Security Research Meta-Methodology

What it does

Provides a systematic thinking framework for security researchers and penetration testers. The skill encodes a four-level cognitive pyramid (L1: attack surface identification → L4: defense reversal) and domain-specific methodologies for web injection, deserialization, binary exploitation, domain penetration, code auditing, reverse engineering, fuzzing, privilege escalation, and red team/CTF scenarios.

When to use it

• Conducting vulnerability research and need a structured thinking framework
• Analysing attack paths for specific vulnerability classes (web injection, deserialization, binary, domain pentest)
• Planning WAF/EDR/sandbox bypass strategies
• Performing source-sink code auditing
• Planning full attack chains for red team engagements
• Solving CTF challenges requiring rapid methodology selection
• Reverse engineering malware

What's included

• Instructions: Four-level security thinking pyramid (L1–L4), universal decision loop, cross-domain vulnerability formulas, quick-navigation table to reference methodology modules (web-injection, deserialization, binary-exploitation, domain-pentest, code-audit, reverse-engineering, fuzzing, privilege-bypass, redteam-ctf, case-index), and domain-specific core insights (web, deserialization, binary, domain, reverse, red team)

Compatible agents

Claude Code, Cursor, Copilot, Codex, Gemini CLI, Goose — any agent capable of reading and applying markdown-based procedural knowledge during security research tasks.