hi-fullhouse/cybersecurity-skills

CyberSecurity-Skills is a structured catalog of cybersecurity techniques organized as a reference library. The repository describes itself as a full-process skill system covering 39 large modules and 195 individual security skills, spanning both attack-side and defense-side topics. The maintainers say it is built around the Penetration Testing Execution Standard (PTES) and also draws on the OWASP Testing Guide and NIST SP 800-115. The content is grouped into stages that roughly match the lifecycle of a penetration test. Early modules cover information gathering, vulnerability scanning, exploitation, privilege escalation, post-exploitation, lateral movement, persistence, and covering tracks. Later modules branch out into mobile, wireless, code audit, reverse engineering, incident response, cloud, DevSecOps, ICS/OT, blockchain and Web3, IoT, data privacy, social engineering, red/blue team, supply chain, container, API, cryptography and PKI, zero trust, endpoint, ransomware defense, and governance and compliance. Each skill entry, according to the README, includes a short technical explanation, common tools or commands, a practical example, and links to outside references. The repository is mostly written in Chinese and is presented as Markdown files rather than runnable code, although there is a Python helper called skill_query.py for searching across the catalog from the command line. Badges in the README also point to an index.json index, an agent-manifest.json file, and a GitHub Actions workflow that validates the structure on each change. The stated audience is people studying cybersecurity skills, preparing for testing engagements, or feeding the structured knowledge into AI agents that need a reference set. The README frames the project as a checklist and learning aid rather than a tool that performs attacks itself. It is released under an MIT license and invites pull requests through a CONTRIBUTING file. Note that the content describes offensive techniques such as exploitation, credential theft, and AMSI or EDR evasion, so the project is aimed at readers who already have authorization to test the systems they apply these techniques to.