Penetration Testing

exploiting-kerberoasting-with-impacket helps authorized testers plan Kerberoasting with Impacket GetUserSPNs.py, from SPN enumeration to TGS ticket extraction, offline cracking, and detection-aware reporting. Use this exploiting-kerberoasting-with-impacket guide for penetration testing workflows with clear install and usage context.

The exploiting-jwt-algorithm-confusion-attack skill helps Security Audit workflows test JWT algorithm confusion, including RS256-to-HS256 downgrades, alg:none bypasses, and kid/jku/x5u header tricks. It is backed by a practical guide, reference examples, and a script for repeatable validation.

The exploiting-insecure-data-storage-in-mobile skill helps assess and extract evidence from insecure local storage in Android and iOS apps. It covers SharedPreferences, SQLite databases, plist files, world-readable files, backup exposure, and weak keychain/keystore handling for mobile pentesting and Security Audit workflows.

exploiting-idor-vulnerabilities helps authorized security audits test Insecure Direct Object Reference flaws across APIs, web apps, and multi-tenant systems with cross-session checks, object mapping, and read/write verification.

The exploiting-server-side-request-forgery skill helps assess SSRF-prone features in authorized web targets, including URL fetchers, webhooks, preview tools, and cloud metadata access. It provides a guided workflow for detection, bypass testing, internal service probing, and Security Audit validation.

The exploiting-race-condition-vulnerabilities skill helps security auditors test web apps for TOCTOU flaws, duplicate transactions, and limit bypasses using Turbo Intruder-style concurrent requests. It includes install, workflow, and usage guidance for authorized assessments.

The exploiting-nopac-cve-2021-42278-42287 skill is a practical guide for assessing the noPac chain (CVE-2021-42278 and CVE-2021-42287) in Active Directory. It helps authorized red teamers and Security Audit users check prerequisites, review workflow files, and document exploitability with less guesswork.

The exploiting-constrained-delegation-abuse skill guides authorized Active Directory testing of Kerberos constrained delegation abuse. It covers enumeration, S4U2self and S4U2proxy ticket requests, and practical paths to lateral movement or privilege escalation. Use it when you need a repeatable guide for penetration testing, not a generic Kerberos overview.