Security & Testing Agent Skills

GitHub Actions Security Hardening

Secures GitHub Actions workflows against supply chain attacks, credential theft, and script injection through industry-standard hardening practices.

Web Application Testing

Simplifies end-to-end testing and UI debugging of local web applications using automated Playwright scripts and server management.

Content Sanitization

Protects AI workflows by sanitizing untrusted external content and preventing prompt injection or malicious code execution.

APT Analysis with MITRE Navigator

Generates MITRE ATT&CK Navigator heatmaps and detection gap analysis reports for Advanced Persistent Threat (APT) groups.

CSRF Attack Simulation & Testing

Simulates Cross-Site Request Forgery (CSRF) attacks to identify and validate web application vulnerabilities during authorized security assessments.

Spearphishing Threat Hunting

Hunts for spearphishing campaign indicators across email, endpoint, and network telemetry to detect and document targeted cyber attacks.

Trivy Container Security Scanner

Scans Docker images for vulnerabilities, misconfigurations, and secrets using the Aqua Security Trivy engine.

Threat Intelligence Report Generator

Generates professional, structured cyber threat intelligence reports tailored for executive, operational, and tactical audiences.

Bluetooth Security Assessment

Performs comprehensive Bluetooth Low Energy (BLE) security audits to identify vulnerabilities in IoT and wireless devices.

ISMS Audit & ISO 27001 Compliance Expert

Conducts comprehensive Information Security Management System (ISMS) audits and manages ISO 27001 compliance workflows from gap analysis to certification support.

Privileged Account Access Review

Conducts systematic audits of high-privilege accounts to enforce least privilege and ensure compliance with security frameworks.

CSP Bypass & Security Auditing

Analyzes and bypasses Content Security Policy (CSP) implementations to identify vulnerabilities and test XSS mitigation effectiveness.

Blind SSRF Exploitation & Detection

Detects and exploits blind Server-Side Request Forgery vulnerabilities using out-of-band techniques and cloud metadata analysis.

Kerberos Golden Ticket Forgery Detection

Detects Kerberos Golden Ticket forgery by identifying encryption downgrades and ticket anomalies within Windows Security Event logs.

Email Header Injection Security Testing

Identifies and tests SMTP header injection vulnerabilities in web applications to prevent spam relay and phishing attacks.

Exploiting WebSocket Vulnerabilities

Audits real-time WebSocket implementations for security flaws like authentication bypass, hijacking, and injection.

Pass-the-Hash Attack Detection

Identifies unauthorized credential usage by analyzing NTLM authentication patterns and correlating them with credential dumping activities.

USB Device Control Policy Implementation

Implements granular USB device control policies across endpoints to prevent data exfiltration and mitigate malware risks from unauthorized removable media.

Heap Spray Exploitation Analysis

Detects and analyzes heap spray attacks in memory dumps by identifying NOP sled patterns and suspicious memory allocations using Volatility3.

OAuth Security Assessment

Identifies and tests for OAuth 2.0 and OpenID Connect vulnerabilities including redirect URI manipulation and token leakage.

API Injection Security Tester

Tests and identifies critical injection vulnerabilities in APIs, covering SQL, NoSQL, SSRF, and command injection vectors.

Network Packet Analysis & Forensics

Performs deep packet inspection and forensic analysis of network traffic to identify security threats, data exfiltration, and malicious communications.

Patch Management Workflow Implementation

Streamlines the systematic process of identifying, testing, and deploying software updates to remediate vulnerabilities across IT infrastructure.

Network Threat Hunting

Detects and analyzes anomalous network connections to identify potential command-and-control activity and data exfiltration.

Attack Surface Management & EASM

Implements comprehensive external attack surface management to discover, fingerprint, and score the risk of internet-facing assets.

Authenticated Vulnerability Scanning

Performs deep-inspection security assessments using system credentials to identify patches, configurations, and hidden vulnerabilities.

GraphQL Security Auditor

Performs automated GraphQL schema extraction and vulnerability assessments to secure API endpoints against common attack vectors.

Ransomware Network Indicator Analysis

Detects and analyzes ransomware activity within network logs by identifying C2 beaconing, TOR connections, and data exfiltration patterns.

Container Escape Detection with Falco

Monitors and detects unauthorized container escape attempts in real-time using Falco runtime security rules and syscall analysis.

Serverless Function Security Hardening

Secures serverless compute platforms by implementing least-privilege IAM roles, secrets management, dependency scanning, and runtime monitoring.