santosomar/pt-post-exploitation
skills/pt-post-exploitation/SKILL.md
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
$ install --global
skillsauthnpx skillsauth add santosomar/ethical-hacking-agent-skills pt-post-exploitationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 6:19 PM23.0s1 file scanned
SKILL.md
- name:
- pt-post-exploitation
- description:
- Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
Post-Exploitation
Authorized Use Only
Run post-exploitation tasks only after explicit approval for this phase. Keep actions controlled, reversible, and auditable. Avoid destructive changes and unnecessary access to sensitive data.
Objectives
- Measure realistic impact after initial access.
- Evaluate privilege escalation and lateral movement opportunities.
- Identify credential and data exposure paths.
- Assess logging, detection, and response effectiveness.
Workflow
- Confirm phase boundaries:
- Allowed techniques, prohibited actions, and stop conditions
- Approved systems, accounts, and time windows
- Stabilize foothold context:
- Document current privileges and reachable assets
- Capture baseline telemetry and controls in place
- Conduct controlled post-exploitation checks:
- Privilege escalation feasibility
- Credential access and reuse opportunities
- Lateral movement paths through trust relationships
- Data access paths tied to business impact
- Evaluate defense visibility:
- Which actions generated alerts
- How quickly detection and containment occurred
- Cleanup and rollback:
- Remove all artifacts created during testing
- Verify environment returns to expected state
Output Template
# Post-Exploitation Output
## Initial Context
- Entry point:
- Starting privilege:
- Scope constraints:
## Escalation and Movement Findings
- Finding:
- Preconditions:
- Evidence:
- Result:
- Impact:
## Credential and Data Exposure
- Exposure path:
- Affected assets/data:
- Business risk:
## Detection and Response
- Alerts observed:
- Time to detect:
- Time to contain:
- Gaps:
## Cleanup Verification
- Artifacts removed:
- Validation notes:
Quality Checks
- Every action is within approved boundaries.
- Evidence supports reproducibility without sensitive data leakage.
- Findings map clearly from technical path to business consequence.
Related Skills
santosomar/pt-web-application-assessment
development
VerifiedTrustedCommunity
Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-scanning
testing
VerifiedTrustedCommunity
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-report-creation
testing
VerifiedTrustedCommunity
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-planning-recon
development
VerifiedTrustedCommunity
Defines penetration test scope and performs authorized reconnaissance using passive and active methods. Use when planning a test engagement, collecting target intelligence, building asset inventories, or preparing recon findings.
12SKILL.mdUpdated Apr 25, 2026