Agent Skillszhaoxuya520/reverse-skill › competition-reverse-pwn

competition-reverse-pwn

GitHub

CTF沙箱逆向与Pwn专项技能,用于二进制分析、恶意软件解包、内存转储/PCAP检查、崩溃调试及漏洞利用链构建。需在沙箱环境建立后调用,涵盖逆向取证、原生执行路径分析及缓解机制映射。

CTF-Sandbox-Orchestrator/competition-reverse-pwn/SKILL.md zhaoxuya520/reverse-skill

Trigger Scenarios

用户请求逆向二进制文件 需要解包恶意软件样本 检查内存转储或PCAP文件 恢复恶意软件行为 调试程序崩溃 构建或验证漏洞利用链

Install

npx skills add zhaoxuya520/reverse-skill --skill competition-reverse-pwn -g -y
More Options

Non-standard path

npx skills add https://github.com/zhaoxuya520/reverse-skill/tree/main/CTF-Sandbox-Orchestrator/competition-reverse-pwn -g -y

Use without installing

npx skills use zhaoxuya520/reverse-skill@competition-reverse-pwn

指定 Agent (Claude Code)

npx skills add zhaoxuya520/reverse-skill --skill competition-reverse-pwn -a claude-code -g -y

安装 repo 全部 skill

npx skills add zhaoxuya520/reverse-skill --all -g -y

预览 repo 内 skill

npx skills add zhaoxuya520/reverse-skill --list

SKILL.md

Frontmatter
{
    "name": "competition-reverse-pwn",
    "description": "Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for reverse engineering, malware, DFIR, firmware, pwnable, and native exploit challenges. Use when the user asks to reverse a binary, unpack a sample, inspect a memory dump or PCAP, recover malware behavior, debug a crash, or build or verify an exploit chain under sandbox assumptions. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here."
}

Competition Reverse Pwn

Use this skill only as a downstream specialization after $ctf-sandbox-orchestrator is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to $ctf-sandbox-orchestrator first.

Use this skill for binary-heavy challenges where the decisive path runs through artifacts, decoded layers, process behavior, crash state, or exploit primitives.

Reply in Simplified Chinese unless the user explicitly requests English.

Quick Start

  1. Preserve the original artifact before unpacking, patching, or instrumenting.
  2. Start with passive triage: type, headers, sections, imports, strings, entropy, resources.
  3. Decide whether the path is reverse-first, DFIR-first, or exploit-first.
  4. Tie every claim to an observable boundary: decode edge, persistence edge, crash edge, or leak edge.
  5. Reproduce the artifact or primitive from a clean baseline.

Workflow

1. Reverse Or Forensic Triage

  • Separate loader, payload, config, and post-decode behavior.
  • Correlate files, memory, logs, registry, services, tasks, IPC, and PCAPs as one graph.
  • Keep decoded or dumped artifacts separate from the pristine sample.

2. Native And Exploit Path

  • Map mitigations, loader behavior, libc or runtime, syscall and IPC surfaces, and protocol framing.
  • Record the primitive, controllable bytes, leak source, target object, and final artifact separately.
  • Compare host, libc, loader, and framing differences before doubting the primitive.

Read This Reference

  • Load references/reverse-pwn.md for triage order, exploit evidence expectations, and common failure modes.
  • If the task is specifically about staged payload boundaries, config blobs, beacon parameters, or decoded IOC fields, prefer $competition-malware-config.
  • If the task is specifically about firmware partitions, boot chains, extracted filesystems, or update-package trust boundaries, prefer $competition-firmware-layout.
  • If the task is specifically about upload parsing, previews, archive extraction, converters, or deserialization chains, prefer $competition-file-parser-chain.
  • If the task is specifically about source maps, emitted bundles, chunk registries, or reconstructing hidden runtime structure from served frontend assets, prefer $competition-bundle-sourcemap-recovery.
  • If the task is specifically about container-to-host boundary crossing, kernel exploit preconditions, namespace or cgroup crossover, or escape primitive verification, prefer $competition-kernel-container-escape.
  • If the task is specifically about reconstructing protocols, streams, or transferred artifacts from packet captures, prefer $competition-pcap-protocol.
  • If the task is specifically about a custom binary or text protocol where replay state, message order, or checksum logic is the real blocker, prefer $competition-custom-protocol-replay.
  • If the task is specifically about reconstructing chronology across EVTX, PCAP, registry, mail, or disk artifacts, prefer $competition-forensic-timeline.

