Share
## https://sploitus.com/exploit?id=D7A5D2A9-43EC-51C4-B84C-85DA066706D8
# Waer's Cybersecurity Knowledge Base

> **50+ documents** · **20 technique deep dives** · **10 attack workflows** · **8 real-world case studies** · **Built from the field, not the textbook.**

---

## 👤 Who Am I

# 🚀 Kareem Mohamed's Tech Universe

> **IT Student @ BUT** · **Front-End Developer** · **Embedded Systems Enthusiast** · **Innovator behind Novera**

---

## 👤 Who Am I

أنا **كريم محمد عبده**، طالب في السنة الثانية بتخصص تكنولوجيا المعلومات (IT) في **جامعة برج العرب التكنولوجية**. أؤمن بأن التكنولوجيا ليست مجرد أكواد، بل هي أداة لحل مشكلات الواقع.

ينصب تركيزي على بناء واجهات مستخدم جذابة باستخدام **React**، ودمج الذكاء الاصطناعي مع العتاد الصلب (Hardware) لخلق حلول ذكية مثل مشروع **Novera**. أسعى دائماً للتميز الأكاديمي (تقدير ممتاز) والنمو المهني من خلال المشاريع التطبيقية.

**مجالات تخصصي:**
- 💻 **Front-End Development** – بناء مواقع سريعة ومتجاوبة باستخدام React & Tailwind.
- 🤖 **Embedded Systems** – برمجة Arduino وتصميم الدوائر الإلكترونية (PCB).
- 🛠️ **IT Support & Hardware** – حاصل على شهادة معتمدة من Caritas والاتحاد الأوروبي.
- 🎨 **UI/UX & Branding** – تصميم هويات بصرية للمشاريع التقنية.

📬 **تواصل معي:**
- 📧 البريد الإلكتروني: [Kareem.mohamed.abdo.ismail@gmail.com](mailto:Kareem.mohamed.abdo.ismail@gmail.com)
- 💼 لينكد إن: [https://www.linkedin.com/in/kareem-mohamed-9979a7333](https://www.linkedin.com/in/kareem-mohamed-9979a7333)
- 🌐 معرض أعمالي: [kareemmo7hmed.vercel.app](https://kareemmo7hmed.vercel.app/)

---

## 🔥 Featured Projects

لا أكتفي بالشرح النظري، بل أحول الأفكار إلى واقع ملموس. إليك أهم محطاتي التقنية:

| Project | Type | Tech Stack | Description |
|---------|------|------------|-------------|
| **[Novera](https://github.com/kareemmoh7med/Novera)** | Smart Hardware | Arduino, AI, Sensors | سلة مهملات ذكية تدعم فرز النفايات آلياً في الحرم الجامعي. |
| **[XB-FOOD](https://kareemmoh7med.github.io/XB-FOOD/)** | Web App | HTML, CSS, JS | منصة لعرض وطلب الوجبات بتصميم عصري وتجربة مستخدم سلسة. |
| **ContactHub** | Software | React, Firebase | نظام متكامل لإدارة جهات الاتصال وحفظ البيانات سحابياً. |
| **Inventory System** | Management | Python, SQL | أداة لإدارة المخازن وتتبع المنتجات بدقة عالية. |

---

## 🛠️ Tech Stack & Skills

### 🖥️ Software Development
* **Languages:** JavaScript (ES6+), Python, C++, C.
* **Frameworks:** React.js, Tailwind CSS, Bootstrap.
* **Tools:** Git & GitHub, VS Code, Vercel.

### 🔌 Hardware & Engineering
* **Platforms:** Arduino, ESP32.
* **Design:** PCB Design, Proteus, Fritzing.
* **Specialty:** IoT Solutions, Sensor Integration, Smart Automation.

### 📜 Certifications
* **IT Support & Hardware Specialist** – Caritas Egypt & EU.
* **Front-End Web Development** – Professional Nano-degree.

---

## 📂 Repository Structure

### 📋 [Projects/](https://github.com/kareemmoh7med?tab=repositories)
جميع الأكواد المصدرية لمشاريعي البرمجية، مرتبة من الأقدم للأحدث.
- **Front-end-apps:** تطبيقات React و JavaScript.
- **Embedded-systems:** ملفات برمجة Arduino ومخططات الدوائر.

### 🛡️ [Professional-Assets/](https://github.com/kareemmoh7med)
نماذج من تصاميم الهوية البصرية (Logos) لشركاتي التخيلية مثل **KM Software**.

