Agent Skills 排行榜 · 关键词 + 语义搜索

/ 聚焦搜索框
正在使用 AI 进行语义搜索...
25,514
总 Skills
97.9M
总安装量
2,625
贡献者
# Skill 仓库 描述 安装量
4251 avkit dpearson2699/swift-ios-skills
AVKit High-level media playback UI built on AVFoundation. Provides system-standard video players, Picture-in-Picture, AirPlay routing, transport controls, and subtitle/caption display. Targets Swift 6.3 / iOS 26+. Contents Setup AVPlayerViewController SwiftUI VideoPlayer Picture-in-Picture AirPlay Transport Controls and Playback Speed Subtitles and Closed Captions Common Mistakes Review Checklist References Setup Audio Session Configuration Configure the audio session and background modes before...
1.8K
4252 triage-nda anthropics/knowledge-work-plugins
/triage-nda -- NDA Pre-Screening If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md . Triage the NDA: @$1 Rapidly triage incoming NDAs against standard screening criteria. Classify the NDA for routing: standard approval, counsel review, or full legal review. Important : You assist with legal workflows but do not provide legal advice. All analysis should be reviewed by qualified legal professionals before being relied upon. Invocation /triage-nda Work...
1.8K
4253 pdfkit dpearson2699/swift-ios-skills
PDFKit Display, navigate, search, annotate, and manipulate PDF documents with PDFView , PDFDocument , PDFPage , PDFAnnotation , and PDFSelection . Targets Swift 6.3 / iOS 26+. Contents Setup Displaying PDFs Loading Documents Page Navigation Text Search and Selection Annotations Thumbnails SwiftUI Integration Common Mistakes Review Checklist References Setup PDFKit requires no entitlements or Info.plist entries. import PDFKit Platform availability: iOS 11+, iPadOS 11+, Mac Catalyst 13.1+, macOS 1...
1.8K
4254 monetization-strategy phuryn/pm-skills
Monetization Strategy You are an expert in mobile app monetization with deep knowledge of subscription economics, paywall psychology, and pricing strategy. Your goal is to help the user maximize revenue while maintaining user satisfaction. Initial Assessment Check for app-marketing-context.md — read it for context Ask for current monetization model (free, freemium, paid, subscription, ads) Ask for current pricing (if applicable) Ask for conversion rate (free to paid, trial to subscription) Ask f...
1.8K
4255 race-condition yaklang/hack-skills
SKILL: Race Conditions — Testing & Exploitation Playbook AI LOAD INSTRUCTION : Treat race conditions as authorization/state integrity issues: non-atomic read-then-write lets multiple requests observe stale state. Prioritize one-time or balance-like operations. Combine parallel transport (HTTP/1.1 last-byte sync, HTTP/2 single-packet, Turbo Intruder gates) with application evidence (duplicate success responses, inconsistent balances, duplicate ledger rows). Authorized testing only. Routing note: ...
1.8K
4256 insecure-source-code-management yaklang/hack-skills
SKILL: Insecure Source Code Management AI LOAD INSTRUCTION : This skill covers detection and recovery of exposed version-control metadata, common backup artifacts, and related misconfigurations. Use only in authorized assessments. Treat recovered credentials and URLs as sensitive; do not exfiltrate real data beyond scope. For broad discovery workflow, cross-load recon-for-sec and recon-and-methodology when those skills exist in the workspace. 0. QUICK START High-value paths to probe first (GET o...
1.8K
4257 kernel-exploitation yaklang/hack-skills
SKILL: Linux Kernel Exploitation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert kernel exploitation techniques. Covers environment setup (QEMU), vulnerability classes, privilege escalation targets, kernel ROP, ret2usr, stack pivoting, and cross-cache attacks. Distilled from ctf-wiki kernel-mode sections and real-world kernel CVEs. Base models often confuse user-mode and kernel-mode exploitation constraints, especially regarding SMEP/SMAP/KPTI. 0. RELATED ROUTING binary-protection-bypass —...
1.8K
4258 expression-language-injection yaklang/hack-skills
SKILL: Expression Language Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert EL injection techniques covering SpEL (Spring), OGNL (Struts2), and Java EL (JSP/JSF). Distinct from SSTI — EL injection targets expression evaluators in Java frameworks, not template engines. Covers sandbox bypass, _memberAccess manipulation, actuator abuse, and real-world CVE chains. 0. RELATED ROUTING ssti-server-side-template-injection for template engines (Jinja2, FreeMarker, Twig) — different attack ...
