Skip to main content
Jeden Skill in Manus ausführen
mit einem Klick
GitHub-Repository

bingo

bingo enthält 49 gesammelte Skills von bingook, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.

gesammelte Skills
49
Stars
243
aktualisiert
2026-06-13
Forks
25
Berufsabdeckung
2 Berufskategorien · 100% klassifiziert
Repository-Explorer

Skills in diesem Repository

active-directory-acl-abuse
Informationssicherheitsanalysten

Active Directory ACL abuse playbook. Use when exploiting misconfigured AD permissions including GenericAll, WriteDACL, DCSync rights, shadow credentials, LAPS reading, GPO abuse, and BloodHound-guided attack paths.

2026-06-13
active-directory-certificate-services
Informationssicherheitsanalysten

AD Certificate Services attack playbook. Use when targeting misconfigured AD CS for privilege escalation via ESC1-ESC13 template abuse, NTLM relay to enrollment, CA officer abuse, and certificate-based persistence.

2026-06-13
active-directory-kerberos-attacks
Informationssicherheitsanalysten

Kerberos attack playbook for Active Directory. Use when targeting AD authentication via AS-REP roasting, Kerberoasting, golden/silver/diamond tickets, delegation abuse, or pass-the-ticket attacks.

2026-06-13
android-pentesting-tricks
Informationssicherheitsanalysten

Android pentesting playbook. Use when testing Android applications for SSL pinning bypass, exported component abuse, WebView vulnerabilities, intent redirection, root detection bypass, tapjacking, and backup extraction during authorized mobile security assessments.

2026-06-13
anti-debugging-techniques
Informationssicherheitsanalysten

Anti-debugging detection and bypass playbook. Use when reversing protected binaries that detect debuggers via ptrace, PEB flags, timing checks, or signal/exception handlers on Linux and Windows.

2026-06-13
binary-protection-bypass
Informationssicherheitsanalysten

Binary protection bypass playbook. Use when identifying and bypassing ASLR, PIE, NX/DEP, stack canary, RELRO, FORTIFY_SOURCE, CET, and MTE protections in ELF binaries to enable exploitation.

2026-06-13
browser-exploitation-v8
Informationssicherheitsanalysten

Browser and V8 exploitation playbook. Use when exploiting JavaScript engine vulnerabilities including JIT type confusion, incorrect bounds elimination, and V8 sandbox bypass to achieve renderer RCE and sandbox escape in Chrome/Chromium.

2026-06-13
business-logic-vulnerabilities
Informationssicherheitsanalysten

Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step authorization gaps.

2026-06-13
container-escape-techniques
Informationssicherheitsanalysten

Container escape playbook. Use when operating inside a Docker container, LXC, or Kubernetes pod and need to escape to the host via privileged mode, capabilities, Docker socket, cgroup abuse, namespace tricks, or runtime vulnerabilities.

2026-06-13
cors-cross-origin-misconfiguration
Informationssicherheitsanalysten

CORS misconfiguration testing playbook. Use when analyzing cross-origin trust, credentialed browser reads, origin reflection, preflight policy bugs, and browser-based access to authenticated APIs.

2026-06-13
deserialization-insecure
Informationssicherheitsanalysten

Insecure deserialization playbook. Use when Java, PHP, or Python applications deserialize untrusted data via ObjectInputStream, unserialize, pickle, or similar mechanisms that may lead to RCE, file access, or privilege escalation.

2026-06-13
ghost-bits-cast-attack
Informationssicherheitsanalysten

Java "Ghost Bits" / Cast Attack playbook (Black Hat Asia 2026). Use when attacking Java services where 16-bit char is silently narrowed to 8-bit byte to bypass WAF/IDS for SQL injection, deserialization RCE, file upload (Webshell), path traversal, CRLF injection, request smuggling, and SMTP injection. Affects Tomcat, Spring, Jetty, Undertow, Vert.x, Jackson, Fastjson, Apache Commons BCEL, Apache HttpClient, Angus Mail, JDK HttpServer, Lettuce, Jodd, XMLWriter and re-enables many "patched" CVEs through WAF bypass.

