← LibraryTechnique entry
W-JWT-JKUCredential Access
JWT — jku / x5u Header Abuse
jku / x5u points to an attacker-controlled URL serving the public key matching your forged signature.
§ Where this technique fits
W-JWT-JKU is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.