aeondave/beginner-ctf
offensive-ctf/beginner-ctf/SKILL.md
Beginner-friendly challenge-solving entrypoint for users who do not know which CTF category or skill to use. Use when the prompt contains a vague challenge description, unknown artifact, URL, service, source bundle, binary, PCAP, image, model, smart contract, hardware trace, or the user asks what to do first. Explains category choice in plain language, chooses the smallest next 1-3 actions, and then hands off to the correct dedicated ctf-solving skill.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill beginner-ctfInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 3:48 AM140.7s2 files scanned
SKILL.md
- name:
- beginner-ctf
- description:
- Beginner-friendly challenge-solving entrypoint for users who do not know which CTF category or skill to use. Use when the prompt contains a vague challenge description, unknown artifact, URL, service, source bundle, binary, PCAP, image, model, smart contract, hardware trace, or the user asks what to do first. Explains category choice in plain language, chooses the smallest next 1-3 actions, and then hands off to the correct dedicated ctf-solving skill.
- license:
- MIT
- compatibility:
- AgentSkills-compatible agents; local challenge artifacts; authorized training and lab environments.
- author:
- AeonDave
- version:
- 1.0
- category:
- ctf-solving
Beginner CTF
Help a beginner get unstuck without forcing them to know the right category, jargon, or tool chain first.
When this skill applies
- The user has a challenge bundle, URL, service, attachment, binary, PCAP, image, model, smart contract, firmware, hardware trace, or only a vague prompt and does not know where to begin.
- The user asks for the first step, category identification, simple explanation, or a minimal plan.
- The task is still in triage; once the dominant category is clear, hand off to the dedicated skill.
Operating model
- Identify what the user provided: file, URL, host/port, source code, binary, network capture, media, model, contract, hardware trace, or text clue.
- Explain the likely category in one plain-language sentence.
- Pick one primary
ctf-solving/*-ctfskill and at most one backup pivot. - Give only the next 1-3 actions, each with what it is checking and what result would prove progress.
- Avoid tool spam. Use the smallest safe inspection before scanners, brute force, fuzzing, exploitation, or writes.
- Once evidence points to a category, switch to that dedicated skill for deep work.
Category handoff map
- Unknown or mixed bundle:
solve-challenge-ctf. - Web app, API, auth, browser, upload, SSRF, SQLi, XSS, SSTI, deserialization:
web-ctf. - Solidity, EVM, ABI, RPC, smart contract, transaction trace, on-chain state:
blockchain-ctf. - Binary exploitation, remote native service, memory corruption, heap, ROP, shellcode:
pwn-ctf. - Reverse engineering, validation binary, bytecode, custom VM, obfuscation, firmware logic:
reverse-ctf. - Crypto, ciphertext, key material, oracle, signature, PRNG, RSA/ECC/lattice:
crypto-ctf. - Disk, memory, PCAP, stego, archive, image/audio/video hidden data:
forensics-ctf. - ICS, SCADA, PLC/HMI/RTU, Modbus, DNP3, BACnet, S7comm, OPC UA, MQTT, process state:
ics-ctf. - Hardware, UART/I2C/SPI/CAN/JTAG/SWD, RF/SDR, firmware dump, logic analyzer, side-channel, CAD/G-code:
hardware-ctf. - AI/ML model, checkpoint, embedding, classifier, LLM app, prompt injection, model extraction:
ai-ml-ctf. - Malware sample, C2 protocol, packed PE/.NET/ELF, shellcode, config extraction:
malware-ctf. - OSINT, usernames, domains, geolocation, social/media clues, public records:
osint-ctf. - Encodings, jails, esolangs, games, DNS oddities, RF puzzle layer, Linux privesc puzzle:
misc-ctf. - Final explanation or reproducible report:
writeup-ctf.
Beginner-friendly output
Use this shape while triaging:
- What this looks like: category guess in simple words.
- Why: 1-3 evidence bullets from the artifact or prompt.
- Do next: 1-3 concrete actions, each with the expected signal.
- If that fails: the next likely pivot skill.
- Plain term: define one important term if the user may not know it.
Guardrails
- Do not overwhelm the user with a full tool list before the category is known.
- Do not assume a challenge category from the label alone; verify from artifact evidence.
- Do not brute force, scan aggressively, fuzz, or exploit before representation and success oracle are known.
- Keep explanations short, concrete, and friendly; beginners need orientation more than jargon.
Resources
references/beginner-flow.md— examples of beginner-friendly triage outputs and category decision cues.
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026