Obsidian Flavored Markdown Skill
This skill enables you to create and edit valid Obsidian Flavored Markdown that matches the user's personal conventions and patterns.
User's Obsidian Conventions
The user has specific patterns you should follow:
Frontmatter Structure:
-
Always include: created , modified , tags
-
Optional: aliases , cssclasses
-
Date format: YYYY-MM-DD (e.g., 2026-02-13 )
-
Tags use kebab-case with hyphens (e.g., bug-bounty , llm-hacking , dev-tools )
-
Common cssclasses: medium (for medium-length content)
Callout Syntax:
-
Use ad- prefix for callouts (Admonition plugin syntax)
-
Common types: ad-info , ad-example , ad-cite , ad-note , ad-quote
-
Can include title after type: ad-cite with title: Source: URL
Content Style:
-
Mixed Vietnamese and English is normal and expected
-
Technical terms stay in English
-
Vietnamese for explanations and context
-
Code blocks always have language specifiers
Common Patterns:
-
Tables for structured comparisons
-
Task lists with - [ ] and - [x]
-
Nested lists for hierarchical information
-
Wikilinks for internal references: [[Note Name]]
Overview
Obsidian uses a combination of Markdown flavors:
-
CommonMark
-
GitHub Flavored Markdown
-
LaTeX for math
-
Obsidian-specific extensions (wikilinks, callouts, embeds, etc.)
-
Admonition plugin for enhanced callouts
Basic Formatting
Paragraphs and Line Breaks
This is a paragraph.
This is another paragraph (blank line between creates separate paragraphs).
For a line break within a paragraph, add two spaces at the end
or use Shift+Enter.
Headings
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Text Formatting
Style Syntax Example Output
Bold text or text
Bold
Bold
Italic text or text
Italic
Italic
Bold + Italic text
Both
Both
Strikethrough
text
Striked
Striked
Highlight ==text==
==Highlighted==
==Highlighted==
Inline code
code
code
code
Escaping Formatting
Use backslash to escape special characters:
*This won't be italic* #This won't be a heading 1. This won't be a list item
Common characters to escape: * , _ , # , ` , | , ~
Internal Links (Wikilinks)
Basic Links
[[Note Name]] [[Note Name.md]] [[Note Name|Display Text]]
Link to Headings
[[Note Name#Heading]] [[Note Name#Heading|Custom Text]] [[#Heading in same note]] [[##Search all headings in vault]]
Link to Blocks
[[Note Name#^block-id]] [[Note Name#^block-id|Custom Text]]
Define a block ID by adding ^block-id at the end of a paragraph:
This is a paragraph that can be linked to. ^my-block-id
For lists and quotes, add the block ID on a separate line:
This is a quote With multiple lines
^quote-id
Search Links
[[##heading]] Search for headings containing "heading" [[^^block]] Search for blocks containing "block"
Markdown-Style Links
Display Text Display Text Display Text Note
Note: Spaces must be URL-encoded as %20 in Markdown links.
Embeds
Embed Notes
![[Note Name]] ![[Note Name#Heading]] ![[Note Name#^block-id]]
Embed Images
![[image.png]] ![[image.png|640x480]] Width x Height ![[image.png|300]] Width only (maintains aspect ratio)
External Images
Embed Audio
![[audio.mp3]] ![[audio.ogg]]
Embed PDF
![[document.pdf]] ![[document.pdf#page=3]] ![[document.pdf#height=400]]
Embed Lists
![[Note#^list-id]]
Where the list has been defined with a block ID:
- Item 1
- Item 2
- Item 3
^list-id
Embed Search Results
tag:#project status:done
Callouts
The user uses Admonition plugin syntax with ad- prefix. This is different from standard Obsidian callouts.
User's Callout Syntax (Admonition Plugin)
This is a note callout using Admonition syntax.
Đây là thông tin quan trọng. Mixed language content is normal.
*"This is an example with quoted text"*
title: Source: https://example.com/article
Content from external source with attribution.
> Quoted text can be nested inside callouts.
> Multiple lines work fine.
### Common Callout Types (User's Patterns)
Based on the user's notes, these are the most frequently used:
| Type | Usage | Example Context |
|------|-------|-----------------|
| `ad-info` | Important information, clarifications | Technical notes, warnings |
| `ad-example` | Code examples, demonstrations | Attack payloads, SQL queries |
| `ad-cite` | External references with sources | Blog posts, documentation |
| `ad-note` | Additional context, explanations | Technical details, caveats |
| `ad-quote` | Direct quotes from sources | Twitter threads, articles |
### Standard Obsidian Callouts (For Reference)
If the user specifically requests standard Obsidian syntax:
```markdown
> [!note]
> Standard Obsidian callout syntax.
