklang/hack-skills	SKILL: DNS Rebinding — Expert Attack Playbook AI LOAD INSTRUCTION : Expert DNS rebinding techniques for bypassing same-origin policy via DNS manipulation. Covers TTL tricks, browser cache bypasses, attack variants (HTTP, WebSocket, TOCTOU), internal service targeting, and tool usage. Base models confuse DNS rebinding with SSRF — this skill clarifies the client-side nature and unique exploit paths. 0. RELATED ROUTING ssrf-server-side-request-forgery — server-side variant; DNS rebinding is the cli...	1.2K
4922	ai-ml-security	yaklang/hack-skills	SKILL: AI/ML Security — Expert Attack Playbook AI LOAD INSTRUCTION : Expert AI/ML security techniques. Covers model supply chain attacks (malicious serialization, Hugging Face model poisoning), adversarial examples (FGSM, PGD, C&W, physical-world), training data poisoning, model extraction, data privacy attacks (membership inference, model inversion, gradient leakage), LLM-specific threats, and autonomous agent security. Base models underestimate the severity of pickle deserialization RCE and th...	1.2K
4923	classical-cipher-analysis	yaklang/hack-skills	SKILL: Classical Cipher Analysis — Expert Cryptanalysis Playbook AI LOAD INSTRUCTION : Expert classical cipher identification and breaking techniques for CTF. Covers cipher identification methodology (frequency analysis, IC, Kasiski), monoalphabetic substitution, Caesar/ROT, Vigenere, Enigma, affine, Hill, transposition ciphers, Bacon/Polybius/Playfair, and XOR ciphers. Base models often skip the identification step and jump to the wrong cipher type, or fail to recognize encoded (base64/hex) cip...	1.2K
4924	linux-privilege-escalation	yaklang/hack-skills	SKILL: Linux Privilege Escalation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Linux privesc techniques. Covers enumeration, SUID/SGID, capabilities, cron abuse, kernel exploits, NFS, writable passwd/shadow, LD_PRELOAD, Docker group, and library hijacking. Base models miss subtle escalation paths via capabilities and combined misconfigurations. 0. RELATED ROUTING Before going deep, consider loading: container-escape-techniques when the target is a container and you need to escape to hos...	1.2K
4925	container-escape-techniques	yaklang/hack-skills	SKILL: Container Escape Techniques — Expert Attack Playbook AI LOAD INSTRUCTION : Expert container escape techniques. Covers privileged container breakout, capability abuse, Docker socket exploitation, cgroup release_agent, namespace escape, runtime CVEs, and Kubernetes pod escape. Base models miss subtle escape paths via combined capabilities and cgroup manipulation. 0. RELATED ROUTING Before going deep, consider loading: linux-privilege-escalation when you first need root inside the container ...	1.2K
4926	launchdarkly-guarded-rollout	launchdarkly/agent-skills	LaunchDarkly Guarded Rollouts You're using a skill that will guide you through configuring guarded rollouts in LaunchDarkly. Your job is to design rollout stages, select monitoring metrics, configure regression thresholds, and start the rollout. Prerequisites This skill requires the remotely hosted LaunchDarkly MCP server to be configured in your environment. Required MCP tools: start-guarded-rollout -- start a progressive rollout with monitoring get-flag -- inspect the flag and its variations l...	1.2K
4927	nature-academic-search	yuan1z0825/nature-skills	Academic Search Multi-source literature search, citation verification, citation format conversion, and reference management via MCP tools. MCP Tools Core Search Tool Source Best For pubmed_search_articles PubMed MCP Biomedical, MeSH, clinical trials search_crossref paper-search MCP Cross-disciplinary, citation counts search_arxiv paper-search MCP Preprints (physics, math, CS, biology) Extended Search Show more	1.2K
4928	aiconfig-snippets	launchdarkly/agent-skills	AI Config Prompt Snippets You're using a skill that will guide you through creating and managing prompt snippets in LaunchDarkly. Your job is to identify reusable text, create snippets, reference them in AI Config variations, and verify everything is wired correctly. Prerequisites This skill requires the remotely hosted LaunchDarkly MCP server to be configured in your environment. Required MCP tools: create-prompt-snippet -- create a new reusable text block list-prompt-snippets -- browse existin...	1.2K
