Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة
مستودع GitHub

hacktricks-skills

يحتوي hacktricks-skills على 908 من skills المجمعة من abelrguezr، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.

skills مجمعة
908
Stars
16
محدث
2026-03-23
Forks
7
التغطية المهنية
6 فئات مهنية · 100% مصنفة
مستكشف المستودعات

Skills في هذا المستودع

ai-fuzzing-assistant
محللو أمن المعلومات

AI-assisted fuzzing and vulnerability discovery. Use this skill whenever the user wants to generate fuzzing seeds, evolve grammars, analyze crashes, create proof-of-vulnerability exploits, or generate patches for discovered bugs. Trigger on mentions of fuzzing, AFL++, libFuzzer, vulnerability discovery, crash analysis, exploit generation, or security testing with LLMs.

2026-03-23
burp-mcp-integration
محللو أمن المعلومات

Set up and use Burp Suite's MCP Server extension to enable LLM-assisted passive vulnerability discovery. Use this skill whenever the user wants to integrate Burp with MCP-capable AI tools (Codex, Gemini, Ollama, Claude), configure the MCP proxy, troubleshoot handshake issues, or analyze intercepted HTTP traffic for security findings. Trigger on mentions of Burp MCP, Burp AI Agent, MCP proxy setup, or LLM-assisted traffic review.

2026-03-23
deep-learning-helper
علماء البيانات

Help users understand and implement deep learning concepts including neural networks, CNNs, RNNs, LLMs, and diffusion models. Use this skill whenever the user asks about deep learning architectures, wants to build neural networks in PyTorch, needs help with training loops, or wants to understand concepts like backpropagation, activation functions, attention mechanisms, or generative models. Make sure to use this skill for any deep learning related questions, code reviews, architecture design, or implementation help.

2026-03-23
llm-fundamentals
أساتذة علوم الحاسوب في التعليم العالي

Explain and teach Large Language Model fundamentals including pretraining, model architecture, PyTorch tensors, automatic differentiation, and backpropagation. Use this skill whenever the user asks about LLM concepts, neural network training, PyTorch operations, gradient computation, or wants to understand how LLMs work internally. Trigger on questions about model parameters, context length, embedding dimensions, tensor operations, autograd, or backpropagation.

2026-03-23
text-tokenizer
علماء البيانات

How to tokenize text for LLMs and NLP models. Use this skill whenever the user needs to convert text into token IDs, understand tokenization methods (BPE, WordPiece, Unigram), work with vocabularies, or implement tokenization for machine learning. Make sure to use this skill when users mention tokenizing, token IDs, vocabulary creation, BPE, WordPiece, or any text preprocessing for ML models.

2026-03-23
llm-data-sampling
علماء البيانات

How to prepare and sample text data for training large language models. Use this skill whenever the user mentions data preparation, tokenization, sliding windows, sequence generation, training data, LLM datasets, or needs to create input/target pairs for model training. This includes tasks like chunking text, creating dataloaders, applying sampling strategies, or optimizing training data quality.

2026-03-23
token-embeddings
مطوّرو البرمجيات

Create and work with token embeddings for LLMs. Use this skill whenever you need to understand token embeddings, create embedding layers in PyTorch, add positional embeddings (absolute, relative, or RoPE), or debug embedding-related issues in your language model. This skill covers vocabulary setup, embedding initialization, positional encoding strategies, and context window extension techniques. Make sure to use this skill when working with any LLM architecture, training pipelines, or when you need to convert tokens to numerical vectors.

2026-03-23
attention-mechanisms
علماء البيانات

How to implement and understand attention mechanisms in neural networks and LLMs. Use this skill whenever the user needs to build self-attention layers, causal attention, multi-head attention, or understand how attention weights are calculated. Trigger this skill for any task involving attention scores, Q/K/V matrices, attention masking, or transformer architecture components.

