Cheatsheets - LogicalBreach Academy

How to bypass Cloudflare restrictions using Burp Suite

Bypassing Cloudflare WAF during security assessments involves handling headers, TLS fingerprinting, IP reputation, and JS challenges; however, the most effective approach is IP whitelisting, with tools like mitmproxy and custom TLS setups covering most remaining cases.

misesop375

25

Mar 17, 2026

OtherFREE

Automated Pentesting with Claude AI

Claude is effective at automated discovery and structured testing, but has notable blind spots; its ability to recognize what it missed adds value.

SSL/TLS certificates Cheatsheet

Learn how to use sslscan to identify weak encryption configurations, deprecated SSL/TLS protocols, and potential security issues during web security assessments.

heroxo9868

28

Mar 14, 2026

Cross-site Scripting (XSS) - Generic (CWE-79)FREE

XSS (Cross-Site Scripting) Cheatsheet

Master Cross-Site Scripting (XSS), including injection techniques, common attack vectors, WAF evasion methods, and advanced Content Security Policy (CSP) bypass techniques.

heroxo9868

34

Mar 14, 2026

SQL Injection (CWE-89)FREE

SQLi (SQL Injection) Cheatsheet

Learn the fundamentals of SQL injection, including common exploitation techniques, WAF evasion methods, and essential payloads used during security testing and bug bounty hunting.

heroxo9868

21

Mar 14, 2026

XML External Entities (XXE) (CWE-611)FREE

XXE (XML External Entity) Cheatsheet

This cheatsheet provides a quick reference for exploiting and testing XML External Entity (XXE) vulnerabilities. It includes common payloads, techniques for file disclosure, SSRF, blind XXE exploitation, out-of-band exfiltration, and typical XML structures used during testing. It is intended as a practical guide to quickly identify and exploit XXE in different scenarios and parser configurations.

Bug Bounty Cheatsheet

A collection of bug bounty and security testing resources covering common web vulnerabilities, exploitation techniques, reconnaissance methods, and security tools. It includes guides, real-world write-ups, checklists, and tools for testing issues like XSS, SQL injection, SSRF, file uploads, authentication bypasses, cloud misconfigurations, and subdomain enumeration.

heroxo9868

23

Mar 14, 2026

Cross-site Scripting (XSS) - Generic (CWE-79)FREE

Cross-Site Scripting (XSS) Cheat Sheet

This cheat sheet covers: - Reflected XSS: Payloads reflected in the immediate response. - Stored XSS: Payloads persisted in the database. - DOM-based XSS: Payloads executed via client-side JavaScript. - Framework-specific XSS: Exploiting template engines like AngularJS. - Bypass Techniques: WAF evasion and encoding.

pyus3r

58

Mar 7, 2026

HTTP Request Smuggling (CWE-444)FREE

HTTP Request Smuggling Cheat Sheet

HTTP Request Smuggling is an interference vulnerability that occurs when a front-end server and a back-end server disagree on the boundaries of HTTP requests. By manipulating the Content-Length (CL) and Transfer-Encoding (TE) headers, or exploiting HTTP/2 downgrades, an attacker can smuggle hidden requests.

pyus3r

24

Mar 4, 2026

Improper Neutralization of Input Used for LLM Prompting (CWE-1427)FREE

LLM Prompt Injection & Jailbreaking Cheat Sheet

Prompt Injection is a vulnerability where an attacker manipulates an LLM's output by crafting malicious inputs that override its original system instructions

BSCP Exam RoadMap

A guide to completing the BSCP in the fastest and simplest way possible.

pyus3r

34

Mar 4, 2026