Root pointer for the binary reversing lane. Covers triage, string extraction, packer unpacking, symbol risk, ROP, Ghidra deep analysis, and firmware extraction.
Web application exploitation — the primary category skill for all web-based attacks. This is a routing skill: read this first to identify the attack type, then load the appropriate specialized sub-skill for detailed procedures. Covers 11 technique areas across injection, file access, authentication, and API exploitation.
HTTP Request Smuggling (HRS) — front-end / back-end parser disagreement attacks that desync the proxy stack. Covers CL.TE, TE.CL, TE.TE, CL.0, HTTP/2 downgrade (h2.cl, h2.te), pipelining, and connection-state pinning. Includes a confirm-desync gate, header obfuscation catalog, and minimal raw-socket Python harnesses (no smuggler.py available in sandbox).
Use when the engagement target is an Android (APK / AAB) or iOS (IPA) application. Covers static analysis (jadx, apktool, class-dump), dynamic instrumentation via Frida and Objection, SSL-pinning bypass, root/jailbreak detection bypass, deep-link / URL-scheme abuse, exported-component attacks, IPC redirection, WebView vulnerabilities, and biometric / Face ID / Touch ID bypass.
Web application enumeration hub — directory/file fuzzing, vhost discovery, API enumeration, CMS scanning, WAF detection, auth surface mapping, cookie audit.
Evil-twin rogue AP with KARMA/Mana PNL-probe response, captive-portal credential capture, and post-association MITM for PSK/open networks. Distinct from wpa-enterprise-eap which targets 802.1X.
Top-level index for the Decepticon 802.11 wireless attack suite. Routes the WirelessOperator to the correct leaf skill based on the target AP's crypto column (PSK / SAE / MGT / WPS) and engagement posture. BLE, Zigbee, Z-Wave, LoRaWAN, and sub-GHz live under iot/ by design — link provided below to prevent duplication.
| name | reverser-overview |
| description | Root pointer for the binary reversing lane. Covers triage, string extraction, packer unpacking, symbol risk, ROP, Ghidra deep analysis, and firmware extraction. |
| metadata | {"subdomain":"reverse-engineering","when_to_use":"reverser binary reversing triage strings packer unpack rop ghidra firmware overview routing","upstream_ref":"Decepticon reverser lane catalog — Ghidra, AFL++, libFuzzer, binwalk, and binary triage tooling"} |
| Skill | Use for |
|---|---|
/skills/standard/reverser/triage/SKILL.md | First-pass ELF/PE/Mach-O triage |
/skills/standard/reverser/firmware/SKILL.md | Router / IoT firmware extraction |
/skills/standard/reverser/packer-unpacking/SKILL.md | UPX / ASPack / Themida / VMProtect |
/skills/standard/reverser/rop-chain/SKILL.md | Gadget hunting for exploit dev |
/skills/standard/reverser/anti-debug-bypass/SKILL.md | IsDebuggerPresent, ptrace, NtGlobalFlag |
/skills/standard/reverser/ghidra/SKILL.md | Deep Ghidra analysis — decompile, xrefs, imports, P-code |
ghidra_status — check Ghidra MCP bridge and headless availabilitybin_identify — format, arch, NX/PIEbin_packer — entropy + signaturebin_strings — category=url/ip/crypto/secret/version to seed the graphbin_symbols_report — risk bucket classificationcve_lookup + cve_by_packageghidra_analyze for full analysis, or bin_ghidra_script / bin_r2_script as fallbackghidra_decompile on interesting functions, ghidra_xrefs on dangerous imports