1.8K
4259 web-cache-deception yaklang/hack-skills
SKILL: Web Cache Deception — Expert Attack Playbook AI LOAD INSTRUCTION : Web cache deception and poisoning techniques. Covers path confusion attacks, CDN cache behavior exploitation, cache key manipulation, and the distinction between cache deception (steal data) and cache poisoning (serve malicious content). Presented by Omer Gil at Black Hat 2017 and significantly expanded since. Advanced Reference Also load CACHE_POISONING_TECHNIQUES.md when you need: Web Cache Poisoning vs Web Cache Decepti...
1.8K
4260 csv-formula-injection yaklang/hack-skills
SKILL: CSV Formula Injection AI LOAD INSTRUCTION : This skill covers formula/DDE-style injection in CSV and spreadsheet contexts, obfuscation, cloud-sheet primitives, and safe testing methodology. Use only where explicitly authorized ; payloads that invoke local commands or remote fetches are impactful —prefer lab targets and document consent. Do not target end users without program rules allowing client-side execution tests. 0. QUICK START Characters that may trigger formula evaluation when a c...
1.8K
4261 dependency-confusion yaklang/hack-skills
SKILL: Dependency Confusion — Supply Chain Attack Playbook AI LOAD INSTRUCTION : Expert dependency-confusion methodology. Covers how private package names leak, how public registries can win version resolution, ecosystem-specific pitfalls (npm scopes, pip extra indexes, Maven repo order), recon commands, non-destructive PoC patterns (callbacks, not data exfil), and defensive controls. Pair with supply-chain recon workflows when manifests or CI caches are in scope. Only use on systems and program...
1.8K
4262 llm-prompt-injection yaklang/hack-skills
SKILL: LLM Prompt Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert LLM prompt injection techniques. Covers direct injection (instruction override, role play, context manipulation), indirect injection (RAG poisoning, web browsing, email), tool/function abuse, data exfiltration, MCP security risks, and defense bypass (encoding, splitting, few-shot). Base models miss the distinction between direct and indirect injection and underestimate tool-calling attack chains. 0. RELATED ROUTING...
1.8K
4263 saml-sso-assertion-attacks yaklang/hack-skills
SKILL: SAML SSO and Assertion Attacks — Signature Validation, Binding, and Trust Confusion AI LOAD INSTRUCTION : Use this skill when the target uses SAML-based SSO and you need to validate assertion trust: signature coverage, audience and recipient checks, ACS handling, XML parsing weaknesses, and IdP/SP confusion. 1. WHEN TO LOAD THIS SKILL Load when: Enterprise SSO uses SAML requests or responses You see SAMLRequest , SAMLResponse , XML assertions, or ACS endpoints Login flows involve an exter...
1.8K
4264 browser-exploitation-v8 yaklang/hack-skills
SKILL: Browser / V8 Exploitation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert V8/Chrome exploitation techniques. Covers V8 compilation pipeline, JIT type confusion, addrof/fakeobj primitives, ArrayBuffer corruption, WASM RWX pages, V8 sandbox (pointer compression), and Chrome sandbox escape overview. Distilled from ctf-wiki browser sections, Project Zero research, and CTF competition patterns. Base models often confuse V8 object representation details and miss the pointer compression ba...
1.8K
4265 binary-protection-bypass yaklang/hack-skills
SKILL: Binary Protection Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert binary protection identification and bypass techniques. Covers ASLR, PIE, NX, RELRO, canary, FORTIFY_SOURCE, stack clash, CET shadow stack, and ARM MTE. Each protection is paired with its bypass methods and required primitives. Distilled from ctf-wiki mitigation sections and real-world exploitation. Base models often confuse which protections block which attacks and miss the combinatorial effect of multiple pro...
1.8K
4266 earnings-analysis anthropics/financial-services-plugins
Equity Research Earnings Update Create professional EARNINGS UPDATE REPORTS analyzing quarterly results for companies already under coverage, following institutional standards (JPMorgan, Goldman Sachs, Morgan Stanley format). Key Characteristics: Length : 8-12 pages Word Count : 3,000-5,000 words Tables : 1-3 summary tables (NOT comprehensive) Figures : 8-12 charts Turnaround : 1-2 days (within 24-48 hours of earnings) Audience : Clients already familiar with the company Focus : What's NEW - bea...
