Skip to content

Skillselionwith God's help

By phase

IdeaResearch & spot demand
ValidateScope & prototype
BuildFrontend, backend, MCP
ShipTest, review, deploy
LaunchDistribution, SEO, ASO
GrowAnalytics & retention
OperateMonitoring & uptime

By type

Skills
Marketplaces
MCP servers
Workflows

Skills Marketplaces MCP Learn Brief

Browse all tools →By phase

Idea Validate Build Ship Launch Grow Operate

Explore

Skills
Marketplaces
MCP
Learn
Brief

This week for builders

Five minutes, every Monday — the tools, releases and tactics for shipping solo.

Email address

unsubscribe anytime.

Skillselion

An independent, curated directory of AI-coding tools for solo builders - skills, MCP servers, marketplaces and workflows for Claude Code, Codex and Cursor, organized by the indie build journey from idea to operate.

ResourcesBrowse Skills Browse MCP Servers Browse Marketplaces Browse Workflows Best-of shortlists Glossary State of AI Skills 2026 Weekly Brief

CommunityAbout Learn Feedback Privacy Policy Terms Cookie Policy Accessibility Cookie settings

Last updated June 10, 2026 · © 2026 Skillselion. Skillselion is an independent project and is not affiliated with Anthropic, OpenAI, Cursor, Claude, Claude Code, or Codex.

