{
  "id": "page:docs-reference-repos-ljagiello-ctf-skills-research",
  "_kind": "Page",
  "_file": "wiki/docs/reference-repos/ljagiello/ctf-skills/research.md",
  "_cluster": "wiki",
  "attributes": {
    "nodeKind": "Page",
    "sourcePath": "docs/reference-repos/ljagiello/ctf-skills/research.md",
    "sourceKind": "repo-docs",
    "title": "ljagiello/ctf-skills",
    "displayName": "ljagiello/ctf-skills",
    "slug": "docs/reference-repos/ljagiello/ctf-skills/research",
    "articlePath": "wiki/docs/reference-repos/ljagiello/ctf-skills/research.md",
    "article": "\n# ljagiello/ctf-skills\n\n## Metadata\n- **Stars**: 1,332\n- **Description**: Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more\n- **License**: MIT\n- **Last pushed**: 2026-04-10 (very active)\n- **Topics**: agent-skills, claude-code, claude-code-skills, codex, codex-cli, ctf, gemini, gemini-cli, opencode, security\n- **Fork**: No\n\n## Classification\n- **Archetype**: mega-skill-pack\n- **Domain**: Security / CTF challenges\n\n## Structure\n- 9 category directories, each with SKILL.md + reference files:\n  - `ctf-web/` (16 files) -- SQL injection, XSS, SSTI, SSRF, JWT, prototype pollution, etc.\n  - `ctf-pwn/` (15 files) -- buffer overflow, ROP, heap exploitation, kernel exploitation\n  - `ctf-crypto/` (13 files) -- RSA, AES, ECC, PRNG, lattice attacks\n  - `ctf-reverse/` (14 files) -- binary analysis, custom VMs, WASM, anti-debug, Frida\n  - `ctf-forensics/` (13 files) -- disk/memory forensics, steganography, network captures\n  - `ctf-osint/` (3 files) -- geolocation, social media, DNS recon\n  - `ctf-malware/` (3 files) -- obfuscated scripts, C2 traffic, PE analysis\n  - `ctf-misc/` (11 files) -- pyjails, encodings, RF/SDR, Docker escape\n  - `ctf-writeup/` -- writeup generation\n- `solve-challenge/` -- orchestrator skill that delegates to category skills\n- `scripts/install_ctf_tools.sh` -- tool installer\n- `tests/` -- test infrastructure\n- Install via: `npx skills add ljagiello/ctf-skills`\n\n## Key Observations\n- Extraordinarily comprehensive security knowledge base\n- Each category SKILL.md is a massive reference document with techniques, tools, and patterns\n- The `solve-challenge` orchestrator is a process-like pattern: analyze challenge -> classify -> delegate to specialist\n- Multi-harness support (Claude Code, Codex, Gemini, OpenCode)\n- The sheer depth of ctf-web (covering hundreds of specific attack patterns) is remarkable\n- MIT license -- permissive for reuse\n\n## Extractable Value\n\n### Processes\n- **CTF challenge solving orchestration** -- placement: `specializations/security/ctf-solver.js`\n  - Challenge analysis and classification\n  - Tool setup verification\n  - Category-specific solving strategies\n  - Writeup generation\n  - Maps well to babysitter's task/breakpoint model (human approval at exploit steps)\n- **Security audit workflow** -- placement: `specializations/security/web-security-audit.js`\n  - Systematic web vulnerability scanning using the ctf-web knowledge\n  - Covers: SQLi, XSS, SSTI, SSRF, JWT, prototype pollution, deserialization\n  - Breakpoints for exploitation confirmation\n- **Binary analysis workflow** -- placement: `specializations/security/binary-analysis.js`\n  - Reverse engineering pipeline\n  - Anti-debug/anti-VM detection and bypass\n  - Symbolic execution integration (angr, Triton)\n\n### Plugin Ideas\n- **ctf-toolkit plugin** -- babysitter marketplace plugin\n  - install.md: run scripts/install_ctf_tools.sh, configure tool paths\n  - Skills: challenge solver orchestration, per-category solving skills\n  - Reference knowledge bundled as compressed context\n- **security-audit plugin** -- more general-purpose\n  - Web application security testing\n  - Binary analysis toolchain integration\n  - Forensics toolkit\n\n## Library Mapping\n\n| Extractable Process | Library Status | Action | Existing Path | Target Placement |\n|-------------------|----------------|--------|---------------|------------------|\n| CTF Challenge Solving Orchestration | NEW | Challenge analysis, classification, delegation to specialists, and writeup generation | - | specializations/security-compliance/ctf-challenge-solving.js |\n| Web Security Audit Workflow | NEW | Systematic web vulnerability scanning with SQLi, XSS, SSTI, SSRF coverage | - | specializations/security-compliance/web-security-audit.js |\n| Binary Analysis Workflow | NEW | Reverse engineering pipeline with anti-debug detection and symbolic execution | - | specializations/security-compliance/binary-analysis.js |\n| Forensics Investigation Process | NEW | Disk/memory forensics, steganography, and network capture analysis workflow | - | specializations/security-compliance/forensics-investigation.js |\n| Cryptographic Attack Methodology | NEW | RSA, AES, ECC attack patterns with lattice and PRNG analysis | - | specializations/security-compliance/cryptographic-attack-methodology.js |\n| OSINT Investigation Process | NEW | Geolocation, social media, and DNS reconnaissance methodology | - | specializations/security-compliance/osint-investigation.js |\n\n## Plugin Marketplace Mapping\n\n| Plugin Idea | Marketplace Status | Action | Existing Plugin | Target Placement |\n|-------------|-------------------|--------|-----------------|------------------|\n| CTF Security Toolkit | NEW | Comprehensive CTF toolchain with challenge solving orchestration | - | plugins/a5c/marketplace/plugins/ctf-security-toolkit/ |\n| Binary Analysis Suite | UPGRADE | Enhanced binary analysis with reverse engineering and symbolic execution tools | basic-security | plugins/a5c/marketplace/plugins/binary-analysis-suite/ |\n\n### SKIP\n- Individual technique encyclopedias (these are reference knowledge, not processes)\n- Tool installation scripts (environment setup, not orchestration)\n",
    "documents": []
  },
  "outgoingEdges": [],
  "incomingEdges": [
    {
      "from": "page:docs-reference-repos",
      "to": "page:docs-reference-repos-ljagiello-ctf-skills-research",
      "kind": "contains_page"
    }
  ]
}