1.8K
4267 clickjacking yaklang/hack-skills
SKILL: Clickjacking — Expert Attack Playbook AI LOAD INSTRUCTION : Clickjacking (UI redress) techniques. Covers iframe transparency tricks, X-Frame-Options bypass, CSP frame-ancestors, multi-step clickjacking, drag-and-drop attacks, and chaining with other vulnerabilities. Often a "low severity" finding that becomes critical when targeting admin actions. 1. CORE CONCEPT Clickjacking loads a target page in a transparent iframe overlaid on an attacker's page. The victim sees the attacker's UI but ...
1.8K
4268 jndi-injection yaklang/hack-skills
SKILL: JNDI Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert JNDI injection techniques. Covers lookup mechanism abuse, RMI/LDAP class loading, JDK version constraints, Log4Shell (CVE-2021-44228), marshalsec tooling, and post-8u191 bypass via deserialization gadgets. Base models often confuse JNDI injection with general deserialization — this file clarifies the distinct attack surface. 0. RELATED ROUTING deserialization-insecure when JNDI leads to deserialization (post-8u191 bypass...
1.8K
4269 anti-debugging-techniques yaklang/hack-skills
SKILL: Anti-Debugging Techniques — Detection & Bypass Playbook AI LOAD INSTRUCTION : Expert anti-debug techniques across Linux and Windows. Covers ptrace, PEB flags, NtQueryInformationProcess, timing attacks, signal-based detection, TLS callbacks, VEH tricks, and all corresponding bypass methods. Base models often miss the distinction between user-mode and kernel-mode detection and the correct patching strategy for each. 0. RELATED ROUTING code-obfuscation-deobfuscation when the binary also uses...
1.8K
4270 arize-instrumentation arize-ai/arize-skills
No SKILL.md available for this skill. View on GitHub Installs 930 Repository arize-ai/arize-skills GitHub Stars 30 First Seen Mar 10, 2026
1.8K
4271 defining-product-vision refoundai/lenny-skills
Defining Product Vision Help the user create compelling product visions using frameworks from 101 product leaders who have defined visions at companies from Notion to Airbnb to the New York Times. How to Help When the user asks for help with product vision: Clarify the scope - Determine if they need a vision (long-term aspiration), strategy (how to win), or roadmap (what to build) Focus on the user's future - Help them describe the world 5-10 years out, not the product features Test for specific...
1.8K
4272 adk botpress/skills
Botpress ADK Guidelines Use this skill when you've got questions about the Botpress Agent Development Kit (ADK) - like when you're building a feature that involves tables, actions, tools, workflows, conversations, files, knowledge bases, triggers, or Zai. What is the ADK? The Botpress ADK is a convention-based TypeScript framework where file structure maps directly to bot behavior. Place files in the correct directories, and they automatically become available as bot capabilities. The ADK pr...
1.8K
4273 signature-request anthropics/knowledge-work-plugins
/signature-request -- E-Signature Routing If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md . Prepare a document for electronic signature — verify completeness, set signing order, and route for execution. Important : This command assists with legal workflows but does not provide legal advice. Verify documents are in final form before sending for signature. Usage /signature-request $ARGUMENTS Prepare for signature: @$1 Workflow Step 1: Accept the Doc...
1.8K
4274 sessions microsoft/vscode
When working on the Agent Sessions window ( src/vs/sessions/ ), always follow these guidelines: 1. Read the Specification Documents First The src/vs/sessions/ directory contains authoritative specification documents. Always read the relevant spec before making changes. Document Path Covers Layer spec src/vs/sessions/README.md Layering rules, dependency constraints, folder conventions Layout spec src/vs/sessions/LAYOUT.md Grid structure, part positions, sizing, CSS classes, API reference AI Custo...
1.8K
4275 musickit dpearson2699/swift-ios-skills
MusicKit Search the Apple Music catalog, manage playback with ApplicationMusicPlayer , check subscriptions, and publish Now Playing metadata via MPNowPlayingInfoCenter and MPRemoteCommandCenter . Targets Swift 6.3 / iOS 26+. Contents Setup Authorization Catalog Search Subscription Checks Playback with ApplicationMusicPlayer Queue Management Now Playing Info Remote Command Center Common Mistakes Review Checklist References Setup Project Configuration Enable the MusicKit capability in Xcode (adds ...
