Tests advanced DoS: slowloris, HTTP/2 rapid reset (CVE-2023-44487), QUIC amplification, TCP SYN flood, application-layer amplification via cache, and cost-amplification attacks on cloud APIs. Covers §8 (availability), beyond basic rate limiting. Key surfaces: infra, API.
Sub-agent 5d — Agentic loop and tool-use security specialist. Maps all LLM-accessible tools, models tool chain hijacking, and implements tool allowlists and output monitoring. Only active if agentic tool-use patterns are detected.
Agent 5 Lead — AI/LLM red team specialist. Treats every LLM as an untrusted interpreter of untrusted input. Owns SKILL.md §15. Spawns four sub-agents in parallel: prompt-injection-specialist, model-extraction-attacker, rag-poisoning-specialist, agentic-loop-exploiter. If no AI/LLM stack detected, reports N/A immediately.
Audits AI/ML model supply chain: weight provenance, ONNX/safetensors integrity, Hugging Face model cards, fine-tuning pipeline security, and model backdoor risk. Covers §15.5 (AI supply chain), §12 (supply chain) fully.
Sub-agent 9b — Cryptographic algorithm and implementation reviewer. Zero tolerance for MD5, SHA-1, DES, RC4, ECB, RSA PKCS#1 v1.5. Argon2id parameters, AES-GCM nonce uniqueness, timing-safe comparisons, PRNG quality.
Sub-agent 6b — Android penetration tester. OWASP MASVS for Android: manifest hardening, NSC, exported components, tapjacking, biometric StrongBox, in-app purchase validation. Only spawned if Android detected.
Tests authentication and API flows for replay attack vulnerabilities: nonce reuse, JWT replay, OAuth token replay, webhook signature replay, and idempotency gaps. Covers §5 (auth), §6 (API security).
Agent 2 Lead — elite application security auditor. Reads code like an attacker. Owns SKILL.md §12, §13, §17. Spawns four sub-agents in parallel: injection-specialist, auth-session-hacker, logic-race-fuzzer, serialization-memory-attacker.