ReddRadar
Topic: ctf
96 skills in this topic.
-
xss-dom
Guide DOM-based XSS exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
xxe
Guide XML External Entity (XXE) injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
<skill-name>
<What this skill does in 2-3 sentences. Focus on technique scope and when to use it. No trigger phrases, negative conditions, or OPSEC details here.>
blacklanternsecurity/red-run 126
-
acl-abuse
Exploits misconfigured Active Directory ACLs for privilege escalation. Covers GenericAll, GenericWrite, WriteDACL, WriteOwner, ForceChangePassword, targeted Kerberoasting via SPN manipulation, shadow credentials (msDS-KeyCredentialLink → PKINIT), and AdminSDHolder persistence.
blacklanternsecurity/red-run 126
-
red-run-legacy
Legacy subagent-based orchestrator. Superseded by /red-run-ctf (agent teams). Use /red-run-legacy to invoke manually. Does not auto-trigger.
blacklanternsecurity/red-run 126
-
av-edr-evasion
Bypass antivirus and EDR detection for payload delivery during exploitation. Covers custom payload compilation (mingw C, Go), AMSI bypass, shellcode alternatives, and ETW patching. Route here when an agent reports a payload was quarantined, blocked, or detected by endpoint protection.
blacklanternsecurity/red-run 126
-
red-run-ctf
Multi-phase penetration test orchestrator. Handles recon, assessment surface mapping, vulnerability chaining, and routes to technique skills for execution. Invoke via /red-run-ctf slash command only.
blacklanternsecurity/red-run 126
-
trust-attacks
Enumerates Active Directory trust relationships and exploits them for cross-domain and cross-forest privilege escalation. Covers trust enumeration (nltest, PowerView, BloodHound), SID history injection (child domain to forest root via golden/diamond ticket with extra SIDs), inter-realm TGT forging using trust keys, TGT delegation coercion capture (Rubeus monitor + SpoolSample/DFSCoerce across forest trusts with ENABLE_TGT_DELEGATION), cross-forest trust abuse (SID filtering bypass, RBCD, Kerberoasting via trust account), and PAM trust exploitation (shadow principals in bastion forests).
blacklanternsecurity/red-run 126
-
python-code-injection
Exploit Python eval(), exec(), and compile() injection in web applications. Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct Python code evaluation of user input.
blacklanternsecurity/red-run 126
-
php-code-injection
Exploit PHP code evaluation injection via eval(), assert(), preg_replace /e, create_function(), call_user_func(), usort() callbacks, and runtime function creation (runkit, uopz). Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct PHP code evaluation of user input.
blacklanternsecurity/red-run 126
-
sql-injection-stacked
Guide stacked query SQL injection and second-order injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
password-reset-poisoning
Exploit password reset vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
xss-reflected
Guide reflected XSS exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
sql-injection-error
Guide error-based SQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
xmpp-enumeration
XMPP/Jabber service enumeration for Openfire, ejabberd, Prosody, and other XMPP servers. Trigger when ports 5222 (client), 5223 (legacy TLS), or 5269 (server-to-server) are found open. Covers authentication testing, user enumeration, MUC room discovery, and server fingerprinting. Do NOT use for AD enumeration or credential spraying — route those to the appropriate skills.
blacklanternsecurity/red-run 126
-
jwt-attacks
Exploit JWT (JSON Web Token) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
idor
Exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
web-discovery
Discover web application injection points and route to the correct exploitation skill during authorized penetration testing.
blacklanternsecurity/red-run 126
-
command-injection
Guide OS command injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
browser-exploitation
Exploit browser-based attack surfaces: malicious extension crafting for bot interaction scenarios, Chrome DevTools Protocol abuse on exposed debug ports, and browser profile/cache data extraction from compromised hosts.
blacklanternsecurity/red-run 126
-
container-escapes
Container escape, Docker breakout, and Kubernetes exploitation.
blacklanternsecurity/red-run 126
-
database-enumeration
Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
-
infrastructure-enumeration
Enumeration of infrastructure services: DNS, SMTP, SNMP, IPMI, NFS, TFTP, RPC/MSRPC, and HTTP/HTTPS surface detection. Checks zone transfers, open relays, default community strings, cipher zero, NFS exports, and web technology fingerprinting. Use after network-recon identifies infrastructure ports.
blacklanternsecurity/red-run 126
-
smb-exploitation
Exploit remote SMB vulnerabilities for unauthenticated code execution on Windows hosts.
blacklanternsecurity/red-run 126