Waer's Cybersecurity Knowledge Base
March 28, 2026 Β· View on GitHub
π΄ MIRAGE β OffSec Engine (LIVE)
The repo was just the blueprint.
This is the weaponized version.
50+ documents Β· 20 technique deep dives Β· 10 attack workflows Β· 8 real-world case studies Β· Built from the field, not the textbook.
π€ Who Am I
I'm Waer (Abdelrahman) β a cybersecurity researcher and bug bounty hunter focused on web application security, cloud exploitation, and security automation.
This repository is my brain, exported. Everything here comes from hands-on experience: breaking into bug bounty targets, solving CTF challenges, completing APT lab simulations, and building my own security tooling. I don't write about attacks I've only read about β I write about attacks I've executed, debugged, and reported.
Areas I work in:
- π― Bug Bounty Hunting β web app recon, vulnerability discovery, and responsible disclosure
- π Penetration Testing β web, API, cloud infrastructure, and CMS-specific testing
- π΄ CTF Competitions β web exploitation, forensics, steganography, and crypto
- π€ Security Automation β custom recon tools, JS crawlers, and AI-powered security agents
- βοΈ Cloud Security β AWS exploitation, Spring Boot misconfigurations, metadata attacks
- π΅οΈ APT Emulation β simulating real-world threat actors (Star Blizzard, Volkswagen breach)
π¬ Get in touch:
- π§ Email: abdowaer099@gmail.com
- πΌ LinkedIn: linkedin.com/in/wa3r
π₯ What's Inside
This isn't a wiki dump or a copy-paste of OWASP pages. Every document here follows a battle-tested structure: detect it β exploit it β escalate it β report it, with real payloads, real tool commands, and real decision trees.
| Section | Count | What you'll find |
|---|---|---|
| methodology/ | 5 docs | Full workflows from recon to exploitation to privilege escalation |
| techniques/ | 20 docs | Deep dives into every major web vulnerability class with working payloads |
| scenarios/ | 10 docs | Step-by-step attack playbooks you can follow during live testing |
| case-studies/ | 8 docs | Real findings and APT simulations β anonymized but fully detailed |
| web-vulnerabilities/ | 6 docs | Index pages grouping vulns by category with cross-references |
| tools/ | 4 docs | Tool catalogs, 90+ Google dorks, curated payload lists |
| forensics/ | 3 docs | Investigation workflows, image forensics, steganography detection |
Vulnerability coverage: SQL Injection Β· XSS Β· SSRF Β· SSTI Β· XXE Β· Command Injection Β· IDOR Β· File Upload Β· JWT Attacks Β· CORS Β· Cache Poisoning Β· Prototype Pollution Β· Race Conditions Β· Mass Assignment Β· Open Redirect Β· Password Reset Abuse Β· Deserialization RCE Β· WordPress Hacking Β· Spring Boot Actuator Β· AiTM MFA Bypass
π― Who This Is For
π΄ββ οΈ Bug Bounty Hunters
You'll find ready-to-use attack playbooks with exact payloads, WAF bypass techniques, and vulnerability chaining patterns (XSS + CORS = ATO, Open Redirect + OAuth = token theft). The methodology docs cover the full lifecycle: target selection β recon β exploitation β escalation β reporting. No fluff β just what works.
π Penetration Testers
The privilege escalation checklist covers web, Linux, Windows, and AWS in one document. Technique docs include detection commands, exploitation steps, and filter bypass tables you can reference mid-engagement. Scenarios serve as step-by-step checklists during assessments.
π CTF Players
Case studies include CTF write-ups for SSTI, XXE, DNS zone transfers, and S3 bucket misconfigurations. The forensics section covers JPEG/PNG steganography workflows, and the tools section has the exact analysis order for forensics challenges. The SSTI workflow includes a decision tree for fingerprinting template engines.
π§ͺ CTF Challenge Makers
Understand how attackers approach your challenges. The scenario docs reveal the thought process and decision trees players use β from initial detection probes to full exploitation chains. Use this to design better, more realistic challenges.
π Security Students & Researchers
Every technique doc is structured as a learning path: what the vulnerability is β when it happens β how to find it β how to exploit it β how to escalate impact β what tools to use. Start with methodology, then go deep into any technique that interests you.
π‘οΈ Blue Team / Defenders
Each technique doc includes what to look for from the attacker's perspective. Understanding how attackers chain vulnerabilities helps you build better detections, write better rules, and prioritize hardening efforts.
