원클릭으로
injection
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery.
Digital forensics and incident response - Windows event log analysis, PCAP forensics, filesystem artifact analysis, AD attack detection, and timeline correlation. Use when investigating security incidents, analyzing Sherlocks, or performing threat hunting on provided evidence files.
| name | injection |
| description | Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques. |
Test for injection vulnerabilities across all input vectors. Covers SQL, NoSQL, Command, SSTI, XXE, and LDAP injection.
| Type | Key Vectors |
|---|---|
| SQL Injection | In-band (union, error), Blind (boolean, time), Out-of-band |
| NoSQL Injection | Operator injection, JavaScript injection, aggregation pipeline |
| Command Injection | OS command separators, blind techniques, out-of-band |
| SSTI | Template engine detection, sandbox escape, RCE chains |
| XXE | Entity expansion, SSRF via XXE, blind XXE, parameter entities |
| LDAP/XPath | Filter manipulation, authentication bypass |
reference/sql-injection*.md - SQL injection techniquesreference/nosql-injection*.md - NoSQL injection techniquesreference/os-command-injection*.md - OS command injectionreference/ssti*.md - Server-side template injectionreference/xxe*.md - XML external entity injectionreference/ldap-injection-quickstart.md - LDAP filter injection: detection, auth bypass, blind boolean extraction via (description=PREFIX*) chainingreference/xpath-injection-quickstart.md - XPath injection (CWE-643): lxml/Java/Node sinks, ' or '1'='1' or 'a'='b boolean oracle, blind char-by-char extraction recipe