Skip to main content
Exécutez n'importe quel Skill dans Manus
en un clic
Dépôt GitHub

offensive-claude

offensive-claude contient 37 skills collectées depuis hypnguyen1209, avec une couverture métier par dépôt et des pages de détail sur le site.

skills collectés
37
Stars
304
mis à jour
2026-06-30
Forks
47
Couverture métier
classification en attente
explorateur de dépôts

Skills dans ce dépôt

privesc-windows
non classé

Use when escalating privileges on a Windows host — SeImpersonate Potato chains (GodPotato/PrintNotifyPotato), service & DLL hijacking, UAC bypass (fodhelper/ICMLuaUtil), kernel EoP + BYOVD (CVE-2025-29824), token-rights abuse, LSASS/SAM/DPAPI credential harvesting

2026-06-30
threat-model-discipline
non classé

Use when starting an engagement, before exploitation, or whenever the attack surface changes — build/validate the threat model and detect drift (new unreviewed surface) before advancing

2026-06-30
coding-mastery
non classé

Use when writing security tooling, exploits, scanners, or C2 in Python/C/Go/Rust/ASM — systems & network programming, automation, cryptography implementation

2026-06-30
incident-response
non classé

Use when responding to or forensically investigating an incident — triage acquisition (Velociraptor/KAPE), Volatility 3 memory forensics, Chainsaw/Hayabusa EVTX timelining, anti-forensics detection, cloud IR, ransomware/ESXi response

2026-06-30
reverse-engineering
non classé

Use when reverse-engineering a binary or firmware — static triage + decompilation (Ghidra/IDA/Binary Ninja), dynamic instrumentation (GDB/Frida 17/angr), anti-reversing & packer bypass, OLLVM/VM deobfuscation, UEFI/BIOS RE & Secure Boot research, patch-diffing for n-days

2026-06-30
using-offensive-claude
non classé

Use when starting any offensive-security engagement or task — establishes how to find and invoke the right skill before any action (including clarifying questions, recon, exploitation, or reporting)

2026-06-30
exploit-development
non classé

Use when turning a memory-corruption bug into a working PoC — stack/ROP, glibc heap & FSOP, format strings, browser/JIT type confusion & UAF, Linux/Windows kernel LPE against ASLR/DEP/CFG/CET/V8-Sandbox

2026-06-30
vulnerability-analysis
non classé

Use when auditing source code for vulnerabilities — drive CodeQL/Semgrep/Joern to taint untrusted data source-to-sink across injection, memory safety, deserialization/prototype-pollution, secrets/crypto/authz/race, and supply-chain risks

2026-06-30
finding-discipline
non classé

Use when about to record, claim, rate the severity of, or report any security finding — before marking anything [CONFIRMED] or writing it into the report

2026-06-30
engagement-memory
non classé

Use when recalling prior techniques at recon/weaponize, or recording a confirmed finding at report — cross-engagement pattern memory ranked by impact

2026-06-29
active-directory-attack
non classé

Use when attacking a Windows Active Directory domain — Kerberos roasting/delegation, coercion + NTLM/Kerberos relay (CVE-2025-33073), ADCS ESC1-16 (EKUwu), ticket forgery & DCSync, dMSA BadSuccessor (CVE-2025-53779), BloodHound attack-path enumeration, domain dominance

2026-06-29
advanced-redteam-ops
non classé

Use when designing C2 infrastructure or OPSEC for a long-haul red-team op — redirectors, malleable profiles, tiered/segregated infra, living-off-the-land, data exfiltration

2026-06-29
ai-agent-redteam
non classé

Use when red-teaming an agentic AI / LLM application — indirect & zero-click prompt injection, MCP tool poisoning, persistent memory poisoning, excessive-agency tool abuse, multi-turn jailbreaks, PyRIT/Garak/Promptfoo harnesses

2026-06-29
ai-security
non classé

Use when attacking an AI/ML system or model — prompt injection & jailbreaks (Crescendo, Skeleton Key, Best-of-N), RAG/vector poisoning, agentic/MCP exploitation (CVE-2025-54136), ML supply-chain RCE (pickle CVE-2025-32434), model extraction / membership inference / adversarial suffixes (GCG)

2026-06-29
browser-exploitation
non classé

Use when building a client-side browser exploit — V8/JSC JIT type confusion to renderer R/W, V8 heap-sandbox escape, renderer-to-browser sandbox escape (Mojo IPC, GPU/Dawn/ANGLE), Electron/webview IPC abuse, 1-click RCE chains

2026-06-29
cicd-supply-chain
non classé

Use when attacking or auditing a CI/CD pipeline or software supply chain — pwn requests, poisoned pipeline execution, compromised/mutable-tag actions, dependency confusion, registry worms, runner backdoors, OIDC trust abuse, SLSA/provenance

2026-06-29
cloud-security
non classé

Use when attacking AWS/Azure/GCP cloud — IAM/identity privilege escalation, IMDS/metadata SSRF, Entra device-code & PRT theft, GCP impersonation chains, Kubernetes/container escape, IaC/CI-CD federation abuse

2026-06-29
container-k8s-escape
non classé

Use when breaking out of a container or escalating inside Kubernetes — runc/BuildKit CVEs, privileged/capability/cgroup misconfig escapes, NVIDIA GPU toolkit escape, K8s RBAC abuse, kubelet RCE, ingress/admission-controller RCE, node-to-cluster pivot