π Repository Structure
π methodology/
Processes and playbooks from recon to privilege escalation:
- Web Recon Methodology β 11-phase structured recon pipeline
- JavaScript Endpoint Discovery β JS-focused recon with automated crawling
- Bug Bounty Playbook β Program selection, recon-to-exploit flow, reporting tips
- Exploitation Methodology β Systematic exploitation, impact escalation, and vulnerability chaining
- Privilege Escalation Checklist β Web, Linux, Windows, and AWS cloud privesc
π― techniques/
20 technique-focused deep dives with working payloads:
- SQL Injection β UNION, blind, time-based, OOB, WAF bypasses, SQLiβRCE
- XSS Techniques and Payloads β Context-aware payloads, filter bypasses, WAF evasion
- Command Injection β Operators, reverse shells, filter bypass techniques
- SSRF (Server-Side Request Forgery) β Cloud metadata, protocol smuggling, DNS rebinding
- Server-Side Template Injection β Engine fingerprinting, Jinja2/Twig/Freemarker RCE
- XXE Injection β File read, SSRF, blind/OOB extraction
- IDOR (Insecure Direct Object Reference) β Horizontal/vertical escalation, UUID techniques
- JWT Attacks and Misconfigurations β Algorithm confusion, key injection, brute force
- File Upload Vulnerabilities β Extension/magic byte bypasses, webshells, SVG attacks
- Race Conditions β Turbo Intruder, HTTP/2 single-packet, financial exploitation
- CORS Misconfigurations β Origin reflection, null origin, subdomain trust abuse
- Web Cache Poisoning β Unkeyed headers, cache deception
- Password Reset Abuse β Token leakage, host header injection, email parameter pollution
- Mass Assignment Vulnerabilities β Role injection, price manipulation
- Client-Side Prototype Pollution β Source-gadget model, DOM XSS via PP
- Server-Side Parameter Pollution β Query string and REST path injection
- JSON Deserialization RCE β Java, Python, Node, PHP, .NET gadget chains
- WordPress Hacking Methodology β XML-RPC, REST API, plugin/theme exploitation
- Spring Boot Actuator Exploitation β Heap dump, env, gateway route injection
- Open Redirect β Filter bypasses, OAuth/phishing/SSRF chaining
π scenarios/
10 step-by-step attack workflows with decision trees:
- SQL Injection Testing
- File Upload to RCE
- IDOR Discovery and Escalation
- SSTI Detection and Exploitation
- JWT Authentication Bypass
- Race Condition Exploitation
- Reflected XSS Testing
- SSRF via XML-RPC Pingback
- Logic Flaw: Unauthorized Checkout
- Spring Boot Actuator to Cloud Compromise
π case-studies/
Real findings and APT simulations β fully anonymized:
- SSRF via WordPress XML-RPC β Real bug bounty finding
- Checkout Password Leak β Client-side auth bypass
- WordPress REST API Enumeration β API surface mapping
- SSTI to Database Access (CTF) β Flask/Jinja2 exploitation
- XXE File Read (CTF) β Firmware update XML injection
- DNS Zone Transfer & S3 Bucket (CTF) β Infrastructure misconfig
- Spring Boot Actuator β VW Breach Simulation β Heap dump β AWS β Secrets Manager
- MFA Bypass via AiTM β Star Blizzard APT β Russian APT session cookie theft
π web-vulnerabilities/
Index pages grouping related content:
- XSS Β· SSRF Β· Auth & Session Issues
- Injection Β· Access Control & Logic Β· File Upload & Deserialization
π οΈ tools/
π forensics/
πΊοΈ How to Navigate
If you're new here
Start here βββ methodology/web-recon-methodology.md
βββ methodology/bug-bounty-playbook.md
βββ Pick any technique βββ Read matching scenario βββ Study the case study
If you're mid-assessment
Find the vuln type βββ techniques/{vuln}.md (detection + payloads)
Follow the workflow βββ scenarios/{vuln}-workflow.md (step-by-step)
Copy payloads from βββ tools/wordlists-and-payload-lists.md
If you're solving a CTF
Web challenge βββ techniques/ + scenarios/ (exploitation)
Forensics βββ forensics/forensics-workflow.md (analysis order)
Stego βββ forensics/image-forensics-*.md (JPEG/PNG specific)
Cloud βββ case-studies/ (AWS, Spring Boot, metadata)
β οΈ Disclaimer
All case studies are fully anonymized β real target domains, IPs, credentials, and personally identifiable information have been removed or replaced with placeholders. This repository is intended for educational purposes and ethical security research only. Always obtain proper authorization before testing any system.
π€ Contributing
Contributions are welcome! See CONTRIBUTING.md for guidelines on adding new techniques, case studies, or improving existing content.
π License
This project is licensed under the MIT License β see LICENSE for details.
Built by Waer Β· abdowaer099@gmail.com Β· LinkedIn