> [!info] Custom Title
> With a custom title.
But default to ad-
prefix syntax unless told otherwise.
Lists
Unordered Lists
- Item 1
- Item 2
- Nested item
- Another nested
- Item 3
* Also works with asterisks
+ Or plus signs
Ordered Lists
1. First item
2. Second item
1. Nested numbered
2. Another nested
3. Third item
1) Alternative syntax
2) With parentheses
Task Lists
- [ ] Incomplete task
- [x] Completed task
- [ ] Task with sub-tasks
- [ ] Subtask 1
- [x] Subtask 2
Quotes
> This is a blockquote.
> It can span multiple lines.
>
> And include multiple paragraphs.
>
> > Nested quotes work too.
Code Blocks
Always specify the language for syntax highlighting:
```python
def process_data(items):
return sorted(items, key=lambda x: x.priority)
curl http://169.254.169.254/latest/meta-data/
SELECT * FROM users WHERE id = 1;
const result = await fetch('/api/data');
Common Languages in User's Notes
Language Usage
python
Scripts, exploits
bash / sh
Shell commands
sql
Database queries
javascript / js
Web code
c
Low-level code, exploits
yaml / yml
Configuration
json
Data structures
markdown / md
Meta examples
Nesting Code Blocks
Use more backticks for the outer block:
Here's how to create a code block:
```js
console.log("Hello")
```
Tables
| Header 1 | Header 2 | Header 3 |
|---|---|---|
| Cell 1 | Cell 2 | Cell 3 |
| Cell 4 | Cell 5 | Cell 6 |
Alignment
| Left | Center | Right |
|---|---|---|
| Left | Center | Right |
Using Pipes in Tables
Escape pipes with backslash:
| Column 1 | Column 2 |
|---|---|
| [[Link|Display]] | ![[Image|100]] |
Math (LaTeX)
Inline Math
This is inline math: $e^{i\pi} + 1 = 0$
Block Math
$$ \begin{vmatrix} a & b \ c & d \end{vmatrix} = ad - bc $$
Common Math Syntax
$x^2$ Superscript $x_i$ Subscript $\frac{a}{b}$ Fraction $\sqrt{x}$ Square root $\sum_{i=1}^{n}$ Summation $\int_a^b$ Integral $\alpha, \beta$ Greek letters
Diagrams (Mermaid)
graph TD
A[Start] --> B{Decision}
B -->|Yes| C[Do this]
B -->|No| D[Do that]
C --> E[End]
D --> E
Sequence Diagrams
sequenceDiagram
Alice->>Bob: Hello Bob
Bob-->>Alice: Hi Alice
Linking in Diagrams
graph TD
A[Biology]
B[Chemistry]
A --> B
class A,B internal-link;
Footnotes
The user frequently uses footnotes for references and citations:
This technique is documented in multiple sources1. See also the blind detection method2.
Footnote Patterns
For external references:
Các kỹ thuật này được documented trong nhiều bug bounty reports1.
For additional context:
This requires specific permissions3.
Inline footnotes (less common):
This is supported in newer versions.^[PostgreSQL 14+]
Comments
This is visible %%but this is hidden%% text.
%% This entire block is hidden. It won't appear in reading view. %%
Horizontal Rules
Properties (Frontmatter)
The user has a consistent frontmatter pattern. Always follow this structure:
User's Standard Frontmatter
created: 2026-02-13 modified: 2026-02-13 tags: [tag1, tag2, tag3]
With Optional Fields
created: 2026-02-13 modified: 2026-02-13 aliases: [] tags: [bug-bounty, fleeting, tips] cssclasses:
- medium
Frontmatter Rules
-
Always include: created , modified , tags
-
Date format: YYYY-MM-DD (no time component)
-
Tags format: Inline array [tag1, tag2] or YAML list
-
Tag naming: Use kebab-case with hyphens
-
Good: bug-bounty , llm-hacking , dev-tools , active-directory
-
Avoid: bugBounty , llm_hacking , DevTools
-
Common tags:
-
fleeting
-
Quick notes, tips, snippets
-
evergreen
-
Comprehensive, maintained content
-
tips
-
Quick tips and tricks
-
Domain tags: AI , SQLi , SSRF , RCE , postgres , etc.
