If you're pentesting Java backends behind a WAF and your SQLi, deserialization, or path traversal payloads keep getting blocked, this teaches Claude the Ghost Bits primitive: exploiting how Java silently drops the high 8 bits when casting a 16-bit char to an 8-bit byte. The WAF sees harmless Unicode like 陪 or 阮, but the backend reconstructs dangerous ASCII like 'j' or '.'. It covers the three root cause families (literal truncation, bit-arithmetic folding, lax normalization), includes a character generator for building 255 candidates per target byte, and routes you to the right deserialization or smuggling playbook once the bypass works. Comes with a full payload cookbook covering Tomcat, Spring, Jetty, Jackson, Fastjson, and a dozen other affected components. This is a bypass technique, not a standalone vuln, so think of it as a force multiplier for attacks you already know.
npx skills add https://github.com/yaklang/hack-skills --skill ghost-bits-cast-attack