2026-06-29
crypto-analysis
non classé

Use when assessing cryptography — TLS/PKI auditing, RSA/ECC key attacks, ECDSA nonce lattice recovery, symmetric/AEAD misuse, JWT/JOSE forgery, hash cracking, post-quantum migration review

2026-06-29
edr-evasion
non classé

Use when bypassing EDR/AV to run a payload — hook unhooking, direct/indirect syscalls, PPID spoofing, process injection, AMSI bypass, ETW patching, memory/sleep encryption, behavioral evasion

2026-06-29
initial-access
non classé

Use when gaining initial access to a target — phishing, payload delivery, HTML smuggling, ISO/IMG/MOTW bypass, supply-chain, credential stuffing, exposed-service exploitation

2026-06-29
keylogger-architecture
non classé

Use when designing or analyzing keystroke/input capture — SetWindowsHookEx, raw input devices, ETW-based capture, kernel drivers, stealth techniques and their IOCs

2026-06-29
malware-analysis
non classé

Use when reverse-engineering or detecting malware — static triage + capa/YARA-X, emulation/DBI/.NET unpacking, dynamic/fileless/Volatility 3 memory analysis, C2 config extraction (Cobalt Strike/CAPE), C2 traffic detection (JA4+, beaconing)

2026-06-29
mobile-pentest
non classé

Use when pentesting an Android/iOS app — Frida 17 instrumentation, SSL-pinning & root/jailbreak bypass, Android 14/15 CA injection, exported-component/content-provider abuse, deep-link/WebView chains, biometric bypass, Flutter/React-Native RE

2026-06-29
network-attack
non classé

Use when attacking a network or moving laterally — L2/L3 poisoning (LLMNR/mDNS, ARP/DHCP, mitm6), coercion + NTLM relay (CVE-2025-33073), TUN pivoting (Ligolo-ng/Chisel), MitM, network-service RCE (CVE-2024-38077), WPA2/WPA3 wireless

2026-06-29
opsec-discipline
non classé

Use when about to take any outward or offensive action (request, payload, persistence, lateral movement, exfil, or feeding captured traffic to the model) — to decide detection footprint, cleanup, and secret redaction first

2026-06-29
privesc-linux
non classé

Use when escalating privileges on a Linux host — SUID/SGID & GTFOBins, sudo LPE (CVE-2025-32462/32463), capabilities & LD_PRELOAD, kernel LPE (CVE-2024-1086, Dirty Pipe, GameOver(lay)), service misconfig (PwnKit, Looney Tunables), container/namespace escape

2026-06-29
recon-osint
non classé

Use when mapping a target's external attack surface or gathering OSINT — subdomain enumeration, attack-surface mapping (httpx/katana/JS secrets), subdomain takeover, multi-cloud/Azure tenant recon, GitHub secret dorking, breach/infostealer credential intel, CVE prioritization (EPSS/KEV)

2026-06-29
red-team-ops
non classé

Use when running a full red-team engagement end-to-end — initial access, persistence, privilege escalation, defense evasion, C2 infrastructure, EDR bypass, living-off-the-land

2026-06-29
shellcode-dev
non classé

Use when writing position-independent shellcode or a loader — PEB walking, API hashing, null-byte avoidance, encoders, loaders, PE-to-shellcode conversion, cross-platform shellcode

2026-06-29
threat-hunting
non classé

Use when hunting threats or engineering detections — ATT&CK Detection-Strategies, Sigma + correlation with Detection-as-Code CI, Windows endpoint hunting (Sysmon/ETW/LSASS/LOLBins), network C2 hunting (JA4+, beaconing, DNS tunneling), cloud-identity hunting, Atomic Red Team purple-team validation

2026-06-29
web-pentest
non classé

Use when pentesting a web application or API — injection, XSS/CSP, SSRF/cloud-metadata, HTTP desync & cache poisoning, SSTI/prototype-pollution/deserialization, JWT/OAuth/GraphQL/IDOR, business logic & single-packet race

2026-06-29
windows-boundaries
non classé

Use when crossing a Windows security boundary or escaping a sandbox — kernel/user crossing (win32k/dxgkrnl UAF CVE-2025-24983), BYOVD kernel R/W, UAC/COM elevation, AppContainer/LPAC & Chromium-Mojo sandbox escape (CVE-2025-2783), PPL bypass, RPC/ALPC & named-pipe impersonation

2026-06-29
windows-mitigations-bypass
non classé

Use when bypassing a Windows exploit/platform mitigation — ASLR/DEP/CFG/XFG/CET, ACG/CIG, WDAC/App Control, ASR/AMSI/ETW, PPL/LSA Protection, BYOVD/VBS/HVCI

2026-06-29
engagement-flow
non classé

Use when starting, planning, or running a multi-phase pentest or red-team engagement — to sequence the Cyber Kill Chain phases with quality gates instead of jumping straight to exploitation

2026-06-29
scope-discipline
non classé

Use when about to send a request to, scan, enumerate, exploit, or otherwise interact with any host, IP, URL, or asset — before the first packet reaches a target

2026-06-29
writing-offensive-skills
non classé

Use when creating or editing a skill in this offensive-claude repo — for the SKILL.md conventions (trigger descriptions, technique map, runnable scripts, OPSEC/detection, red-flags tables, flowchart rules)

2026-06-29