santosomar/pt-maintaining-access
skills/pt-maintaining-access/SKILL.md
Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.
$ install --global
skillsauthnpx skillsauth add santosomar/ethical-hacking-agent-skills pt-maintaining-accessInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 6:19 PM68.9s1 file scanned
SKILL.md
- name:
- pt-maintaining-access
- description:
- Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.
Pen Test Maintaining Access
Authorized Use Only
Persistence simulation requires explicit approval. Prefer temporary, reversible techniques and remove all artifacts during cleanup. Never leave backdoors, accounts, or scheduled tasks in place after testing.
Objectives
- Determine whether access can survive control changes and reboots.
- Assess lateral movement opportunities from compromised context.
- Measure detection and response effectiveness.
Workflow
- Confirm persistence permissions:
- Allowed mechanisms
- Maximum dwell time
- Mandatory cleanup expectations
- Simulate persistence safely:
- Use low-risk, reversible methods appropriate to target class
- Validate whether persistence survives expected environmental changes
- Evaluate lateral movement opportunities:
- Trust relationships, token reuse, shared credentials, weak segmentation
- Keep movement minimal and auditable
- Test detection/response:
- Document whether controls trigger and how quickly teams react
- Capture gaps in telemetry and containment
- Cleanup and verify:
- Remove all test artifacts
- Recheck system state to confirm rollback
Output Template
# Maintaining Access Output
## Persistence Simulation
- Technique class:
- Target:
- Result:
- Reversibility check:
## Lateral Movement Assessment
- Starting context:
- Reachable systems:
- Constraints encountered:
## Detection and Response
- Alerts triggered:
- Time to detect:
- Time to contain:
- Gaps observed:
## Cleanup Verification
- Artifacts removed:
- Validation method:
Quality Checks
- All persistence actions were pre-approved and reversible.
- Evidence includes timeline from initial foothold to cleanup.
- Detection gaps are mapped to concrete control improvements.
Related Skills
santosomar/pt-web-application-assessment
development
VerifiedTrustedCommunity
Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-scanning
testing
VerifiedTrustedCommunity
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-report-creation
testing
VerifiedTrustedCommunity
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-post-exploitation
testing
VerifiedTrustedCommunity
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
12SKILL.mdUpdated Apr 25, 2026