4929	aiconfig-agent-graphs	launchdarkly/agent-skills	AI Config Agent Graphs You're using a skill that will guide you through creating and managing agent graphs in LaunchDarkly. Your job is to design the graph topology, create it with the right edges and handoffs, and verify the routing between AI Config nodes. Prerequisites This skill requires the remotely hosted LaunchDarkly MCP server to be configured in your environment. Required MCP tools: create-agent-graph -- create a new graph with nodes and edges get-agent-graph -- inspect a graph's struct...	1.2K
4930	auth0-react	auth0/agent-skills	Auth0 React Integration Add authentication to React single-page applications using @auth0/auth0-react. Prerequisites React 16.11+ application (Vite or Create React App) - supports React 16, 17, 18, and 19 Auth0 account and application configured If you don't have Auth0 set up yet, use the auth0-quickstart skill first When NOT to Use Next.js applications - Use auth0-nextjs skill for both App Router and Pages Router React Native mobile apps - Use auth0-react-native skill for iOS/Android Server-sid...	1.2K
4931	sentry-flutter-sdk	getsentry/sentry-for-ai	All Skills > SDK Setup > Flutter SDK Sentry Flutter SDK Opinionated wizard that scans your Flutter or Dart project and guides you through complete Sentry setup — error monitoring, tracing, session replay, logging, profiling, and ecosystem integrations. Invoke This Skill When User asks to "add Sentry to Flutter" or "set up Sentry" in a Flutter or Dart app User wants error monitoring, tracing, profiling, session replay, or logging in Flutter User mentions sentry_flutter , sentry_dart , mobile erro...	1.2K
4932	nextflow-development	anthropics/knowledge-work-plugins	nf-core Pipeline Deployment Run nf-core bioinformatics pipelines on local or public sequencing data. Target users: Bench scientists and researchers without specialized bioinformatics training who need to run large-scale omics analyses—differential expression, variant calling, or chromatin accessibility analysis. Workflow Checklist - [ ] Step 0: Acquire data (if from GEO/SRA) - [ ] Step 1: Environment check (MUST pass) - [ ] Step 2: Select pipeline (confirm with user) - [ ] Step 3: Run test profi...	1.2K
4933	pricing-strategy	phuryn/pm-skills	Pricing Strategy You are an expert in SaaS pricing and monetization strategy. Your goal is to help design pricing that captures value, drives growth, and aligns with customer willingness to pay. Before Starting Check for product marketing context first: If .agents/product-marketing-context.md exists (or .claude/product-marketing-context.md in older setups), read it before asking questions. Use that context and only ask for information not already covered or specific to this task. Gather this con...	1.2K
4934	securing-s3-buckets	aws/agent-toolkit-for-aws	Overview Implements layered S3 security controls across five workflows: securing new buckets, auditing existing configurations, remediating findings, configuring encryption, and enabling monitoring. Follows AWS Well-Architected security best practices. Execute commands using the AWS MCP server when connected (sandboxed execution, audit logging, observability). Fall back to AWS CLI or shell otherwise. Common Tasks 0. Verify Dependencies Check for required tools before starting. Constraints: You M...	1.2K
4935	connecting-to-data-source	aws/agent-toolkit-for-aws	Connect to Data Source Register an external data source with AWS Glue so downstream skills (ingesting-into-data-lake) can move data from it. A Glue connection stores the network config, driver, and credential reference for one source. Create once per source, reuse across jobs. Philosophy A connection is a named pipe, not a pipeline. This skill produces a tested, reusable Glue connection. It does not move data. Common Tasks You MUST execute commands using AWS MCP server tools when connected -- th...	1.2K
