PentesterLab
@PentesterLab
Followers
186K
Following
12K
Media
272
Statuses
11K
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
Melbourne, Victoria
Joined December 2011
๐ฅ๐น 4 new Go Code Review Labs just dropped! ๐น๐ฅ. Read the code, peek at the diff, find the bug. Sharpen your skills:
0
2
45
RT @snyff: The biggest shift in AppSec with AI?.Dev work looks more like code review. Theyโre reviewing AI output, not writing every line.โฆ.
0
2
0
Doing an internal pentest in an unpatched Windows environment.
3
34
268
๐ New month = new FREE labs!. Tackle 3 bite-size Python code-review snippets and level up your bug-spotting skills. Dive in now โ . ๐๐ #Python #CodeReview.
0
0
18
And it's live!
Another CVE we came across this week as part of our CVE-analysis routine. The impact is probably limited, but the vulnerability is a classic example of parser differential. To give you a bit of background, the file .netrc is used to store credentials. It's mostly used by FTP
1
3
36
Another CVE we came across this week as part of our CVE-analysis routine. The impact is probably limited, but the vulnerability is a classic example of parser differential. To give you a bit of background, the file .netrc is used to store credentials. It's mostly used by FTP
1
2
30
๐๐๐ฏ๐๐๐๐ซ๐ข๐ฉ๐ญ: ๐๐๐๐๐ฎ๐ฌ๐ ๐ข๐ญ ๐ฅ๐ข๐ญ๐๐ซ๐๐ฅ๐ฅ๐ฒ ๐๐๐งโ๐ญ ๐๐ฏ๐๐ง.
0
4
20
๐๐๐ฏ๐๐๐๐ซ๐ข๐ฉ๐ญ: ๐๐๐๐๐ฎ๐ฌ๐ ๐๐จ๐ฆ๐ฆ๐จ๐ง ๐ฌ๐๐ง๐ฌ๐ ๐ข๐ฌ ๐จ๐ฏ๐๐ซ๐ซ๐๐ญ๐๐โฆ
2
5
43
๐ Added 3 brand-new Go code-review labs to our Golang Code Review badge! . Sharpen your eye for subtle bugs and level up your AppSec skills. Dive in here .๐ #golang #appsec #codereview.
1
4
34
Go parsers, Funky Chunks, Template injections. What a week!. ๐ฆ ๐น.๐ฃ๐ด ๐ก๏ธ.
0
6
53
Reviewing CVEs can feel dull, but reading patches is a great way to sharpen your code-review training. Todayโs gem (see screenshot ๐): a cookie-signature check that shouted:. INVALID SIGNATURE. THE VALID SIGNATURE IS โฆ. It leaked the valid signature ๐คฆโโ๏ธ. One-line fix: stop
1
1
44
0
3
0
RT @arkh4ck: I just completed @Pentesterlab's HTTP Badge!!! .Great learning on HTTP requests, headers, methods.
0
1
0
RT @BugBountyDEFCON: We're excited to welcome @Pentesterlab as an In-Kind Sponsor of the Bug Bounty Village at DEF CON 33. Their support heโฆ.
0
4
0
PentesterLab has the largest collection of hands-on JWT labs. We cover algorithm confusion, jku, kid, x5u and so much more. We also research new attack techniques and review JWT-related CVEs. Here is a great one we came across today.
1
10
71
0
1
0