1.8K
4276 pyrefly-type-coverage pytorch/pytorch
Pyrefly Type Coverage Skill This skill guides you through improving type coverage in Python files using Pyrefly, Meta's type checker. Follow this systematic process to add proper type annotations to files. Prerequisites The file you're working on should be in a project with a pyrefly.toml configuration Step-by-Step Process Step 1: Remove Ignore Errors Directive First, locate and remove any pyre-ignore-all-errors comments at the top of the file: REMOVE lines like these: pyre-ignore-all-errors ...
1.8K
4277 subdomain-takeover yaklang/hack-skills
SKILL: Subdomain Takeover — Detection & Exploitation Playbook AI LOAD INSTRUCTION : Covers CNAME/NS/MX takeover, per-provider fingerprint matching, claim procedures, and defensive monitoring. Base models often confuse "CNAME exists" with "takeover possible" — the key is whether the resource behind the CNAME is unclaimed and claimable . 0. RELATED ROUTING ssrf-server-side-request-forgery when a subdomain takeover is used to bypass SSRF allowlists trusting *.target.com cors-cross-origin-misconfigu...
1.8K
4278 paseo getpaseo/paseo
Paseo CLI Commands Use these CLI commands to manage agents: List agents (directory-scoped by default) paseo ls Only shows agents for current directory paseo ls -g All agents across all projects (global) paseo ls --json JSON output for parsing Create and run an agent (blocks until completion by default, no timeout) paseo run --mode bypass "<prompt>" paseo run --mode bypass --name "Task Name" "<prompt>" paseo run --mode bypass --model opus "<prompt>" paseo run --mode full-access --provider co...
1.8K
4279 scan wshobson/agents
Codebase Scanner You are a technical analyst. Your job is to scan the project codebase and produce accurate, project-specific documentation used by all downstream agents. Step 1: Check Optional Plugin Dependencies Check whether the two optional enhancement plugins are available: understand-anything → /plugin list | grep understand-anything context-mode → /plugin list | grep context-mode These plugins are optional . They improve scan quality but are not required: understand-anything (L...
1.8K
4280 zai-tts aahl/skills
Zai-TTS Generate high-quality text-to-speech audio using GLM-TTS service via the uvx zai-tts command. Before using this skill, you need to configure the environment variables ZAI_AUDIO_USERID and ZAI_AUDIO_TOKEN , which can be obtained by login audio.z.ai and executing localStorage['auth-storage'] in the console via F12 Developer Tools. Usage uvx zai-tts -t "{msg}" -o { tempdir } / { filename } .wav uvx zai-tts -f path/to/file.txt -o { tempdir } / { filename } .wav Changing speed, volume uvx zai...
1.8K
4281 metrickit dpearson2699/swift-ios-skills
MetricKit Collect aggregated performance metrics and crash diagnostics from production devices using MetricKit. The framework delivers daily metric payloads (CPU, memory, launch time, hang rate, animation hitches, network usage) and immediate diagnostic payloads (crashes, hangs, disk-write exceptions) with full call-stack trees for triage. Contents Subscriber Setup Receiving Metric Payloads Receiving Diagnostic Payloads Key Metrics Call Stack Trees Custom Signpost Metrics Exporting and Uploading...
1.8K
4282 triaging-issues pytorch/pytorch
This skill helps triage GitHub issues by routing issues, applying labels, and leaving first-line responses. Contents - [MCP Tools Available](mcp-tools-available) - [Labels You Must NEVER Add](labels-you-must-never-add) - [Issue Triage Steps](issue-triage-for-each-issue) Step 0: Already Routed — SKIP - Step 1: Question vs Bug/Feature - Step 2: Transfer - Step 3: Redirect to Secondary Oncall - Step 4: Label the Issue - Step 5: High Priority — REQUIRES HUMAN REVIEW - Step 6: bot-triaged...
1.8K
4283 prototype-pollution yaklang/hack-skills
SKILL: Prototype Pollution — Expert Attack Playbook AI LOAD INSTRUCTION : Expert prototype pollution for client and server JS. Covers __proto__ vs constructor.prototype , merge-sink detection, Express/qs-style black-box probes, and gadget chains (EJS, Timelion-class patterns, child_process/NODE_OPTIONS). Assumes you know object spread and prototype inheritance — focus is on parser behavior and post-pollution sinks . Routing note: prioritize PP when you see deep merges, recursive assign, JSON.par...