---

## 🗺️ How to Reach Me

إذا كنت تبحث عن مطور يجمع بين فهم البرمجيات والقدرة على التعامل مع العتاد، أو تريد التعاون في مشروع مبتكر:

1. تفقد معرض أعمالي [من هنا](https://kareemmo7hmed.vercel.app/).
2. راسلني مباشرة عبر البريد الإلكتروني.
3. تابع نشاطي التقني على GitHub و LinkedIn.

---


This repository is my brain, exported. Everything here comes from hands-on experience: breaking into bug bounty targets, solving CTF challenges, completing APT lab simulations, and building my own security tooling. I don't write about attacks I've only read about — I write about attacks I've executed, debugged, and reported.

**Areas I work in:**
- 🎯 **Bug Bounty Hunting** — web app recon, vulnerability discovery, and responsible disclosure
- 🔐 **Penetration Testing** — web, API, cloud infrastructure, and CMS-specific testing
- 🏴 **CTF Competitions** — web exploitation, forensics, steganography, and crypto
- 🤖 **Security Automation** — custom recon tools, JS crawlers, and AI-powered security agents
- ☁️ **Cloud Security** — AWS exploitation, Spring Boot misconfigurations, metadata attacks
- 🕵️ **APT Emulation** — simulating real-world threat actors (Star Blizzard, Volkswagen breach)

📬 **Get in touch:**
- 📧 Email: [abdowaer099@gmail.com](mailto:abdowaer099@gmail.com)
- 💼 LinkedIn: [linkedin.com/in/wa3r](https://linkedin.com/in/wa3r)

---

## 🔥 What's Inside

This isn't a wiki dump or a copy-paste of OWASP pages. Every document here follows a battle-tested structure: **detect it → exploit it → escalate it → report it**, with real payloads, real tool commands, and real decision trees.

| Section | Count | What you'll find |
|---------|-------|-----------------|
| **[methodology/](methodology/)** | 5 docs | Full workflows from recon to exploitation to privilege escalation |
| **[techniques/](techniques/)** | 20 docs | Deep dives into every major web vulnerability class with working payloads |
| **[scenarios/](scenarios/)** | 10 docs | Step-by-step attack playbooks you can follow during live testing |
| **[case-studies/](case-studies/)** | 8 docs | Real findings and APT simulations — anonymized but fully detailed |
| **[web-vulnerabilities/](web-vulnerabilities/)** | 6 docs | Index pages grouping vulns by category with cross-references |
| **[tools/](tools/)** | 4 docs | Tool catalogs, 90+ Google dorks, curated payload lists |
| **[forensics/](forensics/)** | 3 docs | Investigation workflows, image forensics, steganography detection |

**Vulnerability coverage:** SQL Injection · XSS · SSRF · SSTI · XXE · Command Injection · IDOR · File Upload · JWT Attacks · CORS · Cache Poisoning · Prototype Pollution · Race Conditions · Mass Assignment · Open Redirect · Password Reset Abuse · Deserialization RCE · WordPress Hacking · Spring Boot Actuator · AiTM MFA Bypass

---

## 🎯 Who This Is For

### 🏴‍☠️ Bug Bounty Hunters
You'll find ready-to-use **attack playbooks** with exact payloads, WAF bypass techniques, and vulnerability chaining patterns (XSS + CORS = ATO, Open Redirect + OAuth = token theft). The methodology docs cover the full lifecycle: target selection → recon → exploitation → escalation → reporting. No fluff — just what works.

### 🔓 Penetration Testers
The **privilege escalation checklist** covers web, Linux, Windows, and AWS in one document. Technique docs include detection commands, exploitation steps, and filter bypass tables you can reference mid-engagement. Scenarios serve as step-by-step checklists during assessments.

### 🏁 CTF Players
Case studies include **CTF write-ups** for SSTI, XXE, DNS zone transfers, and S3 bucket misconfigurations. The forensics section covers JPEG/PNG steganography workflows, and the tools section has the exact analysis order for forensics challenges. The SSTI workflow includes a **decision tree** for fingerprinting template engines.

### 🧪 CTF Challenge Makers
Understand how attackers approach your challenges. The scenario docs reveal the **thought process and decision trees** players use — from initial detection probes to full exploitation chains. Use this to design better, more realistic challenges.

