en un clic
analyzing-api-gateway-access-logs
">"
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Menu
">"
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Basé sur la classification professionnelle SOC
Command injection testing methodology covering OS command injection, code injection, filter evasion, blind command injection, and shell-specific techniques for bash, PowerShell, and cmd.exe.
Multi-step exploit chaining methodology for combining low-severity findings into full compromise paths. Covers attack chain scoring, approval gates, and systematic approach to turning individual findings into complete attack paths.
Comprehensive privilege escalation methodology for Linux and Windows. Covers kernel exploits, SUID binaries, service misconfigurations, credential harvesting, and both local privilege escalation paths.
Comprehensive reconnaissance methodology covering OSINT, subdomain enumeration, technology fingerprinting, DNS reconnaissance, and attack surface mapping. Includes passive and active recon techniques with OPSEC considerations.
Comprehensive SQL injection testing methodology covering Union-based, Error-based, Blind (Boolean/Time-based), Stacked queries, and WAF bypass techniques. Includes database-specific payloads for MySQL, PostgreSQL, MSSQL, Oracle, SQLite, and NoSQL injection.
Comprehensive Server-Side Request Forgery (SSRF) testing methodology covering basic SSRF, blind SSRF, DNS rebinding, cloud metadata exploitation, and gopher/redis attacks. Includes bypass techniques and automation.
| name | analyzing-api-gateway-access-logs |
| description | > |
Parse API gateway access logs to identify attack patterns including broken object level authorization (BOLA), excessive data exposure, and injection attempts.
import pandas as pd
df = pd.read_json("api_gateway_logs.json", lines=True)
# Detect BOLA: same user accessing many different resource IDs
bola = df.groupby(["user_id", "endpoint"]).agg(
unique_ids=("resource_id", "nunique")).reset_index()
suspicious = bola[bola["unique_ids"] > 50]
Key detection patterns:
# Detect 401 surges indicating credential scanning
auth_failures = df[df["status_code"] == 401]
scanner_ips = auth_failures.groupby("source_ip").size()
scanners = scanner_ips[scanner_ips > 100]