abelrguezr
UserA collection of reusable red teaming agent skills derived from Hacktricks created with Qwen3.5-27B-FP8
Categories
Indexed Skills (6)
windows-seimpersonate-privilege-escalation
Windows privilege escalation technique using SeImpersonate to escalate from High Integrity to SYSTEM. Use this skill when the user needs to escalate privileges on Windows, mentions token impersonation, SeImpersonate, or wants to run commands as SYSTEM from a High Integrity context. Also trigger when the user has administrative access and wants to impersonate process tokens like winlogon.exe or svchost.exe.
captcha-bypass
Techniques for bypassing captchas during authorized security testing and penetration testing. Use this skill whenever you're testing web applications and encounter captcha challenges that need to be automated or bypassed for testing purposes. This includes penetration testing, security assessments, and authorized vulnerability scanning. Don't use this for unauthorized access or malicious purposes.
lansweeper-assessment
Security assessment skill for Lansweeper IT asset management platforms. Use this skill whenever the user needs to assess Lansweeper deployments, harvest scanning credentials, decrypt stored secrets, abuse AD ACLs related to Lansweeper groups, or execute deployment-based RCE. Trigger on mentions of Lansweeper, IT asset discovery, scanning credentials, web.config decryption, deployment packages, or any Lansweeper-related attack surface during penetration testing or red team engagements.
cache-poisoning-dos
How to test for web cache poisoning vulnerabilities that can lead to denial of service. Use this skill whenever the user mentions cache servers, CDNs, DoS attacks, web server vulnerabilities, HTTP headers, Cloudflare, or any scenario where they want to test if error responses can be cached and served to legitimate users. This includes testing for header-based attacks, method override vulnerabilities, and cache key manipulation.
android-accessibility-pentest
Android Accessibility Service security analysis and pentesting. Use this skill whenever the user mentions Android security testing, accessibility service abuse, RAT detection, malware analysis, ClayRat, PlayPraetor, overlay phishing, credential harvesting, or any Android app security assessment involving AccessibilityService APIs. This skill helps detect malicious accessibility services, analyze abuse patterns, and harden apps against accessibility-based attacks.
brute-force-assistant
Use this skill for authorized penetration testing and security assessments involving brute force attacks, password cracking, and credential testing. Trigger this skill when users need to test authentication systems, crack password hashes, generate custom wordlists, or perform service-specific brute force operations. Make sure to use this skill whenever the user mentions password cracking, hash cracking, brute force testing, credential testing, wordlist generation, or any authentication security assessment, even if they don't explicitly ask for 'brute force'.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.