2026-03-23
llm-architecture
مطوّرو البرمجيات

Build and understand LLM architecture from scratch. Use this skill whenever the user needs to create GPT models, implement transformer components (attention, feedforward, layer norm), calculate model parameters, or generate text with a trained model. Trigger for any request about LLM architecture, transformer blocks, GPT implementation, token embeddings, positional embeddings, or building neural networks for language modeling.

2026-03-23
llm-pretraining-helper
علماء البيانات

How to train LLMs from scratch using PyTorch, including model architecture setup, data preparation, training loops, loss monitoring, and model saving/loading. Use this skill whenever the user wants to train a language model from scratch, understand pre-training workflows, set up GPT architectures, configure training parameters, monitor loss/perplexity, or load/save model checkpoints. Make sure to use this skill when users mention training LLMs, pre-training, model checkpoints, GPT architectures, training loops, or want to build language models from the ground up.

2026-03-23
lora-fine-tuning
علماء البيانات

How to implement LoRA (Low-Rank Adaptation) for efficient fine-tuning of large language models. Use this skill whenever the user wants to fine-tune an LLM, reduce training memory/compute requirements, implement parameter-efficient fine-tuning, or adapt a pre-trained model to a new task without retraining all parameters. Make sure to use this skill when users mention fine-tuning, LoRA, PEFT, parameter-efficient training, or want to train on limited hardware.

2026-03-23
llm-classification-finetuning
علماء البيانات

How to fine-tune a pre-trained LLM (like GPT2) for text classification tasks. Use this skill whenever the user wants to adapt a language model for classification (spam detection, sentiment analysis, topic categorization, intent classification, or any binary/multi-class text classification). Trigger this skill when users mention fine-tuning, classification, adapting models, or need to convert a generative model into a classifier.

2026-03-23
llm-instruction-finetuning
علماء البيانات

How to fine-tune a pre-trained LLM to follow instructions and respond to tasks like a chatbot. Use this skill whenever the user wants to train an LLM on instruction-response pairs, format datasets for instruction tuning, evaluate fine-tuned model responses, or understand the complete instruction fine-tuning workflow. Make sure to use this skill when users mention instruction tuning, chatbot training, Alpaca format, Phi-3 format, or any scenario where they need to make an LLM respond to specific prompts rather than just generate text.

2026-03-23
llm-training-guide
مطوّرو البرمجيات

Guide for building and training large language models from scratch. Use this skill whenever the user wants to understand LLM training concepts, implement tokenization, data sampling, embeddings, attention mechanisms, model architecture, pre-training, or fine-tuning workflows. Trigger on mentions of LLM training, building models from scratch, tokenization, embeddings, attention, pre-training, fine-tuning, LoRA, or any LLM development task.

2026-03-23
mcp-security-auditor
محللو أمن المعلومات

Security auditing and hardening for Model Context Protocol (MCP) servers. Use this skill whenever the user mentions MCP servers, Model Context Protocol, AI agent security, tool poisoning, prompt injection in MCP, Cursor IDE vulnerabilities, Flowise MCP, or any MCP-related CVEs. Also trigger when users want to secure AI agent integrations, audit MCP configurations, or understand MCP attack vectors. Make sure to use this skill for any MCP security questions, even if the user doesn't explicitly mention "security" or "audit".

2026-03-23
ml-data-prep-eval
علماء البيانات

Prepare and evaluate machine learning data. Use this skill whenever the user needs to clean, transform, or split datasets for ML training, or evaluate model performance with metrics like accuracy, precision, recall, F1, ROC-AUC, MAE, or confusion matrices. Trigger for any data preprocessing task, feature engineering, handling missing values, encoding categorical variables, normalization, or model evaluation requests.

