zebbern
@zebbern
Public Skills
Cross-Site Scripting and HTML Injection Testing
by zebbern
This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.
Burp Suite Web Application Testing
by zebbern
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.
API Fuzzing for Bug Bounty
by zebbern
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
Network 101
by zebbern
This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs.
Security Scanning Tools
by zebbern
This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.
SQLMap Database Penetration Testing
by zebbern
This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.
Linux Privilege Escalation
by zebbern
This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". It provides comprehensive techniques for identifying and exploiting privilege escalation paths on Linux systems.
HTML Injection Testing
by zebbern
This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies.
AWS Penetration Testing
by zebbern
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
Shodan Reconnaissance and Pentesting
by zebbern
This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using Shodan," "scan IP ranges with Shodan," or "discover IoT devices and open ports." It provides comprehensive guidance for using Shodan's search engine, CLI, and API for penetration testing reconnaissance.
Cloud Penetration Testing
by zebbern
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
Pentest Commands
by zebbern
This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.
IDOR Vulnerability Testing
by zebbern
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.
Broken Authentication Testing
by zebbern
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
Wireshark Network Traffic Analysis
by zebbern
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.
Active Directory Attacks
by zebbern
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
Metasploit Framework
by zebbern
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
SMTP Penetration Testing
by zebbern
This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.
SSH Penetration Testing
by zebbern
This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.
Ethical Hacking Methodology
by zebbern
This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.
SQL Injection Testing
by zebbern
This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
Red Team Tools and Methodology
by zebbern
This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters.
File Path Traversal Testing
by zebbern
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.
Pentest Checklist
by zebbern
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
Windows Privilege Escalation
by zebbern
This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments.
Linux Production Shell Scripts
by zebbern
This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration.
Privilege Escalation Methods
by zebbern
This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems.
WordPress Penetration Testing
by zebbern
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
Top 100 Web Vulnerabilities Reference
by zebbern
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
Active Directory Attacks
by zebbern
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
API Fuzzing for Bug Bounty
by zebbern
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
AWS Penetration Testing
by zebbern
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
BGP Routing Protocol
by zebbern
This skill should be used when the user asks to "configure BGP", "manipulate BGP path selection", "implement BGP confederations", "configure route reflectors", "use BGP communities", or "troubleshoot BGP routing". It provides comprehensive BGP configuration and path manipulation techniques.
Broken Authentication Testing
by zebbern
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
Buffer Overflow Exploitation
by zebbern
This skill should be used when the user asks to "exploit buffer overflow vulnerabilities", "develop stack-based exploits", "find EIP offset", "identify bad characters", "create shellcode payloads", "perform fuzzing for crashes", or "gain remote code execution via memory corruption". It provides comprehensive techniques for discovering and exploiting buffer overflow vulnerabilities in Windows applications.
Burp Suite Web Application Testing
by zebbern
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.
Cloud Penetration Testing
by zebbern
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
Credential Harvesting Lab Setup
by zebbern
This skill should be used when the user asks to "build a phishing lab", "perform credential harvesting", "set up ARP spoofing", "configure DNS spoofing", "create a fake login page", or "test social engineering attacks". It provides techniques for building a credential harvesting environment.
Cross-Site Request Forgery (CSRF) Testing
by zebbern
```
DDoS Attack Testing
by zebbern
This skill should be used when the user asks to "test for DDoS vulnerabilities", "perform denial of service testing", "simulate traffic floods", "assess network resilience", "configure DDoS detection rules", or "analyze DoS attack patterns". It provides comprehensive techniques for authorized DDoS testing and detection configuration.
Ethical Hacking Methodology
by zebbern
This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.
External Network Penetration Testing
by zebbern
This skill should be used when the user asks to "perform external pentesting", "conduct external network assessment", "enumerate external attack surface", "perform OSINT reconnaissance", or "test perimeter security". It provides comprehensive external network penetration testing methodologies.
LDAP Injection Testing
by zebbern
This skill should be used when the user asks to "test for LDAP injection vulnerabilities", "exploit LDAP queries", "perform blind LDAP injection attacks", "bypass authentication using LDAP injection", "extract data from LDAP directories", or "assess LDAP-based application security". It provides comprehensive techniques for identifying and exploiting LDAP injection flaws in web applications.
File Path Traversal Testing
by zebbern
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.
Hacking Fundamentals
by zebbern
This skill should be used when the user asks to "understand hacking basics", "learn about hacker types", "understand network protocols", "learn DNS concepts", "understand attack types", or "explore security tool categories". It provides foundational cybersecurity knowledge.
Linux Commands Reference
by zebbern
This skill should be used when the user asks to "run Linux commands", "manage users and permissions", "configure file systems", "work with LVM", "set up networking", "manage services with systemd", "configure firewalls", "implement SELinux or AppArmor", or "automate tasks with cron". It provides comprehensive Linux command reference for security professionals.
HTML Injection Testing
by zebbern
This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies.
IDOR Vulnerability Testing
by zebbern
```
Linux Penetration Testing Fundamentals
by zebbern
This skill should be used when the user asks to "learn Linux for pentesting", "use Linux commands for hacking", "manage Linux processes", "manipulate text in Linux", "write bash scripts", or "configure Linux networking". It provides comprehensive Linux fundamentals for penetration testing.
John the Ripper Password Cracking
by zebbern
```
JWT Security Testing
by zebbern
This skill should be used when the user asks to "test JWT security", "hack JWT tokens", "bypass JWT authentication", "crack JWT secrets", or "exploit JWT vulnerabilities". It provides comprehensive JSON Web Token attack techniques and security assessment methodologies.
Linux Privilege Escalation
by zebbern
This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". It provides comprehensive techniques for identifying and exploiting privilege escalation paths on Linux systems.