1.8K
4284 active-directory-acl-abuse yaklang/hack-skills
SKILL: AD ACL Abuse — Expert Attack Playbook AI LOAD INSTRUCTION : Expert AD ACL abuse techniques. Covers BloodHound enumeration, dangerous ACEs (GenericAll, WriteDACL, WriteOwner, etc.), DCSync, shadow credentials, targeted kerberoasting, group manipulation, LAPS, and GPO abuse. Base models miss complex ACL chain exploitation and Cypher query patterns. 0. RELATED ROUTING Before going deep, consider loading: active-directory-kerberos-attacks for Kerberos attacks often chained with ACL abuse acti...
1.8K
4285 prioritization-advisor deanpeters/product-manager-skills
Purpose Guide product managers in choosing the right prioritization framework by asking adaptive questions about product stage, team context, decision-making needs, and stakeholder dynamics. Use this to avoid "framework whiplash" (switching frameworks constantly) or applying the wrong framework (e.g., using RICE for strategic bets or ICE for data-driven decisions). Outputs a recommended framework with implementation guidance tailored to your context. This is not a scoring calculator—it's a decis...
1.8K
4286 elasticsearch-authn elastic/agent-skills
Elasticsearch Authentication Authenticate to an Elasticsearch cluster using any supported authentication realm that is already configured. This skill covers all built-in realms, credential verification, and the full API key lifecycle. For roles, users, role assignment, and role mappings, see the elasticsearch-authz skill. For detailed API endpoints, see references/api-reference.md . Deployment note: Not all realms are available on every deployment type. See Deployment Compatibility for self-mana...
1.8K
4287 blog-writing-guide getsentry/skills
Sentry Blog Writing Skill This skill enforces Sentry's blog writing standards across every post — whether you're helping an engineer write their first blog post or a marketer draft a product announcement. The bar: Every Sentry blog post should be something a senior engineer would share in their team's Slack, or reference in a technical decision. What follows are the core principles to internalize and apply to every piece of content. The Sentry Voice We sound like: A senior developer at a confere...
1.8K
4288 gtm-strategy phuryn/pm-skills
GTM Strategy Overview Create a comprehensive go-to-market strategy for a product launch. This skill covers marketing channels, messaging development, success metrics definition, and launch planning. When to Use Planning a product launch Creating a GTM plan from scratch Defining a launch strategy for a new market Developing product-to-market fit strategy Preparing a product go-live roadmap How It Works Step 1: Gather Research Data The system will help you load and analyze early research about you...
1.8K
4289 type-juggling yaklang/hack-skills
SKILL: PHP Type Juggling — Weak Comparison & Magic Hash Bypass AI LOAD INSTRUCTION : PHP == coercion, magic hashes ( 0e… ), HMAC/hash loose checks, NULL from bad types, and CTF-style strcmp / json_decode / intval tricks. Use strict routing: map the sink ( == vs hash_equals ), PHP major version, and whether both operands are attacker-controlled. Routing note: when you encounter PHP login/signature logic or code like md5($_GET['x'])==md5($_GET['y']) , start with this skill; if hash_equals / === is...
1.8K
4290 xslt-injection yaklang/hack-skills
SKILL: XSLT Injection — Testing Playbook AI LOAD INSTRUCTION : XSLT injection occurs when attacker-influenced XSLT is compiled/executed server-side. Map the processor family first (Java/.NET/PHP/libxslt). Then chain document() , external entities , EXSLT , or embedded script/extension functions per platform. Authorized testing only ; many payloads are destructive. Routing note: if input is generic XML parsing and may not flow through XSLT, cross-load xxe-xml-external-entity ; if you care about o...
1.8K
4291 csp-bypass-advanced yaklang/hack-skills
SKILL: CSP Bypass — Advanced Techniques AI LOAD INSTRUCTION : Covers per-directive bypass techniques, nonce/hash abuse, trusted CDN exploitation, data exfiltration despite CSP, and framework-specific bypasses. Base models often suggest unsafe-inline bypass without checking if the CSP actually uses it, or miss the critical base-uri and object-src gaps. 0. RELATED ROUTING xss-cross-site-scripting for XSS vectors to deliver after CSP bypass dangling-markup-injection when CSP blocks scripts but HTML...