-
cssclasses: Use medium for medium-length content
-
aliases: Include empty array [] if no aliases
Example from User's Notes
created: 2025-09-10 modified: 2026-02-13 aliases: [] tags: [AI, evergreen, llm-hacking] cssclasses:
- medium
Tags
The user follows specific tag naming conventions:
Tag Format
#bug-bounty #llm-hacking #dev-tools #active-directory
In Frontmatter (Preferred)
tags: [bug-bounty, fleeting, tips]
Or YAML list format:
tags:
- AI
- evergreen
- llm-hacking
Tag Naming Conventions
Use kebab-case with hyphens:
-
✅ bug-bounty , llm-hacking , dev-tools , active-directory
-
❌ bugBounty , llm_hacking , DevTools , active_directory
Common tag categories:
Category Examples
Content type fleeting , evergreen
Domain AI , SQLi , SSRF , RCE , XSS
Technology postgres , cli , terminal , tools
Activity bug-bounty , recon , tips
Tag meanings:
-
fleeting
-
Quick notes, tips, snippets (temporary or in-progress)
-
evergreen
-
Comprehensive, maintained content (permanent reference)
-
tips
-
Quick tips and tricks
-
tools
-
Tool documentation and usage
Tags can contain:
-
Letters (any language)
-
Numbers (not as first character)
-
Hyphens - (preferred separator)
-
Forward slashes / (for nesting, e.g., security/web/xss )
Writing Style and Tone
Vietnamese Pronouns
Use inclusive pronouns in Vietnamese:
-
✅ Use: chúng ta , ta (we, us, inclusive)
-
❌ Avoid: bạn , tôi , mình (you, me, exclusive)
Examples:
-
✅ "Nếu chúng ta muốn debug..."
-
✅ "Ta có thể tách concerns thành..."
-
❌ "Nếu bạn muốn debug..."
-
❌ "Tôi có thể tách concerns thành..."
Content Depth
Notes should be comprehensive with:
-
Detailed explanations of concepts
-
Technical references and links
-
Code examples with context
-
Architecture diagrams when helpful
-
Real-world use cases
-
Troubleshooting tips
Avoid superficial summaries - go deep into the technical details.
Heading Capitalization (Obsidian Linter Style)
Follow title case rules:
-
Capitalize: First word, last word, all major words
-
Lowercase: Articles (a, an, the), coordinating conjunctions (and, but, or), prepositions (to, from, in, on, at, by, for, with), "as", "if"
Examples:
-
✅ "Core Concepts Step by Step"
-
✅ "Props Are Context-Carriers"
-
✅ "Data Pipeline from Input to Output"
-
✅ "Error Model in the UI"
-
❌ "Core concepts step by step"
-
❌ "Props are context-carriers"
-
❌ "Data Pipeline From Input To Output"
Complete Example (User's Style)
This example demonstrates the user's actual note-taking patterns:
created: 2026-02-13 modified: 2026-02-13 aliases: [] tags: [bug-bounty, SSRF, evergreen] cssclasses:
- medium
SSRF Exploitation Techniques
Overview
Server-Side Request Forgery (SSRF) cho phép attacker gửi requests từ server đến các internal services hoặc external systems.
SSRF có thể dẫn đến việc truy cập vào cloud metadata endpoints, internal APIs, và các services không được expose ra ngoài.
Common Bypass Techniques
IP Address Obfuscation
Mọi IP trong block 127.x.x.x đều resolve về 127.0.0.1:
- 127.9.5.11
- 127.250.251.252
- 127.123.1.50
URL Parsing Issues
| Technique | Example | Target |
|---|---|---|
| URL fragments | https://evil.com#@internal.com | Parser confusion |
| Credentials | https://internal.com@evil.com | Authority bypass |
| Decimal IP | http://2130706433/ | 127.0.0.1 |
Cloud Metadata Endpoints
AWS
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/
Newer AWS instances require IMDSv2 với session tokens, nhưng nhiều applications vẫn support IMDSv1.
Attack Checklist
- Test localhost variations (
127.0.0.1,localhost,0.0.0.0) - Try cloud metadata endpoints
- Check for DNS rebinding vulnerabilities
- Test URL parser bypasses
- Document successful payloads
Related Techniques
- [[SSRF to RCE]]
- [[Cloud Metadata Exploitation]]
- [[DNS Rebinding]]
Resources
Các kỹ thuật này được documented trong nhiều bug bounty reports1. Xem thêm về blind SSRF detection2.
title: Source: https://x.com/Behi_Sec/status/1999079449741111606
Every IP inside the 127.x.x.x block resolves to 127.0.0.1.
References
-
Basic formatting syntax
-
Advanced formatting syntax
-
Obsidian Flavored Markdown
-
Internal links
-
Embed files
-
Callouts
-
Properties
Footnotes
-
User must have lo_import, lo_export, and pg_reload_conf privileges. ↩