ReddRadar
Topic: offensive-security
88 skills in this topic.
-
browser-exploitation
Exploit browser-based attack surfaces: malicious extension crafting for bot interaction scenarios, Chrome DevTools Protocol abuse on exposed debug ports, and browser profile/cache data extraction from compromised hosts.
blacklanternsecurity/red-run 126
-
command-injection
Guide OS command injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
cors-misconfiguration
Exploit CORS (Cross-Origin Resource Sharing) misconfigurations during authorized penetration testing.
blacklanternsecurity/red-run 126
-
csrf
Exploit Cross-Site Request Forgery (CSRF) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
database-enumeration
Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
-
deserialization-java
Exploit Java deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
container-escapes
Container escape, Docker breakout, and Kubernetes exploitation.
blacklanternsecurity/red-run 126
-
idor
Exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
wstg-auth-session
WSTG identity, authentication, authorization, and session management testing
CyberStrikeus/CyberStrike 166
-
recon-methodology
Bug bounty and pentest reconnaissance methodology
CyberStrikeus/CyberStrike 166
-
wstg-injection
WSTG input validation and injection testing - SQLi, XSS, SSTI, SSRF, command injection, XXE
CyberStrikeus/CyberStrike 166
-
wstg-logic-client-api
WSTG business logic, client-side, and API security testing
CyberStrikeus/CyberStrike 166
-
kerberos-attacks
Kerberos protocol attack techniques and exploitation
CyberStrikeus/CyberStrike 166
-
wstg-recon-config
WSTG reconnaissance, configuration, error handling, and cryptography testing techniques
CyberStrikeus/CyberStrike 166
-
ad-security
Active Directory security testing and attack techniques
CyberStrikeus/CyberStrike 166
-
bun-file-io
Use this when you are working on file operations like reading, writing, scanning, or deleting files. It summarizes the preferred file APIs and patterns used in this repo. It also notes when to use filesystem helpers for directories.
CyberStrikeus/CyberStrike 166