2026-03-23
ai-models-rce
محللو أمن المعلومات

Security skill for understanding and testing RCE vulnerabilities in AI/ML model loading. Use this skill whenever the user mentions machine learning models, model deserialization, PyTorch, TensorFlow, Keras, ONNX, or any ML framework loading. Also trigger when discussing model security, pickle vulnerabilities, CVE-2024-12029, CVE-2025-23298, or any AI/ML security audit. This skill helps create educational test payloads, audit vulnerable code, and implement mitigations for model loading RCE attacks.

2026-03-23
prompt-injection-security
محللو أمن المعلومات

Security skill for understanding, detecting, and defending against prompt injection attacks on AI/LLM systems. Use this skill whenever the user asks about AI security, prompt injection vulnerabilities, LLM attack vectors, jailbreak techniques, or needs help securing AI applications against malicious prompts. Also use when reviewing AI system designs, conducting security assessments of LLM integrations, or creating security documentation for AI systems.

2026-03-23
reinforcement-learning-algorithms
علماء البيانات

Implement and analyze reinforcement learning algorithms (Q-Learning, SARSA, PPO) and detect security vulnerabilities like backdoor attacks and reward poisoning. Use this skill whenever you need to build RL agents, understand RL algorithms, implement training loops, or audit RL systems for security issues. Make sure to use this skill when the user mentions reinforcement learning, Q-learning, SARSA, RL training, agent training, policy learning, or any ML system that learns from rewards and environment interaction.

2026-03-23
ai-risk-assessment
محللو أمن المعلومات

How to assess and document AI security risks using industry frameworks. Use this skill whenever the user mentions AI security, ML vulnerabilities, model risks, LLM security, adversarial attacks, data poisoning, prompt injection, or needs to evaluate AI system safety. Trigger for any request about AI threat modeling, security audits, risk documentation, or compliance with AI security standards.

2026-03-23
ai-security-guide
محللو أمن المعلومات

Comprehensive guide for AI security professionals. Use this skill whenever the user asks about AI/ML security, adversarial attacks, prompt injection, model vulnerabilities, AI risk frameworks, LLM security, AI-assisted security testing, or anything related to securing or attacking AI systems. This includes questions about OWASP ML Top 10, Google SAIF, model RCE, prompt security, MCP servers, AI fuzzing, and understanding ML algorithms from a security perspective.

2026-03-23
supervised-learning-cybersecurity
علماء البيانات

How to implement supervised machine learning algorithms for cybersecurity tasks like intrusion detection, malware classification, phishing detection, and spam filtering. Use this skill whenever the user mentions machine learning, ML models, classification, regression, cybersecurity datasets, NSL-KDD, phishing detection, intrusion detection, malware analysis, or wants to build predictive models for security applications. This skill covers Linear Regression, Logistic Regression, Decision Trees, Random Forests, SVM, Naive Bayes, k-NN, and Gradient Boosting with ready-to-use Python code.

2026-03-23
unsupervised-learning-security
محللو أمن المعلومات

Apply unsupervised machine learning algorithms to security data for anomaly detection, clustering, and dimensionality reduction. Use this skill whenever the user needs to analyze unlabeled security data, detect unknown threats, cluster network events, reduce feature dimensions, or identify outliers in logs, traffic, or behavioral data. Trigger for tasks involving K-Means, DBSCAN, HDBSCAN, Isolation Forest, GMM, PCA, t-SNE, or any unsupervised pattern discovery in cybersecurity contexts.

2026-03-23
arbitrary-write-2-exec
محللو أمن المعلومات

Binary exploitation skill for arbitrary write to code execution attacks. Use this skill whenever the user mentions arbitrary write vulnerabilities, write primitives, GOT overwrites, function pointer overwrites, or needs to convert a write primitive into code execution. Also trigger for CTF challenges involving memory corruption, heap exploits, or when the user asks about turning write access into shellcode execution.