Skills/LJAGIELLO/CTF SKILLS

ljagiello/ctf-skills

11 skills · 47.5k installs · 25.7k stars · GitHub

Install

npx skills add https://github.com/ljagiello/ctf-skills

Skills in this repo

1Ctf ReverseCTF Reverse collects competition writeup patterns for defeating unusual anti-analysis in Linux and Windows challenge binaries. It is aimed at builders who already debug native code and want structured narratives for signal-handler tricks, emulator-based trace inversion, stack manipulation without calls, and dynamic dumping of patched child processes. The skill explicitly points to a broader anti-analysis taxonomy for standard anti-debug, anti-VM, and anti-DBI themes, while this file deepens CTF-specific cases such as ConfuserEx module dumping via constructor breakpoints. For a typical indie SaaS founder the value is indirect: learning how protections fail helps you reason about crackmes, malware samples, and why certain client-side “security” ideas do not hold. Expect advanced tooling literacy—Unicorn, Keystone, strace, and debugger workflows—not step-by-step product shipping.checklists.5kinstalls 2Ctf WebCTF Web is an agent skill slice from ljagiello’s CTF skills collection focused on authentication and access-control attacks commonly seen in capture-the-flag web challenges, with emphasis on 2018-era techniques that still teach how real backends fail. Solo builders and security learners use it when an agent needs concrete exploit narratives—hash bucket flooding against C++ credential stores, homograph username collisions, SRP parameter tricks, and NoSQL/AQL merge injection—not vague “check auth” advice. The readme is structured as a table of contents into deep sections and points to sibling files for JWT and OAuth/OIDC/SAML infrastructure attacks, so the skill behaves like procedural CTF memory rather than a production pentest checklist. It fits the Ship phase when you are hardening your own APIs after reading how challengers break similar designs, or when actively solving themed web flags. It is educational and challenge-oriented; ethical use stays within labs, CTFs, and systems you own or have permission to test.4.8kinstalls 3Ctf PwnCTF Pwn (Part 2) is a dense exploit technique library for competition-style binary pwn challenges—not a gentle secure-coding checklist. It walks through modern primitives seen in recent CTFs: self-modifying bytecode validators, io_uring use-after-free with submission queue injection, integer narrowing bugs, garbage-collector null cascades, multi-stage libc leaks via FILE structure abuse, signed char underflows into heap overflows, XOR keystream brute forcing, tcache pointer decryption, forged chunk sizes for unsorted-bin leaks, FSOP stdout redirection, and TLS destructor hijacks for remote code execution. Solo builders rarely need this daily, but indie hackers doing security research, CTF practice, or validating custom native tooling can point an agent at these recipes when a challenge or audit resembles a known archetype. Treat every technique as dangerous: run only in isolated VMs with binaries you own or explicit permission to attack. Advanced complexity throughout; prerequisites assume comfort with gdb, pwntools-style workflows, and ELF internals.4.6kinstalls 4Ctf CryptoCTF Crypto is an advanced agent skill that catalogs mathematical attacks for capture-the-flag cryptography challenges and for understanding how real-world weak designs fail. It is not a gentle introduction to TLS or libsodium; it is a structured attack menu spanning elliptic-curve isogenies and Pohlig-Hellman, baby-step giant-step discrete log, LLL for approximate GCD and Merkle-Hellman knapsacks, multiple Coppersmith variants, quaternion RSA, polynomial CRT in GF(2)[x], Manger padding oracles, LWE lattice CVP breaks, and niche constructions like clock-group DLP and non-permutation S-box collisions. Solo builders who compete in CTFs or who need an agent co-pilot while auditing homework-grade crypto can invoke it during Ship security work to pick the right theorem instead of guessing Sage scripts. Expect Sage/Python-style computation, heavy number theory, and references tied to named events in the table of contents.4.5kinstalls 5Ctf Osintctf-osint is an agent skill package that teaches geolocation and media-analysis OSINT the way competition writeups stack techniques: start from a photo or artifact, narrow geography with grids and codes, cross-check with Street View and maps evidence, and pull metadata or network attribution when the challenge allows. It is aimed at solo builders and small teams who compete in CTFs, practice forensics, or need a repeatable OSINT checklist when an agent is driving the research loop. Invoke it when a challenge hands you imagery, partial coordinates, obscure location encodings, or hardware clues and you want ordered steps instead of guessing which search to run next. The skill matters because geolocation flags fail on missed details—one wrong continent from a sign or mirror reversal wastes hours—so having MGRS, Plus Codes, Lens crops, and monument-letter identification in one procedural doc keeps the agent on rails. It is research-heavy security work, not production monitoring, but the same rigor helps indie builders validating scam pages or suspicious uploads before they ship features that trust user content.4.5kinstalls 6Ctf Forensicsctf-forensics is an agent skill that gives solo builders and security learners a structured playbook for digital forensics CTF challenges. It spans disk and memory analysis, network captures, Windows registry and SAM, steganography, cryptocurrency transactions, PDF forensics, Docker images, Volatility workflows, and niche signal analysis like DTMF and power traces. The skill assumes a filesystem-based agent with bash, Python 3, and permission to install tools from the documented apt, brew, pip, and gem lists. Each technique starts as a one-liner in SKILL.md with pointers to deeper reference files such as windows.md and 3d-printing.md. It is optimized for competition-style recovery of flags and credentials, not for production SOC runbooks, but indie builders sharpening security skills before shipping can use it as a repeatable investigation checklist.4.4kinstalls 7Ctf MiscCTF Misc is a specialized agent skill from ljagiello’s CTF skills collection focused on bash jails, restricted shells, and miscellaneous breakout techniques used in capture-the-flag competitions. It organizes identification steps, eval-context detection, and progressively advanced bypasses when only limited characters or builtins are available. Solo builders and security learners use it when practicing appsec challenges—not when building production SaaS features. The readme anchors techniques to real CTF names (BCTF 2016, 34C3 2017, OTW Advent 2018, Insomnihack 2019), which helps agents choose the right pattern for echo-only layers, closed stdout, or LD_PRELOAD hooks. Complexity is advanced due to environment-specific constraints and ethical scope: intended for authorized labs and CTF targets only.4.3kinstalls 8Solve Challengesolve-challenge is the CTF dispatcher skill in the ljagiello ctf-skills family. Solo builders and security learners use it when they receive a challenge archive, suspicious binary, remote URL, or vague write-up and do not yet know whether crypto, web, pwn, or forensics applies. The skill tells the agent to act like an experienced player: set up tooling via the shared installer, recon the artifact, classify the problem, and hand off to the matching ctf-* specialist rather than treating every puzzle as a greenfield chat. It is not the deepest reference for any single category—that lives in downstream skills. Skip it when you already know the category and can invoke web, crypto, or reversing skills directly. Expect multi-step agent workflows with filesystem and network access typical of competition or lab environments.4.3kinstalls 9Ctf MalwareCTF Malware is an advanced agent skill for security-minded solo builders and CTF players who need structured malware and network-traffic analysis—not everyday SaaS feature work. It triggers on obfuscated scripts, suspicious packages, custom protocols, shellcode, YARA rule work, encrypted C2 (RC4/AES), PE and .NET binaries, and memory forensics with Volatility. The skill catalogs prerequisites across Python packages (yara-python, pefile, capstone, oletools, unicorn, pycryptodome, volatility3, dissect.cobaltstrike) and system tools (tshark, binwalk, Ghidra, optional dnSpy). Anti-analysis coverage includes VM detection, sandbox evasion, API hashing, and injection patterns so agents do not stop at surface strings. Metadata marks user-invocable false—typically loaded when the task already looks like malware or forensics. Use in isolated lab VMs with legal samples only.4.2kinstalls 10Ctf WriteupCTF Write-up is an agent skill for security-minded solo builders and competition teams who need a standardized submission after a challenge is solved. It drives a short, reproducible narrative: collect challenge metadata, exploit scripts, payloads, and command output; note pivots and dead ends; and default to a single path from challenge files to final flag. The workflow includes practical filesystem scans for Python and shell solvers and grep hints for common flag formats, so teammates or organizers can validate the solve quickly during an active event. Invoke it once the flag is in hand—not while you are still fuzzing or reversing. It does not replace live exploitation skills or platform-specific rules; it packages what you already did. Ideal for CTF handoffs, portfolio writeups, and internal security learning logs where clarity beats length.3.4kinstalls 11Ctf Ai MlCTF AI/ML is a procedural security skill for adversarial machine learning: generating imperceptible perturbations, patches, evasion and poisoning attacks, and spotting backdoors in neural networks. It targets builders and competitors who need repeatable exploit patterns—not production MLOps—when auditing classifiers or capturing flags. The readme structures attacks by technique (FGSM, PGD, C&W) and ties each pattern to concrete CTF scenarios such as foolbox iterative attacks and gradient-based Keras FGSM. Use it when you already have a target model or notebook and need step-by-step attack recipes rather than generic ML training advice. It complements sibling skills for model weight manipulation and LLM-specific attacks, making it a specialized reference within a broader CTF skills bundle.3.3kinstalls