2026-06-13
heap-exploitation
Informationssicherheitsanalysten

Heap exploitation playbook. Use when targeting ptmalloc2/glibc heap vulnerabilities including UAF, double free, overflow, off-by-one/null, and leveraging tcache/fastbin/unsortedbin attacks for arbitrary write or code execution.

2026-06-13
injection-checking
Informationssicherheitsanalysten

Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on how attacker-controlled input is consumed.

2026-06-13
ios-pentesting-tricks
Informationssicherheitsanalysten

iOS pentesting playbook. Use when testing iOS applications for keychain extraction, URL scheme hijacking, Universal Links exploitation, runtime manipulation, binary protection analysis, data storage issues, and transport security bypass during authorized mobile security assessments.

2026-06-13
kernel-exploitation
Informationssicherheitsanalysten

Linux kernel exploitation playbook. Use when exploiting kernel vulnerabilities (UAF, OOB, race condition, type confusion) for privilege escalation via commit_creds, modprobe_path overwrite, or kernel ROP chains in CTF and real-world scenarios.

2026-06-13
linux-privilege-escalation
Informationssicherheitsanalysten

Linux privilege escalation playbook. Use when you have low-privilege shell access and need to escalate to root via SUID/SGID binaries, capabilities, cron abuse, kernel exploits, misconfigurations, or credential harvesting on Linux systems.

2026-06-13
llm-prompt-injection
Informationssicherheitsanalysten

LLM prompt injection playbook. Use when testing AI/LLM applications for direct injection, indirect injection via RAG/browsing, tool abuse, data exfiltration, MCP security risks, and defense bypass techniques.

2026-06-13
macos-process-injection
Informationssicherheitsanalysten

macOS process injection playbook. Use when you need to inject code into running or launching macOS processes via dylib hijacking, DYLD environment variables, XPC exploitation, Mach port manipulation, or Electron/Chromium abuse.

2026-06-13
macos-security-bypass
Informationssicherheitsanalysten

macOS security bypass playbook. Use when targeting macOS endpoints and need to bypass TCC, Gatekeeper, SIP, sandbox, code signing, or entitlement-based protections during authorized red team or pentest engagements.

2026-06-13
memory-forensics-volatility
Informationssicherheitsanalysten

Memory forensics playbook using Volatility 2/3. Use when analyzing memory dumps for malware analysis, credential extraction, process investigation, code injection detection, and incident response timeline reconstruction.

2026-06-13
network-protocol-attacks
Informationssicherheitsanalysten

Network protocol attack playbook. Use when exploiting layer 2/3 protocols including ARP spoofing, LLMNR/NBT-NS/mDNS poisoning, WPAD abuse, DHCPv6 attacks, VLAN hopping, STP manipulation, DNS spoofing, IPv6 attacks, and IDS/IPS evasion.

2026-06-13
ntlm-relay-coercion
Informationssicherheitsanalysten

NTLM relay and authentication coercion playbook. Use when capturing and relaying NTLM authentication to escalate privileges via SMB, LDAP, HTTP, or MSSQL relay targets, combined with PetitPotam, PrinterBug, and other coercion methods.

2026-06-13
prototype-pollution-advanced
Informationssicherheitsanalysten

Advanced prototype pollution playbook — server-side RCE, client-side gadgets, filter bypasses, and detection techniques. Companion to ../prototype-pollution/ for basics. Use when you've confirmed pollution and need to escalate to code execution or find framework-specific gadgets.

2026-06-13
request-smuggling
Informationssicherheitsanalysten

HTTP request smuggling and desynchronization testing. Use when front proxies, CDNs, or load balancers disagree with the origin on message framing (Content-Length vs Transfer-Encoding), on HTTP/2→HTTP/1 translation, or when exploring client-side desync via browser fetch pipelines.

