Agent Skillszhaoxuya520/reverse-skill › competition-reverse-pwn

competition-reverse-pwn

GitHub

CTF沙箱逆向与Pwn专项技能,用于二进制分析、恶意软件解包、内存转储/PCAP检查、崩溃调试及漏洞利用链构建。需在沙箱环境建立后调用,涵盖逆向取证、原生执行路径分析及缓解机制映射。

CTF-Sandbox-Orchestrator/competition-reverse-pwn/SKILL.md zhaoxuya520/reverse-skill

触发场景

用户请求逆向二进制文件 需要解包恶意软件样本 检查内存转储或PCAP文件 恢复恶意软件行为 调试程序崩溃 构建或验证漏洞利用链

安装

npx skills add zhaoxuya520/reverse-skill --skill competition-reverse-pwn -g -y
更多选项

非标准路径

npx skills add https://github.com/zhaoxuya520/reverse-skill/tree/main/CTF-Sandbox-Orchestrator/competition-reverse-pwn -g -y

不安装直接使用

npx skills use zhaoxuya520/reverse-skill@competition-reverse-pwn

指定 Agent (Claude Code)

npx skills add zhaoxuya520/reverse-skill --skill competition-reverse-pwn -a claude-code -g -y

安装 repo 全部 skill

npx skills add zhaoxuya520/reverse-skill --all -g -y

预览 repo 内 skill

npx skills add zhaoxuya520/reverse-skill --list

SKILL.md

Frontmatter
{
    "name": "competition-reverse-pwn",
    "description": "Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for reverse engineering, malware, DFIR, firmware, pwnable, and native exploit challenges. Use when the user asks to reverse a binary, unpack a sample, inspect a memory dump or PCAP, recover malware behavior, debug a crash, or build or verify an exploit chain under sandbox assumptions. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here."
}

Competition Reverse Pwn

Use this skill only as a downstream specialization after $ctf-sandbox-orchestrator is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to $ctf-sandbox-orchestrator first.

Use this skill for binary-heavy challenges where the decisive path runs through artifacts, decoded layers, process behavior, crash state, or exploit primitives.

Reply in Simplified Chinese unless the user explicitly requests English.

Quick Start

  1. Preserve the original artifact before unpacking, patching, or instrumenting.
  2. Start with passive triage: type, headers, sections, imports, strings, entropy, resources.
  3. Decide whether the path is reverse-first, DFIR-first, or exploit-first.
  4. Tie every claim to an observable boundary: decode edge, persistence edge, crash edge, or leak edge.
  5. Reproduce the artifact or primitive from a clean baseline.

Workflow

1. Reverse Or Forensic Triage

  • Separate loader, payload, config, and post-decode behavior.
  • Correlate files, memory, logs, registry, services, tasks, IPC, and PCAPs as one graph.
  • Keep decoded or dumped artifacts separate from the pristine sample.

2. Native And Exploit Path

  • Map mitigations, loader behavior, libc or runtime, syscall and IPC surfaces, and protocol framing.
  • Record the primitive, controllable bytes, leak source, target object, and final artifact separately.
  • Compare host, libc, loader, and framing differences before doubting the primitive.

Read This Reference

  • Load references/reverse-pwn.md for triage order, exploit evidence expectations, and common failure modes.
  • If the task is specifically about staged payload boundaries, config blobs, beacon parameters, or decoded IOC fields, prefer $competition-malware-config.
  • If the task is specifically about firmware partitions, boot chains, extracted filesystems, or update-package trust boundaries, prefer $competition-firmware-layout.
  • If the task is specifically about upload parsing, previews, archive extraction, converters, or deserialization chains, prefer $competition-file-parser-chain.
  • If the task is specifically about source maps, emitted bundles, chunk registries, or reconstructing hidden runtime structure from served frontend assets, prefer $competition-bundle-sourcemap-recovery.
  • If the task is specifically about container-to-host boundary crossing, kernel exploit preconditions, namespace or cgroup crossover, or escape primitive verification, prefer $competition-kernel-container-escape.
  • If the task is specifically about reconstructing protocols, streams, or transferred artifacts from packet captures, prefer $competition-pcap-protocol.
  • If the task is specifically about a custom binary or text protocol where replay state, message order, or checksum logic is the real blocker, prefer $competition-custom-protocol-replay.
  • If the task is specifically about reconstructing chronology across EVTX, PCAP, registry, mail, or disk artifacts, prefer $competition-forensic-timeline.

