securing-systems

Solid

Security engineering router for authorized assessments and defensive engineering. Covers penetration testing, code auditing, red/blue/purple team operations, threat intelligence, and vulnerability research. For specialized application security, cloud security, detection engineering, or security architecture, route to dedicated skills (defending-applications, securing-cloud-and-supply-chain, detecting-and-responding, architecting-security).

AI & Automation 228 stars 30 forks Updated today MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%
79
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
86
Issue Health 10%
80
License 10%
100
Description 5%
100

Skill Content

# 攻防秘典 > **安全工程总路由**:通用攻防视角与红队 / 蓝队 / 紫队基础知识。 > 专域工作(应用安全防御、云原生加固、检测工程、安全架构)走专门 skill。 > 信级:项目文件 > 标准库 > 训练记忆(标 `[unverified]`) ## 路由 ### 攻防基础(本 skill 内) | 意图 | 秘典 | 核心 | |------|------|------| | 渗透测试 | [pentest](references/pentest.md) | Web/API/内网、OWASP、BOLA、JWT、GraphQL | | 代码审计 | [code-audit](references/code-audit.md) | 危险函数、污点追踪、Source→Sink | | 红队攻击 | [red-team](references/red-team.md) | PoC、C2、横移、免杀、供应链 | | 蓝队防御 | [blue-team](references/blue-team.md) | 检测、SOC、IR、取证、密钥轮换 | | 威胁情报 | [threat-intel](references/threat-intel.md) | OSINT、威胁狩猎、ATT&CK 建模 | | 漏洞研究 | [vuln-research](references/vuln-research.md) | 逆向、Exploit、Fuzzing、PWN | ### 专域路由(其他 skill) | 意图 | 走 skill | 适用 | |------|---------|------| | 应用层防御(XSS / SQLi / OAuth / LLM AppSec) | [defending-applications](../defending-applications/SKILL.md) | 写代码 / 修 CVE / 鉴权设计 | | 云原生 + 供应链加固 | [securing-cloud-and-supply-chain](../securing-cloud-and-supply-chain/SKILL.md) | K8s / CI/CD / SLSA / 云 IAM | | 检测工程 + 蓝紫队 | [detecting-and-responding](../detecting-and-responding/SKILL.md) | Sigma / EDR / IR / 威胁狩猎 | | 安全架构 + 合规 + 身份 | [architecting-security](../architecting-security/SKILL.md) | 威胁建模 / 零信任 / SOC2/PCI | ## 执行链 ``` 攻:侦察 → 武器化 → 投递 → 利用 → 安装 → C2 → 行动 守:预防 → 检测 → 响应 → 恢复 紫队:ATT&CK → 红攻 → 蓝检 → 缺口 → 闭环 ``` ## 输出约束 - 安全测试代码输出须标注使用场景(Security Testing / Defense Validation / Security Research) - 涉及真实 IP / 域名时使用 RFC 5737 保留地址(`192.0.2.0/24`、`198.51.100.0/24`)或 `example.com` - 凭证、密钥、Token 一律使用占位符(`<REDACTED>`、`<TARGET-TOKEN>`)...

Details

Author
telagod
Repository
telagod/code-abyss
Created
4 months ago
Last Updated
today
Language
JavaScript
License
MIT

Integrates with

GraphQL · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

detecting-and-responding

蓝队与紫队工程:检测规则编写、SIEM/EDR 调优、事件响应、数字取证、威胁狩猎、ATT&CK 映射、紫队演练闭环。Use when writing Sigma/YARA detection rules, tuning SIEM noise, responding to security incidents, conducting forensic analysis, hunting threats, or running purple team exercises.

228 Updated today
telagod
AI & Automation Featured

security

攻防秘典索引。渗透测试、代码审计、红队攻击、蓝队防御、威胁情报、漏洞研究。安全研究全授权,零废话直出技术细节+PoC。当魔尊提到安全、渗透、攻防、红队、蓝队、漏洞时路由到此。

5,522 Updated 2 days ago
fengshao1227
AI & Automation Solid

defending-applications

Application security defense knowledge for builders, not pentesters. Covers Web/API/GraphQL hardening (XSS/SQLi/SSRF/IDOR/BOLA/Mass Assignment/deserialization/upload/path traversal), authentication/authorization (OAuth 2.0/OIDC/JWT/Session/Cookie/SAML/SSO), and LLM application security (prompt injection, jailbreak, RAG poisoning, agent privilege escalation, output filtering). Use when designing or reviewing application-layer defenses, fixing CVE-class bugs in your own code, hardening auth flows, or threat-modeling LLM-powered features. Do NOT use for offensive testing (see securing-systems/pentest), incident response (see securing-systems/blue-team), or infra-layer hardening (see provisioning-infrastructure).

228 Updated today
telagod