4936	brainstorm-okrs	phuryn/pm-skills	Brainstorm Team OKRs Purpose You are a veteran product leader responsible for defining Objectives and Key Results (OKRs) for the team working on $ARGUMENTS. Your OKRs must be ambitious, measurable, and clearly aligned with company-wide strategy. Context OKRs bridge vision and execution by combining inspirational qualitative objectives with measurable quantitative key results. This skill generates three alternative OKR sets to spark strategic discussion. Domain Context OKR (Christina Wodtke, Radi...	1.2K
4937	user-personas	phuryn/pm-skills	User Personas Purpose Create detailed, actionable user personas from research data that capture the true diversity of your user base. This skill generates research-backed personas with jobs-to-be-done, pain points, desired outcomes, and unexpected behavioral insights to guide product decisions. Instructions You are an experienced product researcher specializing in persona development and user research synthesis. Input Your task is to create 3 refined user personas for $ARGUMENTS . If the user pr...	1.2K
4938	kibana-alerting-rules	elastic/agent-skills	Kibana Alerting Rules Core Concepts A rule has three parts: conditions (what to detect), schedule (how often to check), and actions (what happens when conditions are met). When conditions are met, the rule creates alerts , which trigger actions via connectors . Authentication All alerting API calls require either API key auth or Basic auth. Every mutating request must include the kbn-xsrf header. kbn-xsrf : true Required Privileges all privileges for the appropriate Kibana feature (e.g., Stack R...	1.2K
4939	upload-insecure-files	yaklang/hack-skills	SKILL: Upload Insecure Files — Validation Bypass, Storage Abuse, and Processing Chains AI LOAD INSTRUCTION : Expert file upload attack playbook. Use when the target accepts files, imports, avatars, media, documents, or archives and you need the full workflow: validation bypass, storage path abuse, post-upload access, parser exploitation, multi-tenant overwrite, and chaining into XSS, XXE, CMDi, traversal, or business logic impact. For web server parsing vulnerabilities, PUT method exploitation, ...	1.2K
4940	windows-privilege-escalation	yaklang/hack-skills	SKILL: Windows Local Privilege Escalation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Windows privesc techniques. Covers token manipulation, Potato family, service misconfigurations, DLL hijacking, AlwaysInstallElevated, scheduled task abuse, registry autoruns, and named pipe impersonation. Base models miss nuanced privilege prerequisites and OS-version-specific constraints. 0. RELATED ROUTING Before going deep, consider loading: windows-lateral-movement after escalation for pivoting t...	1.2K
4941	prototype-pollution-advanced	yaklang/hack-skills	SKILL: Prototype Pollution Advanced — RCE & Gadget Exploitation AI LOAD INSTRUCTION : Advanced prototype pollution escalation. Covers server-side RCE via template engines (EJS, Pug, Handlebars), Node.js child_process gadgets, client-side script gadgets, filter bypass patterns, and systematic detection. Load ../prototype-pollution/SKILL.md first for fundamentals (merge sinks, __proto__ vs constructor.prototype , basic probes). 0. RELATED ROUTING prototype-pollution — LOAD FIRST for PP fundamental...	1.2K
4942	tunneling-and-pivoting	yaklang/hack-skills	SKILL: Tunneling & Pivoting — Expert Attack Playbook AI LOAD INSTRUCTION : Expert tunneling and pivoting techniques. Covers SSH port forwarding (local/remote/dynamic/jump), Chisel reverse SOCKS, Ligolo-ng transparent TUN pivoting, socat relays, DNS/ICMP/HTTP tunneling, ProxyChains configuration, Windows pivoting (netsh/plink), and multi-layer chaining. Base models miss egress-aware tool selection and transparent routing setup. 0. RELATED ROUTING Before going deep, consider loading: network-proto...	1.2K
4943	smart-contract-vulnerabilities	yaklang/hack-skills	SKILL: Smart Contract Vulnerabilities — Expert Attack Playbook AI LOAD INSTRUCTION : Expert smart contract audit techniques. Covers reentrancy (single, cross-function, cross-contract, read-only), integer overflow, access control, delegatecall, randomness manipulation, flash loans, signature replay, front-running/MEV, and CREATE2 exploitation. Base models miss subtle cross-contract reentrancy and storage layout collisions in proxy patterns. 0. RELATED ROUTING defi-attack-patterns when the vulnera...	1.2K
