PentesterLab
@PentesterLab
Followers
190K
Following
12K
Media
291
Statuses
11K
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
Melbourne, Victoria
Joined December 2011
๐ฅ๐น 4 new Go Code Review Labs just dropped! ๐น๐ฅ. Read the code, peek at the diff, find the bug. Sharpen your skills:
pentesterlab.com
The Golang Code Review Badge is our badge dedicated to code review in Golang. It covers the discovery of weaknesses and vulnerabilities using source code review.
2
5
57
๐ We just released 3 new labs as part of our Python Code Review Badge!. These labs walk you through real vulnerabilities: youโll spot the issue in the code and then review the patch that fixed it. Start practicing now:
pentesterlab.com
The Python Code Review Badge is our badge dedicated to code review in Python. It covers the discovery of weaknesses and vulnerabilities using source code review.
2
4
32
If you work at GitHub, you should study every security issue published by GitLab!. They are Security Twins: same language, same framework, same features, same risks. Learn how to apply this mindset to your own app:.
0
3
15
Dupes in bug bounty are like stalemates in chess โ๏ธ. Disappointing but a good sign that you're getting better.
7
10
76
2 new labs + 2 new videos added to our Golang Code Review Badge ๐. Level up your Go security code review skills:.๐
pentesterlab.com
The Golang Code Review Badge is our badge dedicated to code review in Golang. It covers the discovery of weaknesses and vulnerabilities using source code review.
0
3
17
Which upset are we most likely to see in Week 1 of the NFL season?.
34
9
39
One company kept coming up again & again in Code Review Badge celebrations: @fluidattacks ๐. Every tester goes through @PentesterLab training before onboarding. Why?.โก๏ธ It builds real-world code review skills.โก๏ธ Helps find issues tools miss.โก๏ธ Becomes a strength, not a struggle.
1
0
12
Stop everything youโre doing! Phrack is out!. ๐ฐ ๐ ๐ฒ ๐ ๐ป ๐
medium.com
CVE ID: CVE-2025โ50817 ย Affected Software: python-future 1.0.0 ย Vulnerability Type: Arbitrary Code Execution, DLL Side-Loading, Supplyโฆ
1
12
56
โI didnโt blow, theyโve got nothing.โ.Sir, they also have the car in the ditch.
0
0
10
RT @joernchen: Today I have a more serious topic than usual, please consider reposting for reach:. My wife and I are urgently looking for aโฆ.
0
111
0
๐๐๐ฐ ๐๐๐ง๐ญ๐๐ฌ๐ญ๐๐ซ๐๐๐ ๐๐ฑ๐๐ซ๐๐ข๐ฌ๐: ๐๐๐ ๐๐๐ ๐๐ซ๐ฎ๐ง๐๐๐ญ๐ข๐จ๐ง โก๏ธ. Break AES-GCM when apps donโt enforce full tag length: truncate the tag, brute-force it, and escalate to admin. ๐
pentesterlab.com
This challenge covers the exploitation of tag truncation on GCM
0
1
20
RT @tHe_h0oK: I just completed @Pentesterlab's Unix Badge. Itโs called Unix, but it had a lot of permission-related stuff, SO fun.
0
1
0
4 new videos for the API Badge ๐ฏ. ๐ก GraphQL authorisation flaws.โ ๏ธ Mass assignment bugs. Learn how to find & exploit them: #AppSec #Pentesting #APIsecurity #GraphQL #MassAssignment.
pentesterlab.com
The API badge is our set of exercises created to help you learn API testing. The first few challenges are based on challenges you already solved to get you more confident with API testing and review...
0
11
31
PHP 8 should be nicknamed Raid (or Mortein)โฆ itโs killed so many bugs.
2
2
25
Articles worth reading discovered last week: . AI, FileJacking and analysing CVE-2025-54366!. ๐ค ๐ง ๐ ๐
print3m.github.io
FileJacking โ Malware Initial Access technique with File System API. Backdoor files, read / write folders directly from the browser โ no downloads.
1
15
74
Happy 10st of August for those who celebrates!. On August 10, 1988, 11-year-old Dade "Zero Cool" Murphy crashes 1,507 computer systems, causing a seven-point drop in the New York Stock Exchange.
3
7
66
๐ธ๐ฃ๐ฅ๐๐ฆ๐ฃ โ๐ ๐๐ค @ ๐ป๐๐๐๐๐ ๐๐๐๐
12 hours
Discovered a great new song thatโs been on repeat all day.
0
0
1