0x-Professor

Assess AWS, Azure, and GCP controls for IAM escalation and cloud service exposure.

Test Docker and Kubernetes security controls for RBAC abuse, breakout, and secret exposure.

Scaffold MCP server projects and baseline tool contract checks. Use for defining tool schemas, generating starter server layouts, and validating MCP-ready structure.

Build transformer fine-tuning run plans with task settings, hyperparameters, and model-card outputs. Use for repeatable Hugging Face or PyTorch finetuning workflows.

Build repeatable data-to-Docs pipelines from Sheets and Drive sources. Use for automated status reports, template-based document assembly, and scheduled publishing workflows.

Generate reusable multi-step agent workflow blueprints. Use for trigger/action orchestration, deterministic workflow definitions, and automation handoff artifacts.

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident summaries.

Prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality. Use for CVE triage, patch order decisions, and remediation reporting.

Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level prioritization.

Assess lateral movement and pivot paths across authorized internal trust boundaries.

Assess mobile applications with static and dynamic analysis aligned to OWASP MASTG and MASVS.

Design Gmail, Drive, Sheets, and Calendar automations with scope-aware plans. Use for repeatable daily task automation with explicit OAuth scopes and audit-ready outputs.

Plan reproducible ML experiment runs with explicit parameters, metrics, and artifacts. Use before model training to standardize tracking-ready experiment definitions.

Test authentication and session management controls for bypass and account takeover scenarios.

Test egress and DLP controls using synthetic canary data across authorized exfiltration channels.

Define legal scope, rules of engagement, and authorization artifacts for downstream pentest execution.

Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

Compare model candidates using weighted metrics and deterministic ranking outputs. Use for benchmark leaderboards and model promotion decisions.

Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.

Set up authorized C2 simulation workflows and measure defensive detection outcomes.

Collect project brief and stack choices, then output canonical project-config.json for downstream web-builder skills.

Generate sitemap and wireframe specifications from project-config.json and produce UX planning artifacts.

Systematically test authorized targets for SQL, XSS, SSTI, XXE, command, and request-smuggling injection classes.

Run controlled exploitation against confirmed vulnerabilities while enforcing scope and authorization gates.

Actively enumerate in-scope hosts and services, then produce normalized network mapping artifacts.

Retest remediated findings, detect regressions, and generate remediation status and certification artifacts.

Aggregate findings and generate multi-format pentest reports with remediation roadmap and risk scoring.

Design phishing and social engineering simulations with explicit authorization and measurable outcomes.

Assess Linux and Windows privilege escalation vectors from existing authorized footholds.

Perform passive reconnaissance and leak intelligence collection with no direct contact to target systems.

Coordinate autonomous pentest skills with dependency enforcement, deconfliction, and emergency stop controls.

Integrate authentication and authorization flows with provider-specific setup and RBAC safeguards.

Correlate scanner results with CVE and exploit intelligence and prioritize by CVSS and exploitability.

Assess web applications against OWASP WSTG and OWASP Top 10 with reproducible evidence capture.

Evaluate authorized wireless networks for handshake, PMKID, rogue AP, and enterprise auth weaknesses.

Run frontend functional, accessibility, visual, and performance test planning with structured reports.

Aggregate SAST, SCA, DAST, secrets, API, frontend, and backend security checks into one report.

Create and evolve production-ready skills with reusable scripts, references, and validation. Use for new skill creation, skill upgrades, and enforcing consistent metadata and structure.

Test API endpoints for correctness, edge cases, auth handling, and OpenAPI contract compliance.

Validate database schema, migrations, indexes, and query behavior with structured pass/fail reporting.

Prepare deployment configs, final checks, and pre-launch readiness artifacts for production release.

Scaffold backend API, data models, ORM setup, and endpoint inventory with OpenAPI output.

Scaffold frontend architecture, components, routing, and UI dependencies from project config and wireframes.