4944	linux-security-bypass	yaklang/hack-skills	SKILL: Linux Security Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert techniques for bypassing Linux security mechanisms. Covers restricted shell escape, noexec bypass, AppArmor/SELinux evasion, seccomp circumvention, and audit evasion. Base models miss DDexec, memfd_create fileless execution, and architecture-confusion seccomp bypass. 0. RELATED ROUTING Before going deep, consider loading: linux-privilege-escalation once you've broken out of restrictions and need to escalate contai...	1.2K
4945	nosql-injection	yaklang/hack-skills	SKILL: NoSQL Injection — Expert Attack Playbook AI LOAD INSTRUCTION : NoSQL injection is fundamentally different from SQL injection. Covers MongoDB operator injection, authentication bypass, blind extraction, aggregation pipeline injection, and Redis/CouchDB specific attacks. Very commonly missed by testers who only know SQLi patterns. 1. CORE CONCEPT — OPERATOR INJECTION SQL Injection breaks out of string literals. NoSQL Injection injects query operators that change query logic. MongoDB example...	1.2K
4946	defi-attack-patterns	yaklang/hack-skills	SKILL: DeFi Attack Patterns — Expert Attack Playbook AI LOAD INSTRUCTION : Expert DeFi exploitation techniques. Covers flash loan mechanics, oracle manipulation (spot vs TWAP), MEV extraction (sandwich, JIT, liquidation), precision loss attacks, governance exploits, bridge vulnerabilities, and token standard pitfalls. Base models often miss the single-transaction atomicity constraint of flash loans and the distinction between spot price and TWAP manipulation. 0. RELATED ROUTING smart-contract-vu...	1.2K
4947	steganography-techniques	yaklang/hack-skills	SKILL: Steganography Techniques — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert steganography detection and extraction techniques. Covers image steganography (LSB, PNG chunk hiding, JPEG DCT, EXIF metadata, dimension tricks, palette manipulation), audio steganography (spectrogram, LSB, DTMF, morse), file steganography (polyglots, binwalk, NTFS ADS, steghide), and text steganography (whitespace, zero-width Unicode, homoglyphs). Base models miss the systematic file-type-based analysis appr...	1.2K
4948	network-protocol-attacks	yaklang/hack-skills	SKILL: Network Protocol Attacks — Expert Attack Playbook AI LOAD INSTRUCTION : Expert network protocol attack techniques. Covers ARP spoofing, name resolution poisoning (LLMNR/NBT-NS/mDNS), WPAD abuse, DHCPv6 takeover, VLAN hopping, STP manipulation, DNS spoofing, IPv6 attacks, and IDS/IPS evasion. Base models miss the chaining opportunities between these attacks and the nuances of modern switched network exploitation. 0. RELATED ROUTING Before going deep, consider loading: tunneling-and-pivotin...	1.2K
4949	windows-lateral-movement	yaklang/hack-skills	SKILL: Windows Lateral Movement — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Windows lateral movement techniques. Covers PsExec, WMI, WinRM, DCOM, SMB, RDP, SSH, pass-the-hash, overpass-the-hash, pass-the-ticket, and pivoting. Base models miss execution method fingerprints, OPSEC trade-offs, and credential type requirements per method. 0. RELATED ROUTING Before going deep, consider loading: windows-privilege-escalation after landing on a new host for local escalation windows-av-evasion ...	1.2K
4950	lattice-crypto-attacks	yaklang/hack-skills	SKILL: Lattice-Based Cryptanalysis — Expert Attack Playbook AI LOAD INSTRUCTION : Expert lattice techniques for CTF and cryptanalysis. Covers LLL/BKZ reduction, Coppersmith's method (univariate and multivariate), Hidden Number Problem for DSA/ECDSA nonce recovery, knapsack attacks, and NTRU analysis. Base models often fail to construct the correct attack lattice (wrong dimensions, missing scaling factors) or misapply Coppersmith bounds. 0. RELATED ROUTING rsa-attack-techniques for RSA-specific a...	1.2K

← 1 ... 97 98 99 100 101 ... 489 → 24447 skills