### 📚 Security Students & Researchers
Every technique doc is structured as a **learning path**: what the vulnerability is → when it happens → how to find it → how to exploit it → how to escalate impact → what tools to use. Start with methodology, then go deep into any technique that interests you.

### 🛡️ Blue Team / Defenders
Each technique doc includes **what to look for** from the attacker's perspective. Understanding how attackers chain vulnerabilities helps you build better detections, write better rules, and prioritize hardening efforts.

---

## 📂 Repository Structure

### 📋 [methodology/](methodology/)
Processes and playbooks from recon to privilege escalation:
- [Web Recon Methodology](methodology/web-recon-methodology.md) — 11-phase structured recon pipeline
- [JavaScript Endpoint Discovery](methodology/javascript-endpoint-discovery.md) — JS-focused recon with automated crawling
- [Bug Bounty Playbook](methodology/bug-bounty-playbook.md) — Program selection, recon-to-exploit flow, reporting tips
- [Exploitation Methodology](methodology/exploitation-methodology.md) — Systematic exploitation, impact escalation, and vulnerability chaining
- [Privilege Escalation Checklist](methodology/privilege-escalation-checklist.md) — Web, Linux, Windows, and AWS cloud privesc

### 🎯 [techniques/](techniques/)
20 technique-focused deep dives with working payloads:
- [SQL Injection](techniques/sql-injection.md) — UNION, blind, time-based, OOB, WAF bypasses, SQLi→RCE
- [XSS Techniques and Payloads](techniques/xss-techniques.md) — Context-aware payloads, filter bypasses, WAF evasion
- [Command Injection](techniques/command-injection.md) — Operators, reverse shells, filter bypass techniques
- [SSRF (Server-Side Request Forgery)](techniques/ssrf-server-side-request-forgery.md) — Cloud metadata, protocol smuggling, DNS rebinding
- [Server-Side Template Injection](techniques/server-side-template-injection.md) — Engine fingerprinting, Jinja2/Twig/Freemarker RCE
- [XXE Injection](techniques/xxe-injection.md) — File read, SSRF, blind/OOB extraction
- [IDOR (Insecure Direct Object Reference)](techniques/idor-insecure-direct-object-reference.md) — Horizontal/vertical escalation, UUID techniques
- [JWT Attacks and Misconfigurations](techniques/jwt-attacks-and-misconfigurations.md) — Algorithm confusion, key injection, brute force
- [File Upload Vulnerabilities](techniques/file-upload-vulnerabilities.md) — Extension/magic byte bypasses, webshells, SVG attacks
- [Race Conditions](techniques/race-conditions.md) — Turbo Intruder, HTTP/2 single-packet, financial exploitation
- [CORS Misconfigurations](techniques/cors-misconfigurations.md) — Origin reflection, null origin, subdomain trust abuse
- [Web Cache Poisoning](techniques/web-cache-poisoning.md) — Unkeyed headers, cache deception
- [Password Reset Abuse](techniques/password-reset-abuse.md) — Token leakage, host header injection, email parameter pollution
- [Mass Assignment Vulnerabilities](techniques/mass-assignment-vulnerabilities.md) — Role injection, price manipulation
- [Client-Side Prototype Pollution](techniques/prototype-pollution-client-side.md) — Source-gadget model, DOM XSS via PP
- [Server-Side Parameter Pollution](techniques/prototype-pollution-server-side.md) — Query string and REST path injection
- [JSON Deserialization RCE](techniques/json-deserialization-rce.md) — Java, Python, Node, PHP, .NET gadget chains
- [WordPress Hacking Methodology](techniques/wordpress-hacking.md) — XML-RPC, REST API, plugin/theme exploitation
- [Spring Boot Actuator Exploitation](techniques/spring-boot-actuator-exploitation.md) — Heap dump, env, gateway route injection
- [Open Redirect](techniques/open-redirect.md) — Filter bypasses, OAuth/phishing/SSRF chaining