2026-03-23
got-plt-exploitation
محللو أمن المعلومات

How to exploit GOT/PLT vulnerabilities in binary exploitation challenges. Use this skill whenever the user mentions GOT overwrites, PLT hijacking, arbitrary write to GOT, libc GOT exploitation, free2system, strlen2system, or any binary exploitation task involving dynamic linking vulnerabilities. Make sure to use this skill for CTF pwn challenges, binary analysis, or when working with dynamically linked binaries that have partial RELRO.

2026-03-23
malloc-hook-exploit
محللو أمن المعلومات

Guide for exploiting __malloc_hook and __free_hook in binary exploitation challenges. Use this skill when working on CTF pwn challenges involving heap vulnerabilities, malloc/free hook overwrites, tcache poisoning, or Safe-Linking bypasses. Trigger when the user mentions malloc hook, free hook, heap exploitation, glibc hooks, tcache poisoning, or is solving binary exploitation challenges that involve heap memory corruption.

2026-03-23
sips-icc-oob-write-exploit
محللو أمن المعلومات

How to understand, test, and detect the macOS sips ICC profile out-of-bounds write vulnerability (CVE-2024-44236). Use this skill whenever the user mentions ICC profiles, sips vulnerability, CVE-2024-44236, macOS image processing exploits, heap corruption in color profiles, or needs to generate malicious ICC test files for security research. Also trigger for YARA rule creation for ICC anomalies, macOS security patching verification, or when analyzing embedded color profile attacks.

2026-03-23
atexit-exploitation
محللو أمن المعلومات

Guide for exploiting arbitrary write vulnerabilities through atexit handlers, link_map manipulation, and TLS dtor_list overwrites. Use this skill whenever the user mentions atexit, exit handlers, link_map, TLS destructors, PTR_MANGLE, __run_exit_handlers, or needs to convert an arbitrary write primitive into code execution via program exit. Also use when analyzing binaries for exit handler vulnerabilities or crafting exploits that trigger code execution on program termination.

2026-03-23
binary-exploitation-dtors-fini-array
محللو أمن المعلومات

Exploit arbitrary write vulnerabilities using .dtors and .fini_array sections to execute shellcode at program exit. Use this skill whenever the user mentions binary exploitation, arbitrary write vulnerabilities, .dtors, .fini_array, destructor sections, or needs to execute code after main() returns. Also use when the user has write access to a binary's memory and wants to hijack program termination.

2026-03-23
array-indexing-exploitation
محللو أمن المعلومات

How to identify and exploit array indexing vulnerabilities in binary exploitation challenges. Use this skill whenever the user mentions array bounds, index manipulation, off-by-one errors, array overflows, heap corruption through arrays, or any CTF/binary challenge involving array access. This skill covers colliding arrays, size field overwrites, GOT corruption, ROP chains triggered by array bugs, and heap exploitation through index manipulation. Make sure to use this skill for any binary exploitation task involving arrays, even if the user doesn't explicitly mention "array indexing" or "bounds checking".

2026-03-23
binary-exploitation-methodology
محللو أمن المعلومات

A comprehensive methodology for binary exploitation, covering stack overflows, ROP chains, shellcode injection, and bypassing protections like ASLR, PIE, NX, and canaries. Use this skill whenever the user mentions binary exploitation, CTF challenges, buffer overflows, ROP, shellcode, ELF analysis, or any security research involving binary vulnerabilities. Trigger this skill for any task involving reverse engineering, vulnerability analysis, or exploit development on compiled binaries.

2026-03-23
elf-binary-analysis
محللو أمن المعلومات

Analyze ELF binary files for reverse engineering, security research, and exploitation. Use this skill whenever the user needs to understand ELF structure, analyze program headers, section headers, symbols, relocations, GOT/PLT, or identify binary protections like RELRO, stack canaries, and PIE. Trigger on any request involving ELF files, binary analysis, readelf output interpretation, or exploitation reconnaissance.