What To Preserve

  • Offsets, hashes, section names, imports, config blobs, mutexes, registry keys
  • Crash offsets, registers, heap or stack shape, leak addresses, and protocol steps
  • Original, decoded, dumped, and instrumented artifacts as separate files

Version History

  • 1bec1f2 Current 2026-07-05 18:45

Same Skill Collection

CTF-Sandbox-Orchestrator/competition-crypto-mobile/SKILL.md
CTF-Sandbox-Orchestrator/competition-stego-media/SKILL.md
CTF-Sandbox-Orchestrator/competition-web-runtime/SKILL.md
CTF-Sandbox-Orchestrator/ctf-sandbox-orchestrator/SKILL.md
skills/apk-reverse/SKILL.md
skills/binary-diff/SKILL.md
skills/browser-automation/SKILL.md
skills/docs-generator/SKILL.md
skills/dotnet-reverse/SKILL.md
skills/firmware-pentest/SKILL.md
skills/js-reverse/SKILL.md
skills/patch-diff-exploit/SKILL.md
skills/pentest-tools/SKILL.md
skills/pentest-tools/src-hunter/SKILL.md
skills/pwn-chain/SKILL.md
skills/radare2/SKILL.md
CTF-Sandbox-Orchestrator/competition-ad-certificate-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-agent-cloud/SKILL.md
CTF-Sandbox-Orchestrator/competition-android-hooking/SKILL.md
CTF-Sandbox-Orchestrator/competition-browser-persistence/SKILL.md
CTF-Sandbox-Orchestrator/competition-bundle-sourcemap-recovery/SKILL.md
CTF-Sandbox-Orchestrator/competition-cloud-metadata-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-container-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-custom-protocol-replay/SKILL.md
CTF-Sandbox-Orchestrator/competition-dpapi-credential-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-file-parser-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-firmware-layout/SKILL.md
CTF-Sandbox-Orchestrator/competition-forensic-timeline/SKILL.md
CTF-Sandbox-Orchestrator/competition-graphql-rpc-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-identity-windows/SKILL.md
CTF-Sandbox-Orchestrator/competition-ios-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-jwt-claim-confusion/SKILL.md
CTF-Sandbox-Orchestrator/competition-k8s-control-plane/SKILL.md
CTF-Sandbox-Orchestrator/competition-kerberos-delegation/SKILL.md
CTF-Sandbox-Orchestrator/competition-kernel-container-escape/SKILL.md
CTF-Sandbox-Orchestrator/competition-linux-credential-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-lsass-ticket-material/SKILL.md
CTF-Sandbox-Orchestrator/competition-mailbox-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-malware-config/SKILL.md
CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-pcap-protocol/SKILL.md
CTF-Sandbox-Orchestrator/competition-prompt-injection/SKILL.md
CTF-Sandbox-Orchestrator/competition-queue-worker-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-race-condition-state-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-relay-coercion-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-request-normalization-smuggling/SKILL.md
CTF-Sandbox-Orchestrator/competition-runtime-routing/SKILL.md
CTF-Sandbox-Orchestrator/competition-ssrf-metadata-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-supply-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-template-render-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-websocket-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-windows-pivot/SKILL.md
skills/diagram-generator/SKILL.md
skills/edr-bypass-re/SKILL.md
skills/ida-reverse/SKILL.md
skills/reverse-engineering/SKILL.md

Metadata

Files
0
Version
1bec1f2
Hash
c8f62272
Indexed
2026-07-05 18:45

Главная - Вики-сайт
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-09 05:11
浙ICP备14020137号-1 $Гость$