CyberStrike

eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux

AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3

Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation

CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab

Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence

macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools

Windows userland post-exploitation for credential harvesting, monitoring, AMSI/ETW bypass, and stealth operations

Web cache poisoning — unkeyed header/parameter injection to serve malicious content to all users

CORS misconfiguration testing — origin reflection, wildcard bypass, null origin, credential leakage

GraphQL vulnerability testing — introspection exposure, complexity DoS, batch abuse, mutation auth bypass

Host header injection — password reset poisoning, cache poisoning, routing bypass, SSRF via Host

IDOR automated testing — cross-account access, horizontal/vertical privilege escalation, mass data exposure

JWT token attacks — alg:none bypass, key confusion, claim tampering, signature stripping

Open redirect exploitation — URL parameter manipulation, OAuth token theft, phishing chains

JavaScript prototype pollution — __proto__ injection, constructor.prototype, gadget chain exploitation

Race condition / TOCTOU testing — concurrent requests to exploit time-of-check-to-time-of-use flaws

Rate limit bypass testing — XFF rotation, case variation, method switching, header manipulation

HTTP request smuggling — CL.TE, TE.CL, TE.TE desync attacks for cache poisoning and auth bypass

Server-Side Request Forgery — internal network access, cloud metadata theft, filter bypass techniques

Server-Side Template Injection — detection, engine fingerprinting, and exploitation across 7 template engines

Subdomain takeover — CNAME detection, cloud service fingerprinting, dangling DNS exploitation

WebSocket security testing — CSWSH, message injection, auth bypass, origin validation

XML External Entity injection — file read, SSRF, data exfiltration via out-of-band XML parsing

Active Directory security testing and attack techniques

Use this when you are working on file operations like reading, writing, scanning, or deleting files. It summarizes the preferred file APIs and patterns used in this repo. It also notes when to use filesystem helpers for directories.

Kerberos protocol attack techniques and exploitation

Bug bounty and pentest reconnaissance methodology

API Testing Overview

API Reconnaissance

Testing for Broken Object Level Authorization (BOLA)

Testing GraphQL

Testing for Credentials Transported over an Encrypted Channel

Testing for Default Credentials

Testing for Weak Lock Out Mechanism

Testing for Bypassing Authentication Schema

Testing for Vulnerable Remember Password

Testing for Browser Cache Weaknesses

Testing for Weak Password Policy

Testing for Weak Security Question Answer

Testing for Weak Password Change or Reset Functionalities