2026-06-13
reverse-shell-techniques
Informationssicherheitsanalysten

Reverse shell techniques playbook. Use when establishing remote shells including language one-liners, encrypted shells (OpenSSL/socat/ncat), web shells, PTY upgrades, file transfer methods, PowerShell shells, and Windows payload generation.

2026-06-13
rsa-attack-techniques
Informationssicherheitsanalysten

RSA attack playbook for CTF and real-world cryptanalysis. Use when given RSA parameters (n, e, c) and need to recover plaintext by exploiting weak keys, small exponents, shared factors, or padding oracles.

2026-06-13
sandbox-escape-techniques
Informationssicherheitsanalysten

Sandbox escape playbook. Use when breaking out of Python sandbox, Lua sandbox, seccomp filter, chroot jail, container/Docker, browser sandbox, or namespace isolation to achieve unrestricted code execution or file access.

2026-06-13
smart-contract-vulnerabilities
Softwareentwickler

Smart contract vulnerability playbook. Use when auditing Solidity/EVM contracts for reentrancy, integer overflow, access control, delegatecall, flash loan, signature replay, and MEV-related attack patterns.

2026-06-13
sqli-sql-injection
Informationssicherheitsanalysten

SQL injection playbook. Use when input reaches SQL queries, authentication logic, sorting, filtering, reporting, or DB-specific blind and out-of-band execution paths.

2026-06-13
ssrf-server-side-request-forgery
Informationssicherheitsanalysten

SSRF playbook. Use when the server fetches URLs, resolves hostnames, imports remote content, or can be driven toward internal networks, cloud metadata, or secondary protocols.

2026-06-13
ssti-server-side-template-injection
Informationssicherheitsanalysten

SSTI playbook. Use when template expressions, server-side rendering, preview features, or templating engines may evaluate attacker-controlled content.

2026-06-13
stack-overflow-and-rop
Informationssicherheitsanalysten

Stack overflow and ROP playbook. Use when exploiting buffer overflows to hijack control flow via return address overwrite, ROP chains, ret2libc, ret2csu, ret2dlresolve, or SROP on Linux userland binaries.

2026-06-13
steganography-techniques
Informationssicherheitsanalysten

Steganography detection and extraction playbook. Use when analyzing images (LSB, PNG chunks, JPEG DCT, EXIF), audio (spectrogram, DTMF), files (polyglots, appended data, ADS), and text (whitespace, zero-width, homoglyphs) for hidden data.

2026-06-13
symbolic-execution-tools
Informationssicherheitsanalysten

Symbolic execution and constraint solving playbook. Use when solving CTF reversing challenges, recovering keys, bypassing checks, or automating binary analysis with angr, Z3, or Unicorn Engine.

2026-06-13
symmetric-cipher-attacks
Informationssicherheitsanalysten

Symmetric cipher attack playbook. Use when exploiting block cipher mode weaknesses (CBC padding oracle, ECB cut-and-paste, bit flipping), stream cipher key reuse, or meet-in-the-middle attacks.

2026-06-13
unauthorized-access-common-services
Informationssicherheitsanalysten

Unauthorized access playbook for common exposed services. Use when Redis, Rsync, PHP-FPM, AJP/Ghostcat, Hadoop YARN, H2 Console, or similar management interfaces are exposed without authentication.

2026-06-13
upload-insecure-files
Informationssicherheitsanalysten

Insecure file upload playbook. Use when testing upload validation, storage paths, processing pipelines, preview behavior, overwrite risks, and upload-to-RCE chains.

2026-06-13
waf-bypass-techniques
Informationssicherheitsanalysten

WAF bypass methodology and generic evasion techniques. Use when a web application firewall blocks injection payloads (SQLi, XSS, RCE) and you need to craft bypasses using encoding, protocol-level tricks, or WAF-specific weaknesses.

2026-06-13
web-cache-deception
Informationssicherheitsanalysten

Web cache deception and poisoning playbook. Use when CDN, reverse proxy, or application caching may serve sensitive authenticated content to other users due to path confusion or cache key manipulation.

2026-06-13
Zeigt die Top 40 von 49 gesammelten Skills in diesem Repository.