Search Results: exploit

Found 164 Skills

waf-bypass-hunter

Bypass a Coraza WAF protecting a vulnerable Next.js 16 backend. Analyze parser differentials between Go (WAF) and Node.js (backend) to find bypasses.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

prototype-pollution

Prototype pollution testing for JavaScript stacks. Use when user input is merged into objects (query parsers, JSON bodies, deep assign), when configuring libraries via untrusted keys, or when hunting RCE gadgets via polluted Object.prototype in Node or the browser.

🇨🇳|ChineseTranslated

Security & Complianceyaklang/hack-skills

xxe-xml-external-entity

XXE playbook. Use when XML, SVG, OOXML, SOAP, or parser-driven imports may resolve external entities, files, or internal network resources.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

dns-rebinding-attacks

DNS rebinding attack playbook. Use when testing applications that trust DNS resolution for origin checks, interact with internal services from browser context, or when SSRF is not possible server-side but the target has client-side fetch/XHR to attacker-controlled domains.

🇺🇸|EnglishTranslated

Security & Complianceed1s0nz/cyberstrikeai

ldap-injection-testing

Professional Skills and Methodologies for LDAP Injection Vulnerability Testing

🇨🇳|ChineseTranslated

Security & Complianceed1s0nz/cyberstrikeai

idor-testing

Professional Skills and Methodologies for Insecure Direct Object Reference (IDOR) Testing

🇨🇳|ChineseTranslated

Security & Complianceyaklang/hack-skills

crlf-injection

CRLF injection playbook. Use when user input reaches HTTP response headers, Location redirects, Set-Cookie values, or log files where carriage-return/line-feed characters can split or inject content.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

csrf-cross-site-request-forgery

CSRF testing playbook. Use when reviewing state-changing web flows, anti-CSRF defenses, SameSite behavior, JSON CSRF, login CSRF, and OAuth state handling.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

cmdi-command-injection

Command injection playbook. Use when user input may reach shell commands, process execution, converters, import pipelines, or blind out-of-band command sinks.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

prototype-pollution-advanced

Advanced prototype pollution playbook — server-side RCE, client-side gadgets, filter bypasses, and detection techniques. Companion to ../prototype-pollution/ for basics. Use when you've confirmed pollution and need to escalate to code execution or find framework-specific gadgets.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

active-directory-kerberos-attacks

Kerberos attack playbook for Active Directory. Use when targeting AD authentication via AS-REP roasting, Kerberoasting, golden/silver/diamond tickets, delegation abuse, or pass-the-ticket attacks.

🇺🇸|EnglishTranslated

Security & Complianceed1s0nz/cyberstrikeai

command-injection-testing

Professional Skills and Methodologies for Command Injection Vulnerability Testing

🇨🇳|ChineseTranslated