What To Preserve

  • Offsets, hashes, section names, imports, config blobs, mutexes, registry keys
  • Crash offsets, registers, heap or stack shape, leak addresses, and protocol steps
  • Original, decoded, dumped, and instrumented artifacts as separate files

版本历史

  • 1bec1f2 当前 2026-07-05 18:45

同 Skill 集合

CTF-Sandbox-Orchestrator/competition-crypto-mobile/SKILL.md
CTF-Sandbox-Orchestrator/competition-stego-media/SKILL.md
CTF-Sandbox-Orchestrator/competition-web-runtime/SKILL.md
CTF-Sandbox-Orchestrator/ctf-sandbox-orchestrator/SKILL.md
skills/apk-reverse/SKILL.md
skills/binary-diff/SKILL.md
skills/browser-automation/SKILL.md
skills/docs-generator/SKILL.md
skills/dotnet-reverse/SKILL.md
skills/firmware-pentest/SKILL.md
skills/js-reverse/SKILL.md
skills/patch-diff-exploit/SKILL.md
skills/pentest-tools/SKILL.md
skills/pentest-tools/src-hunter/SKILL.md
skills/pwn-chain/SKILL.md
skills/radare2/SKILL.md
CTF-Sandbox-Orchestrator/competition-ad-certificate-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-agent-cloud/SKILL.md
CTF-Sandbox-Orchestrator/competition-android-hooking/SKILL.md
CTF-Sandbox-Orchestrator/competition-browser-persistence/SKILL.md
CTF-Sandbox-Orchestrator/competition-bundle-sourcemap-recovery/SKILL.md
CTF-Sandbox-Orchestrator/competition-cloud-metadata-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-container-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-custom-protocol-replay/SKILL.md
CTF-Sandbox-Orchestrator/competition-dpapi-credential-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-file-parser-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-firmware-layout/SKILL.md
CTF-Sandbox-Orchestrator/competition-forensic-timeline/SKILL.md
CTF-Sandbox-Orchestrator/competition-graphql-rpc-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-identity-windows/SKILL.md
CTF-Sandbox-Orchestrator/competition-ios-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-jwt-claim-confusion/SKILL.md
CTF-Sandbox-Orchestrator/competition-k8s-control-plane/SKILL.md
CTF-Sandbox-Orchestrator/competition-kerberos-delegation/SKILL.md
CTF-Sandbox-Orchestrator/competition-kernel-container-escape/SKILL.md
CTF-Sandbox-Orchestrator/competition-linux-credential-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-lsass-ticket-material/SKILL.md
CTF-Sandbox-Orchestrator/competition-mailbox-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-malware-config/SKILL.md
CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-pcap-protocol/SKILL.md
CTF-Sandbox-Orchestrator/competition-prompt-injection/SKILL.md
CTF-Sandbox-Orchestrator/competition-queue-worker-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-race-condition-state-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-relay-coercion-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-request-normalization-smuggling/SKILL.md
CTF-Sandbox-Orchestrator/competition-runtime-routing/SKILL.md
CTF-Sandbox-Orchestrator/competition-ssrf-metadata-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-supply-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-template-render-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-websocket-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-windows-pivot/SKILL.md
skills/diagram-generator/SKILL.md
skills/edr-bypass-re/SKILL.md
skills/ida-reverse/SKILL.md
skills/reverse-engineering/SKILL.md

元信息

文件数
0
版本
1bec1f2
Hash
c8f62272
收录时间
2026-07-05 18:45

首页 - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-13 23:13
浙ICP备14020137号-1 $访客地图$