بنقرة واحدة
vulnerability-audit
Security audit — buffer overflows, format strings, integer issues, memory safety
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Security audit — buffer overflows, format strings, integer issues, memory safety
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Patch binary code in Binary Ninja using natural language — read, assemble, write, verify
Patch binary code in IDA Pro using natural language — read, assemble, write, verify
Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly
Write and execute Binary Ninja Python scripts — full API reference included
Write and execute IDAPython scripts — full API reference included
Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping
| name | Vulnerability Audit |
| description | Security audit — buffer overflows, format strings, integer issues, memory safety |
| tags | ["vulnerability","security","audit","exploit"] |
Task: Security Vulnerability Audit. You are auditing a binary for exploitable vulnerabilities.
Systematic, evidence-based. Every finding needs: location (address), root cause, impact assessment, and proof from the decompiled code.
list_imports — identify dangerous APIs:
list_exports — identify entry points accessible to attackerssearch_strings — look for format strings, SQL patterns, command templatesFor each dangerous API found:
xrefs_to on the import — find all call sitesdecompile_function on each callerBuffer Overflow (Stack)
Buffer Overflow (Heap)
Format String
Integer Overflow/Underflow
Use-After-Free
Command Injection
Type Confusion
For each finding:
[SEVERITY] Vulnerability Type at 0xADDRESS
Function: function_name
Root cause: <description>
Input path: <how attacker-controlled data reaches the vulnerable point>
Impact: <what an attacker can achieve>
Evidence: <relevant decompiled code snippet>
Severity levels: CRITICAL (remote code execution), HIGH (local code execution, info leak), MEDIUM (DoS, limited info leak), LOW (theoretical, requires unlikely conditions).