vulnerability▌

Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This skill covers both database object references and static file references, detection techniques using parameter manipulation and enumeration, exploitation via Burp Suite, and remediation strategies for securing applications against unauthorized access.

Detects 11 Algorand-specific smart contract vulnerabilities including rekeying attacks, unchecked transaction fields, and access control issues. \n \n Scans TEAL and PyTeal files for critical patterns like missing RekeyTo validation, unchecked CloseRemainderTo/AssetCloseTo fields, and group transaction manipulation \n Integrates with Tealer (Trail of Bits static analyzer) for automated detection and provides manual vulnerability sweep workflows \n Covers stateful applications and smart signature

Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.

Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based HMIs, thin-client configurations, authentication mechanisms, and communication channels between HMI and PLCs, aligned with IEC 62443 and NIST SP 800-82 guidelines.

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services, and protocol handlers through user-controllable URL parameters. Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP, URL scheme bypass techniques, and DNS rebinding detection.

Scans Substrate pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, and bad origin checks. \n \n Detects arithmetic overflow, panics, incorrect weights, verify-first violations, unsigned transaction validation issues, bad randomness, and bad origin patterns across FRAME pallets \n Includes platform detection for Substrate/FRAME projects, scanning workflow with step-by-step guidance, and severity prioritization (critical, high, medium) \n Provides fuzz testing, benchm

Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This skill covers both database object references and static file references, detection techniques using parameter manipulation and enumeration, exploitation via Burp Suite, and remediation strategies for securing applications against unauthorized access.

Systematically identify security vulnerabilities in applications, dependencies, and infrastructure using automated scanning tools and manual security assessments.

Think like an attacker, defend like an expert. 2025 threat landscape awareness.

Advanced vulnerability analysis aligned with OWASP 2025, supply chain threats, and risk prioritization frameworks. \n \n Covers OWASP Top 10:2025 including new categories for supply chain security (A03) and exceptional conditions (A10), with threat modeling questions and attack vector mapping \n Provides attack surface mapping methodology, CVSS/EPSS-based risk prioritization, and a four-phase scanning approach (reconnaissance, discovery, analysis, reporting) \n Includes code pattern analysis for