一键导入
api-security
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
| name | api-security |
| description | API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques. |
Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.
| Type | Key Vectors |
|---|---|
| GraphQL | Introspection, batching attacks, nested query DoS, field suggestion |
| REST API | BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning |
| WebSocket | Cross-site hijacking, message manipulation, auth flaws |
| Web-LLM | Prompt injection via API, excessive agency, data exfiltration |
reference/graphql*.md - GraphQL attack techniques and labsreference/scenarios/rest/*.md - REST API security testing (BOLA/BOPLA, mass assignment, SSPP, content-type confusion)reference/websockets*.md - WebSocket vulnerability testingreference/web-llm*.md - Web-LLM attack techniques and labs