Skip to content

feat: add 6 web app pentesting skill knowledge distillations#16

Merged
GangGreenTemperTatum merged 1 commit into
mainfrom
eng-6872-distill-web-app-pentesting-skill-knowledge
May 18, 2026
Merged

feat: add 6 web app pentesting skill knowledge distillations#16
GangGreenTemperTatum merged 1 commit into
mainfrom
eng-6872-distill-web-app-pentesting-skill-knowledge

Conversation

@GangGreenTemperTatum
Copy link
Copy Markdown
Contributor

@GangGreenTemperTatum GangGreenTemperTatum commented May 18, 2026
edited
Loading

Novel attack technique playbooks from hacktricks-skills research, filtered for content not already in training data:

  • h2c-websocket-smuggling: H2C upgrade + WebSocket tunnel proxy bypass with proxy vulnerability matrix (HAProxy/Traefik inherently vuln)
  • timing-attack-recon: Hidden param/header/scoped SSRF discovery via server-side timing differentials (Kettle 2023)
  • http-connection-contamination: HTTP/2+ connection coalescing misroute across subdomains with wildcard TLS certs (Kettle)
  • xslt-injection: Processor fingerprint → file read → SSRF → RCE escalation ladder with capability matrix by XSLT version
  • esi-injection: ESI/SSI tag injection with software capability matrix (Squid/Akamai no whitelist), ESI+XSLT=XXE chain
  • grpc-web-pentest: JSON transcoder auth bypass, protobuf field injection, Envoy header injection

@GangGreenTemperTatum @claude
Add 6 web app pentesting skill knowledge distillations
7b5f854 
Novel attack technique playbooks distilled from hacktricks-skills
research, filtered for content not already in training data:

- h2c-websocket-smuggling: H2C upgrade + WebSocket tunnel proxy bypass
  with proxy vulnerability matrix (HAProxy/Traefik inherently vuln)
- timing-attack-recon: Hidden param/header/scoped SSRF discovery via
  server-side timing differentials (Kettle 2023)
- http-connection-contamination: HTTP/2+ connection coalescing misroute
  across subdomains with wildcard TLS certs (Kettle)
- xslt-injection: Processor fingerprint → file read → SSRF → RCE
  escalation ladder with capability matrix by XSLT version
- esi-injection: ESI/SSI tag injection with software capability matrix
  (Squid/Akamai no whitelist), ESI+XSLT=XXE chain
- grpc-web-pentest: JSON transcoder auth bypass, protobuf field
  injection, Envoy header injection

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@GangGreenTemperTatum GangGreenTemperTatum changed the title Add 6 web app pentesting skill knowledge distillations feat: add 6 web app pentesting skill knowledge distillations May 18, 2026
@GangGreenTemperTatum GangGreenTemperTatum merged commit a58cad1 into main May 18, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GangGreenTemperTatum