Skillz Wiki¶
Agent-ready offensive security skills, recon workflows, and replayable exploit-path notes.
Recent entries¶
- Browser Engine Memory-Safety Bugs Are RCE Until Proven Otherwise
- Mutation Testing Beats Coverage Theater
- MBA Obfuscation Needs Mechanical Simplification
- AI-Native Knowledge Systems Need Rules, Sandboxes, and a Maturity Ladder
- OpenClaw advisory alert bundle
- SiYuan reflected XSS via SVG namespace-prefix bypass
- @tinacms/graphql FilesystemBridge path validation bypass via symlinks or junctions
- Mattermost account takeover substring matching flaw and login rate-limit DoS
- Citrix NetScaler out-of-bounds read vulnerability
- TrueConf Client download of code without integrity check
- Webhook Secrets Need Brute-Force Resistance
- Channel Policy Enforcement Must Happen Before Enqueueing
- Dimensional Analysis for Audit Workflows
- HTTP Probing with httpx
- DNS Enumeration
- Nmap Scanning
What lives here¶
- Skills: installable, tool-specific guides that agents can execute step by step
- Recon: workflows for turning scope into a prioritized asset map
- Exploit Paths: concrete attack chains that are specific enough to replay during authorized testing
- Templates: reusable report skeletons and delivery formats
- Notes: editorial guidance, taxonomy, and source tracking
- Blog: short updates when major skills or exploit paths land
Older alert and mitigation-oriented reference pages may remain in the repo, but the primary site surface is intentionally centered on pentesting, red-team, and bug-bounty operator workflows.
How the skills are written¶
Each skill page is structured so it can be reused outside the wiki:
- When to use the tool
- Required inputs and prerequisites
- Command patterns worth reusing
- Expected outputs and what to capture
- Safety constraints and scope boundaries
Authorized use only
These pages are for lawful research, lab work, and authorized assessments. Do not apply them to systems you do not own or lack explicit permission to test.