### 🔄 [scenarios/](scenarios/)
10 step-by-step attack workflows with decision trees:
- [SQL Injection Testing](scenarios/sql-injection-testing-workflow.md)
- [File Upload to RCE](scenarios/file-upload-to-rce-workflow.md)
- [IDOR Discovery and Escalation](scenarios/idor-discovery-and-escalation-workflow.md)
- [SSTI Detection and Exploitation](scenarios/ssti-detection-and-exploitation-workflow.md)
- [JWT Authentication Bypass](scenarios/jwt-authentication-bypass-workflow.md)
- [Race Condition Exploitation](scenarios/race-condition-exploitation-workflow.md)
- [Reflected XSS Testing](scenarios/reflected-xss-testing-workflow.md)
- [SSRF via XML-RPC Pingback](scenarios/ssrf-via-xmlrpc-pingback-workflow.md)
- [Logic Flaw: Unauthorized Checkout](scenarios/logic-flaw-unauthorized-checkout-workflow.md)
- [Spring Boot Actuator to Cloud Compromise](scenarios/spring-boot-actuator-to-cloud-compromise-workflow.md)

### 📖 [case-studies/](case-studies/)
Real findings and APT simulations — fully anonymized:
- [SSRF via WordPress XML-RPC](case-studies/case-study-ssrf-xmlrpc-wordpress.md) — Real bug bounty finding
- [Checkout Password Leak](case-studies/case-study-checkout-password-leak.md) — Client-side auth bypass
- [WordPress REST API Enumeration](case-studies/case-study-recon-wordpress-api-enumeration.md) — API surface mapping
- [SSTI to Database Access (CTF)](case-studies/case-study-ssti-rce-ctf.md) — Flask/Jinja2 exploitation
- [XXE File Read (CTF)](case-studies/case-study-xxe-ctf.md) — Firmware update XML injection
- [DNS Zone Transfer & S3 Bucket (CTF)](case-studies/case-study-dns-zone-transfer-s3-ctf.md) — Infrastructure misconfig
- [Spring Boot Actuator — VW Breach Simulation](case-studies/case-study-spring-boot-actuator-volkswagen.md) — Heap dump → AWS → Secrets Manager
- [MFA Bypass via AiTM — Star Blizzard APT](case-studies/case-study-aitm-mfa-bypass-star-blizzard.md) — Russian APT session cookie theft

### 🌐 [web-vulnerabilities/](web-vulnerabilities/)
Index pages grouping related content:
- [XSS](web-vulnerabilities/xss.md) · [SSRF](web-vulnerabilities/ssrf.md) · [Auth & Session Issues](web-vulnerabilities/auth-and-session-issues.md)
- [Injection](web-vulnerabilities/injection.md) · [Access Control & Logic](web-vulnerabilities/access-control-and-business-logic.md) · [File Upload & Deserialization](web-vulnerabilities/file-upload-and-deserialization.md)

### 🛠️ [tools/](tools/)
- [Recon Tools](tools/recon-tools.md) · [Forensics Tools](tools/forensics-tools.md) · [Wordlists & Payloads](tools/wordlists-and-payload-lists.md) · [Google Dorking (90+ dorks)](tools/google-dorking.md)

### 🔍 [forensics/](forensics/)
- [Forensics Workflow](forensics/forensics-workflow.md) · [JPEG Forensics](forensics/image-forensics-jpeg.md) · [PNG Forensics](forensics/image-forensics-png.md)

---

## 🗺️ How to Navigate

### If you're new here
```
Start here ──→ methodology/web-recon-methodology.md
          ──→ methodology/bug-bounty-playbook.md
          ──→ Pick any technique ──→ Read matching scenario ──→ Study the case study
```

### If you're mid-assessment
```
Find the vuln type ──→ techniques/{vuln}.md (detection + payloads)
Follow the workflow ──→ scenarios/{vuln}-workflow.md (step-by-step)
Copy payloads from ──→ tools/wordlists-and-payload-lists.md
```

### If you're solving a CTF
```
Web challenge ──→ techniques/ + scenarios/ (exploitation)
Forensics    ──→ forensics/forensics-workflow.md (analysis order)
Stego        ──→ forensics/image-forensics-*.md (JPEG/PNG specific)
Cloud        ──→ case-studies/ (AWS, Spring Boot, metadata)
```

---

## ⚠️ Disclaimer

All case studies are **fully anonymized** — real target domains, IPs, credentials, and personally identifiable information have been removed or replaced with placeholders. This repository is intended for **educational purposes** and **ethical security research** only. Always obtain proper authorization before testing any system.

## 🤝 Contributing

Contributions are welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on adding new techniques, case studies, or improving existing content.

## 📄 License

This project is licensed under the **MIT License** — see [LICENSE](LICENSE) for details.

  تم التطوير بواسطة كريم محمد
  إسكندرية، مصر 🇪🇬



---