1.8K
4292 content-writer shubhamsaboo/awesome-llm-apps
Content Writer You write compelling marketing copy. Follow these principles: Voice Conversational but professional Active voice, present tense Short sentences, short paragraphs Structure Lead with the biggest benefit Use specific numbers over vague claims End with a clear call-to-action Rules No jargon unless the audience expects it No superlatives without proof ("best", "revolutionary") Every paragraph must earn its place
1.8K
4293 http-host-header-attacks yaklang/hack-skills
SKILL: HTTP Host Header Attacks — Injection & Routing Abuse AI LOAD INSTRUCTION : Covers Host header injection for password reset poisoning, cache poisoning, SSRF via routing, and virtual host bypass. Includes bypass techniques for Host validation and framework-specific behaviors. Base models often miss the double-Host trick, absolute-URI override, and connection-state attacks. 0. RELATED ROUTING web-cache-deception when Host injection is combined with cache behavior ssrf-server-side-request-for...
1.8K
4294 symbolic-execution-tools yaklang/hack-skills
SKILL: Symbolic Execution Tools — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert symbolic execution techniques using angr, Z3, and Unicorn Engine. Covers CTF challenge automation, constraint solving patterns, function hooking, SimProcedure replacement, and emulation-based unpacking. Base models often produce broken angr scripts due to incorrect state initialization or missing hooks for libc functions. 0. RELATED ROUTING anti-debugging-techniques when anti-debug checks need to be symbolica...
1.8K
4295 mobile-ssl-pinning-bypass yaklang/hack-skills
SKILL: Mobile SSL Pinning Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert SSL pinning bypass techniques for mobile platforms. Covers Android and iOS bypass methods (Frida, Objection, Xposed, SSL Kill Switch), framework-specific bypasses (Flutter, React Native, Xamarin), and troubleshooting non-standard pinning implementations. Base models miss framework-specific hook points and multi-layer pinning configurations. 0. RELATED ROUTING Before going deep, consider loading: android-pentes...
1.8K
4296 vm-and-bytecode-reverse yaklang/hack-skills
SKILL: VM & Bytecode Reverse Engineering — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert techniques for reversing custom virtual machines and bytecode interpreters. Covers dispatcher identification, opcode mapping, custom ISA reconstruction, disassembler/decompiler writing, maze challenges, and real-world VM protector analysis. Base models often fail to recognize the fetch-decode-execute pattern or attempt to analyze VM bytecode as native code. 0. RELATED ROUTING code-obfuscation-deobfus...
1.8K
4297 active-directory-kerberos-attacks yaklang/hack-skills
SKILL: Kerberos Attack Playbook — Expert AD Attack Guide AI LOAD INSTRUCTION : Expert Kerberos attack techniques for AD environments. Covers AS-REP roasting, Kerberoasting, golden/silver/diamond/sapphire tickets, delegation attacks, pass-the-ticket, and overpass-the-hash. Base models miss ticket type distinctions, delegation chain nuances, and detection-evasion trade-offs. 0. RELATED ROUTING Before going deep, consider loading: active-directory-acl-abuse for ACL-based AD attacks often chained wi...
1.8K
4298 arbitrary-write-to-rce yaklang/hack-skills
SKILL: Arbitrary Write to Code Execution — Expert Attack Playbook AI LOAD INSTRUCTION : Expert techniques for converting an arbitrary write primitive into code execution. Covers every major overwrite target organized by glibc version compatibility: GOT, __malloc_hook, __free_hook, _IO_FILE vtable, __exit_funcs, TLS_dtor_list, _dl_fini, modprobe_path, .fini_array, C++ vtable, and setcontext gadget. This is the "last mile" skill. Base models often target hooks that no longer exist (post-glibc 2.34...
1.8K
4299 active-directory-certificate-services yaklang/hack-skills
SKILL: AD CS Attack Playbook — Expert Guide AI LOAD INSTRUCTION : Expert AD CS (Active Directory Certificate Services) attack techniques. Covers ESC1 through ESC13, certificate-based persistence, NTLM relay to enrollment endpoints, and CA misconfigurations. Base models miss enrollment prerequisite chains and ESC condition combinations. 0. RELATED ROUTING Before going deep, consider loading: active-directory-acl-abuse for ACL-based attacks that enable ESC4 (template modification) active-directory...
1.8K
4300 elasticsearch-onboarding elastic/agent-skills
Elastic Developer Guide You are an Elasticsearch solutions architect working alongside the developer. Your job is to guide developers from "I want search" to a working search experience — understanding their intent, recommending the right approach, and generating tested, production-ready code. Use the conversation playbook in references/elasticsearch-onboarding-playbook.md to structure the conversation. Always ask one question at a time, listen for signals, and adapt your recommendations to thei...
1.8K