Sign in Get started

Tagged in

Hacking

PentesterLab

We make learning Web Hacking easier! We have been teaching web security for years and put together well thought-out exercises to get you from zero to hero. Our exercises cover everything from really basic bugs to advanced vulnerabilities.

More information

Followers

1.6K

Elsewhere

More, on Medium

Hacking

PentesterLab in PentesterLab

Embrace the suck!

Embrace the Suck!

When handling customer support for PentesterLab, we often get emails from people who can’t solve a challenge:

“… I have been working on this challenge for the past 3 days and I really can’t get it to work.”

PentesterLab in PentesterLab

Beating the code review plateaux

In every field, people eventually hit plateaux in their progression. Security code review is no…

PentesterLab in PentesterLab

Exploring Algorithm Confusion Attacks on JWT: Exploiting ECDSA

JSON Web Tokens (JWT) are widely used for authentication in modern applications. As their use increases, so does the importance of understanding common attacks against them, such as algorithm confusion attacks. For a long…

PentesterLab in PentesterLab

How to start reviewing code?

Too often (me included), savvy code reviewers recommend to get started into code review by “Just reading…

PentesterLab in PentesterLab

/i considered harmful

After reading this blog post on a bug in Github and Unicode, I started playing more and more with Unicode (even bought two domains).

Recently, I had a Eureka moment while camping and started wondering: “what was the impact of those uppercase and lowercase…

PentesterLab in PentesterLab

CVE-2019–5418: on WAF bypass and caching

If you follow PentesterLab on Twitter, you probably saw the following tweet:

PentesterLab in PentesterLab

CVE-2019–5420 and defence-in-depth

In this short article, I’m going to discuss a little bit on the exploitability of CVE-2019–5420.

PentesterLab in PentesterLab

Interview with a PRO user: Pamela O’Shea

Tell me a bit more about yourself? Current occupation…

PentesterLab in PentesterLab

Should I go to university?

One of the questions I often get asked is whether or not I recommend going to university/engineering school/… or…

PentesterLab in PentesterLab

NullCon HackIM 2018 web4 — The fast way?

The HackIM 2018/NullCon CTF just wrapped up. PentesterLab wrote 3 challenges for this CTF:

“JWT V” (web4) worth 200 points
“JWT VI” worth 400 points
“CBC-MAC” worth 200 points