2026-03-23
pwntools-binary-exploitation
محللو أمن المعلومات

Use this skill whenever working with binary exploitation, reverse engineering, or CTF challenges involving PwnTools. Trigger for: generating shellcode, analyzing binaries with checksec, creating cyclic patterns for buffer overflows, converting ELF to shellcode, debugging with GDB, disassembling opcodes, or any pwntools-related task. Make sure to use this skill for any binary exploitation workflow, even if the user doesn't explicitly mention 'pwntools' or 'pwn'.

2026-03-23
binary-exploitation-tools
محللو أمن المعلومات

A comprehensive guide to binary exploitation tools and techniques. Use this skill whenever the user needs help with buffer overflow exploitation, reverse engineering, debugging binaries, or working with tools like GDB, Metasploit, Ghidra, or analyzing vulnerable binaries. Trigger for any binary exploitation task, CTF challenges, vulnerability analysis, or when the user mentions stack overflows, shellcode, ROP gadgets, or binary analysis.

2026-03-23
chrome-exploitation-research
محللو أمن المعلومات

Guide for Chrome browser exploitation research and full-chain vulnerability analysis. Use this skill when researching Chrome security, analyzing browser vulnerabilities, developing proof-of-concepts for CVEs, or understanding Chrome's multi-layered sandbox architecture. Trigger this skill for any Chrome exploitation questions, V8 sandbox escape techniques, Mojo IPC abuse, WebAssembly JIT bugs, or when setting up Chrome debugging environments for security research.

2026-03-23
aslr-bypass
محللو أمن المعلومات

How to check, disable, and bypass ASLR (Address Space Layout Randomization) on Linux systems. Use this skill whenever the user mentions ASLR, address randomization, memory layout, binary exploitation, CTF challenges involving memory addresses, or needs to work around ASLR for debugging or exploitation. This includes checking ASLR status, disabling it for testing, brute-forcing addresses, using information leaks, or exploiting fixed addresses like vsyscall/vDSO.

2026-03-23
ret2plt-exploit
محللو أمن المعلومات

How to perform ret2plt (return-to-PLT) attacks to bypass ASLR by leaking libc addresses. Use this skill whenever the user mentions ASLR bypass, PLT/GOT exploitation, libc leaks, ret2plt, return-to-PLT, or needs to leak function addresses from libc to calculate base addresses. Also use when dealing with binary exploitation challenges involving stack overflows, dynamic binaries, or when the user needs to chain PLT calls to leak GOT entries. Make sure to use this skill for any CTF challenge or binary exploitation task involving ASLR, PIE, or libc address resolution.

2026-03-23
ret2ret-exploitation
محللو أمن المعلومات

How to bypass ASLR using Ret2ret and Ret2pop techniques. Use this skill whenever the user mentions ASLR bypass, stack pointer manipulation, ret2ret, ret2pop, or needs help crafting exploits that leverage existing stack pointers to defeat address randomization. Make sure to use this skill when working on binary exploitation challenges involving stack overflows with ASLR enabled, or when the user needs to understand how to abuse existing stack pointers for control flow hijacking.

2026-03-23
cet-shadow-stack
محللو أمن المعلومات

Control Flow Enforcement Technology (CET) and Shadow Stack analysis for binary exploitation. Use this skill whenever the user mentions CET, shadow stack, control flow integrity, ROP/JOP attacks, binary security protections, or needs to understand how modern CPU features prevent control-flow hijacking. Trigger for security research, binary analysis, exploitation learning, or when discussing hardware-level security mitigations.

2026-03-23
binary-exploitation-core-dumps
محللو أمن المعلومات

How to enable and analyze core dump files for binary exploitation debugging and crash analysis. Use this skill whenever the user mentions core dumps, crash analysis, GDB debugging, binary exploitation, reverse engineering, or needs to investigate why a program crashed. Make sure to use this skill when working with CTF challenges, security research, or any situation where understanding a program's crash state is important.

2026-03-23
عرض أهم 40 من أصل 908 skills مجمعة في هذا المستودع.