Shodan CLI-only search workflow for query design, filter selection, count/stats validation, and search-result retrieval through /root/.local/bin/shodan.
Manual vulnerability research skill for finding advisories, downloading affected and fixed artifacts, diffing patches, confirming root cause, and writing reliable reports across products and technologies.
Controlled lab skill for Hack The Box, CTF, and private lab workflows from reconnaissance, enumeration, vulnerability research, exploitation, foothold, and privilege escalation through evidence consolidation.
Static malware reverse-engineering and threat-intelligence triage for unknown files, Windows EXE/PE binaries, scripts, archives, ISOs, JavaScript, PowerShell, documents, and unpacked payloads. Use when a user provides a sample path, hash, filename, or file and asks whether it is malicious, benign, suspicious, contains IoCs, or should be reverse engineered with Ghidra, strings, capa, YARA, public TI, and structured phase artifacts.
BEC and AiTM incident-response skill for suspicious sign-ins, mailbox abuse, forwarding, inbox rules, session theft, token replay, consent abuse, and secondary phishing.
Defensive incident-response companion for Microsoft Entra ID, Microsoft 365, Defender, and mixed identity or endpoint incidents. Use for sign-in triage, public-IP enrichment, initial scoping, containment planning, and analyst-ready notes.
Incident-response reporting skill for decision-ready summaries, timelines, containment records, executive handoff, remediation plans, and unresolved evidence gaps.
Focused authorization assessment for access control, IDOR, BOLA, BFLA, RBAC, object ownership, function authorization, tenant isolation, and horizontal or vertical privilege escalation. Uses paired roles, alternate objects, methods, and controls to prove boundaries safely.