一键导入
client-side
Client-side vulnerability testing - XSS (reflected/stored/DOM), CSRF, CORS misconfiguration, Clickjacking, DOM-based attacks, and Prototype Pollution.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Client-side vulnerability testing - XSS (reflected/stored/DOM), CSRF, CORS misconfiguration, Clickjacking, DOM-based attacks, and Prototype Pollution.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
| name | client-side |
| description | Client-side vulnerability testing - XSS (reflected/stored/DOM), CSRF, CORS misconfiguration, Clickjacking, DOM-based attacks, and Prototype Pollution. |
Test for client-side vulnerabilities across modern web applications and SPAs.
| Type | Key Vectors |
|---|---|
| XSS | Reflected, Stored, DOM-based, framework-specific (React, Vue, Angular) |
| CSRF | Token bypass, SameSite cookie bypass, cross-origin requests |
| CORS | Misconfigured origins, null origin, wildcard credentials |
| Clickjacking | Frame-based, drag-and-drop, multi-step |
| DOM-based | DOM sinks, source/sink analysis, JavaScript URL schemes |
| Prototype Pollution | Client-side gadgets, server-side pollution, property injection |
reference/xss*.md - XSS bypass techniques and exploitationreference/csrf*.md - CSRF techniques and bypassesreference/cors*.md - CORS misconfiguration testingreference/clickjacking*.md - Clickjacking techniquesreference/dom*.md - DOM-based vulnerability testingreference/prototype-pollution*.md - Prototype pollution techniques