Sponsored by

Find leads on Reddit on auto pilot

Topic: claude

14,433 skills in this topic.

adcs-template-abuse Exploits misconfigured AD CS certificate templates to impersonate any domain user via SAN manipulation or enrollment agent abuse. Covers ESC1 (enrollee supplies subject), ESC2 (any-purpose/no EKU), ESC3 (enrollment agent), ESC6 (EDITF_ATTRIBUTESUBJECTALTNAME2 CA flag).
blacklanternsecurity/red-run 126
adcs-persistence Establishes persistence and exploits weak certificate mapping in AD CS. Covers ESC9 (no security extension), ESC10 (weak certificate mapping), ESC12-15 (YubiHSM, issuance policy, altSecIdentities, application policies), Golden Certificate (forge with stolen CA key), certificate theft (DPAPI/CAPI/CNG), and account persistence via certificate mapping.
blacklanternsecurity/red-run 126
xxe Guide XML External Entity (XXE) injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
acl-abuse Exploits misconfigured Active Directory ACLs for privilege escalation. Covers GenericAll, GenericWrite, WriteDACL, WriteOwner, ForceChangePassword, targeted Kerberoasting via SPN manipulation, shadow credentials (msDS-KeyCredentialLink → PKINIT), and AdminSDHolder persistence.
blacklanternsecurity/red-run 126
<skill-name> <What this skill does in 2-3 sentences. Focus on technique scope and when to use it. No trigger phrases, negative conditions, or OPSEC details here.>
blacklanternsecurity/red-run 126
windows-credential-harvesting Harvest stored credentials from a Windows system for privilege escalation or lateral movement.
blacklanternsecurity/red-run 126
windows-discovery Windows local privilege escalation enumeration and attack surface mapping.
blacklanternsecurity/red-run 126
pass-the-hash Authenticates to AD services using NTLM hashes, AES keys, or Kerberos tickets without cracking passwords. Covers Pass-the-Hash, Over-Pass-the-Hash, Pass-the-Key, and Pass-the-Ticket for lateral movement.
blacklanternsecurity/red-run 126
windows-kernel-exploits Exploit Windows kernel vulnerabilities, vulnerable drivers, and privileged file operations for local privilege escalation to SYSTEM.
blacklanternsecurity/red-run 126
windows-service-dll-abuse Exploit Windows service misconfigurations and DLL hijacking for local privilege escalation.
blacklanternsecurity/red-run 126
windows-token-impersonation Exploit Windows token privileges for local privilege escalation to SYSTEM.
blacklanternsecurity/red-run 126
windows-uac-bypass Bypass Windows User Account Control to escalate from medium to high integrity.
blacklanternsecurity/red-run 126
unknown-vector-analysis Analyze custom applications, scripts, and binaries that standard technique skills could not exploit. Performs source code review, attack surface mapping, CVE research, and PoC adaptation. Route here when ANY technique agent returns saying standard patterns do not match, the target uses a custom/unknown application, or no existing technique skill covers the vector. Trigger phrases: "standard patterns don't match", "custom script", "unknown binary", "no matching technique", "unrecognized application". Do NOT use for known vulnerability classes that have dedicated technique skills — route to those instead.
blacklanternsecurity/red-run 126
retrospective Post-engagement lessons-learned retrospective. Reads the engagement directory, analyzes skill routing decisions, identifies knowledge gaps and missing skills, and produces an actionable improvement report.
blacklanternsecurity/red-run 126
2fa-bypass Bypass two-factor authentication (2FA/MFA) during authorized penetration testing.
blacklanternsecurity/red-run 126
ajp-ghostcat Exploit Apache JServ Protocol (AJP) misconfigurations and Ghostcat (CVE-2020-1938) for file read and remote code execution on Apache Tomcat. Use when port 8009 is open or AJP connector is exposed.
blacklanternsecurity/red-run 126
deserialization-dotnet Exploit .NET deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
ad-persistence Establishes persistent access in Active Directory environments after domain compromise. Covers DCShadow (rogue DC attribute modification), Skeleton Key (LSASS master password), custom SSP injection (credential logging via mimilib/memssp), security descriptor backdoors (WMI/WinRM/ DCOM/registry ACL modification), ADFS Golden SAML (DKM key extraction and forged SAML tokens), SID history persistence (DA SID in regular user), and certificate-based persistence (golden certificate, renewal, enrollment agent).
blacklanternsecurity/red-run 126
deserialization-php Exploit PHP deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
file-upload-bypass Guide file upload restriction bypass during authorized penetration testing.
blacklanternsecurity/red-run 126
ldap-injection Exploit LDAP injection vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
database-enumeration Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
infrastructure-enumeration Enumeration of infrastructure services: DNS, SMTP, SNMP, IPMI, NFS, TFTP, RPC/MSRPC, and HTTP/HTTPS surface detection. Checks zone transfers, open relays, default community strings, cipher zero, NFS exports, and web technology fingerprinting. Use after network-recon identifies infrastructure ports.
blacklanternsecurity/red-run 126
network-recon Network reconnaissance, host discovery, port scanning, and OS fingerprinting. Produces a port/service map that the orchestrator uses to route to service-specific enumeration skills.
blacklanternsecurity/red-run 126