Metasploit Framework
by zebbern
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
Linux Production Shell Scripts
by zebbern
This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration.
Mobile Application Security Testing
by zebbern
This skill should be used when the user asks to "perform mobile application penetration testing", "test Android app security", "bypass SSL pinning", "analyze APK files", "reverse engineer mobile apps", "test for insecure data storage", or "assess mobile app vulnerabilities". It provides comprehensive techniques for Android application security assessment.
Networking Essentials
by zebbern
The assistant provides comprehensive networking fundamentals including OSI model, TCP/IP, cabling, VLAN configuration, and Cisco router/switch commands. Activate when users ask about "network basics," "OSI model," "TCP/IP addressing," "subnetting," "VLAN configuration," "Cisco commands," or "network infrastructure."
Pentesting from Beginner to Advanced
by zebbern
The assistant provides a structured web application penetration testing learning path from fundamentals to advanced techniques. Activate when users ask about "learning pentesting," "web security training," "OWASP vulnerabilities," "BurpSuite tutorial," "penetration testing roadmap," or "web app security course."
OSCP Notes
by zebbern
The assistant provides detailed OSCP preparation notes covering service enumeration, exploitation techniques, and protocol-specific attacks. Activate when users ask about "OSCP enumeration," "service pentesting," "SMB attacks," "FTP exploitation," "SSH pentesting," or "protocol-specific exploits."
Network 101
by zebbern
The assistant guides users through configuring and testing network services including HTTP, HTTPS, SNMP, and SMB for penetration testing labs. Activate when users ask about "setting up web server," "configure HTTP/HTTPS," "SNMP enumeration setup," "SMB share configuration," or "network service testing."
OSCP Cheat Sheet
by zebbern
The assistant provides comprehensive OSCP exam preparation commands and techniques covering enumeration, exploitation, privilege escalation, and Active Directory attacks. Activate when users ask about "OSCP commands," "penetration testing cheat sheet," "privilege escalation techniques," "file transfer methods," or "Active Directory pentesting."
Phishing Attacks
by zebbern
The assistant guides users through phishing attack simulation tools and techniques for penetration testing and security awareness. Activate when users ask about "phishing simulation," "social engineering testing," "Shellphish," "WiFi phishing," "credential harvesting," or "security awareness training."
Pentest Checklist
by zebbern
The assistant provides a structured penetration testing checklist covering scope definition, environment preparation, monitoring, and remediation. Activate when users ask about "pentest planning," "security assessment checklist," "penetration test preparation," "pentest scope," or "security testing best practices."
Network Ports Reference
by zebbern
The assistant provides comprehensive network port and protocol reference information for security assessments and penetration testing. Activate when users ask about "port numbers," "common ports," "service ports," "TCP/UDP ports," "what runs on port X," or "protocol identification."
Session Security Testing
by zebbern
```
SQL Injection Testing
by zebbern
This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
OSCP Penetration Testing Methodology
by zebbern
This skill should be used when the user asks to "perform OSCP-style penetration testing", "enumerate network services", "escalate privileges on Windows or Linux", "conduct Active Directory attacks", "transfer files between systems", "crack password hashes", or "execute lateral movement techniques". It provides a comprehensive methodology and command reference for offensive security certification preparation and real-world penetration testing.
Quick Pentest Reference
by zebbern
This skill should be used when the user asks to "perform quick enumeration", "run directory busting", "enumerate DNS", "discover live hosts", "brute force passwords", or "needs a pentest cheat sheet". It provides rapid reference commands for penetration testing.
PowerShell Scripting for Security
by zebbern
This skill should be used when the user asks to "write PowerShell scripts", "automate security tasks with PowerShell", "create PowerShell functions", "work with PowerShell modules", "parse data with PowerShell", or "build security automation scripts". It provides comprehensive PowerShell scripting fundamentals for security professionals.
Pentest Commands
by zebbern
The assistant provides essential penetration testing commands for Nmap, Metasploit, SQLMap, Hydra, John the Ripper, Nikto, and other tools. Activate when users ask about "pentest commands," "nmap scanning," "metasploit exploits," "password cracking," "web vulnerability scanning," or "network enumeration."
Top 100 Web Vulnerabilities Reference
by zebbern
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
Shodan Reconnaissance and Pentesting
by zebbern
```
SQLMap Database Penetration Testing
by zebbern
```
Red Team Tools and Methodology
by zebbern
The assistant provides red team methodologies, bug bounty hunting workflows, and tool configurations from top security researchers. Activate when users ask about "red team methodology," "bug bounty workflow," "reconnaissance automation," "XSS hunting," "subdomain enumeration," or "security researcher techniques."
Privilege Escalation Methods
by zebbern
This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems.
Wi-Fi Penetration Testing
by zebbern
This skill should be used when the user asks to "perform wireless network penetration testing", "crack WEP or WPA passwords", "capture Wi-Fi handshakes", "conduct deauthentication attacks", "test wireless security", "perform MITM attacks on Wi-Fi", or "assess wireless network vulnerabilities". It provides comprehensive techniques for auditing wireless network security.
SMTP Penetration Testing
by zebbern
This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.
SSH Key-Based Authentication
by zebbern
This skill should be used when the user asks to "configure SSH key authentication", "set up SSH keys", "generate SSH key pairs", "copy SSH keys to servers", "configure SSH config file", "troubleshoot SSH key access", "manage multiple SSH keys", "restrict SSH key usage", "secure SSH access", or "automate SSH connections". Use this skill to implement secure, passwordless SSH authentication using cryptographic key pairs.
Security Scanning Tools
by zebbern
This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.
SSH Penetration Testing
by zebbern
This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.