MCP App StoreMCP App Store
from aboutsecurity1,200
Practical reverse-engineering techniques for CTFs: static & dynamic analysis, anti-debug bypasses, custom VM handling, and multi-platform tooling.
Provides a structured playbook for reverse-engineering challenges commonly seen in CTFs and pentesting: file identification, static decompilation (Ghidra/IDA), dynamic debugging (GDB/Frida), symbolic execution (angr), and anti-debug/anti-analysis bypass techniques. Includes references for platform-specific workflows (WASM/.NET/APK), common patterns (custom VM, obfuscation), and quick command snippets to get started.
Use this skill when you receive an unknown binary or challenge that requires analysis of algorithm logic, cracking client-side checks, or unpacking obfuscated code across multiple platforms (ELF/PE/Mach-O/APK/WASM/.NET). Ideal for CTF competitors, reverse engineers, and red-teamers tackling validation checks, license bypasses, or extraction tasks.
Likely useful to agents with code-analysis and binary tooling support (agents that can run shell commands, GDB, or integrate with Frida/angr).
CTF reverse engineering reference skill with a well-structured decision tree and quick-start commands for tools like GDB, Ghidra, and angr. Purely informational — no scripts, no automation. References 18+ sub-documents for deep reading. SKILL.md is written in Chinese, limiting accessibility. Contains shell commands and angr Python snippets as examples only, no executable code paths. No security concerns beyond inherent risk of teaching reverse engineering techniques, which is educational.
Well-organized reference material for CTF reverse engineering. Decision tree is genuinely useful for newcomers. However, it's a knowledge base, not an actionable skill — it doesn't tell an agent what to DO, just what to READ. The Chinese-only language is a significant accessibility barrier. No security issues; reverse engineering content is educational.
Command Injection Methodology
Comprehensive methodology for detecting, exploiting, and bypassing OS command injection, including blind extraction and output-filtering workarounds.
ksubdomain Subdomain Brute
High-speed, stateless subdomain brute-force and verification using ksubdomain; optimized for large-scale discovery and validation where raw-socket performance a
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.
radar — Smart Contract AST & Security Analysis
Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.