← LibraryTechnique entry
W-JWT-WEAKCredential Access
JWT — Weak HMAC Secret
HS256 with a guessable / leaked secret — crack with hashcat -m 16500 and forge tokens.
§ Where this technique fits
W-JWT-WEAK is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.