Category

Pentest

10 publications

SQL Injection in Practice: Exploiting, Detecting and Mitigating in a Controlled Lab

Hands-on SQLi demo with sqlmap in your own lab, focused on defensive detection and parameterized fixes that actually hold up against production traffic.

Read →

Web Pentesting From Scratch: Building a Safe Lab with DVWA, Juice Shop and Burp Suite

Hands-on guide to building an isolated web pentest lab with DVWA, Juice Shop and Burp Suite configured under clear legal and safety rules.

Read →

Exploring File Upload Vulnerabilities Without Breaking the Law

How to bypass upload validations in your own lab, map the bug classes, and harden webservers against RCE via malicious file.

Read →

SSRF Demystified: Exploiting Cloud Metadata in a Local AWS Lab

Ethical SSRF reproduction against IMDS using LocalStack, with real payloads, simulated credential theft and definitive mitigation via IMDSv2.

Read →

Red Team 101: How Pentests Differ from Real Adversarial Operations

A pentest is not a red team. Learn scope, ROE, objectives, and why ethical discipline defines whether an adversarial engagement actually delivers value.

Read →

REST and GraphQL API Pentest: Technical Checklist for Legal Bug Bounty

Hands-on methodology for testing REST and GraphQL APIs in authorized programs, focused on IDOR, authentication bypass and malicious introspection.

Read →

Modern XSS: DOM, Stored and Reflected With Real Examples in a Test Lab

Three XSS flavors dissected in a sandbox with payloads, exploitation flow, and mitigations via strict CSP, Trusted Types and DOMPurify sanitization.

Read →

Advanced Nmap: NSE Scripts for Internal Recon in a Simulated Corporate Lab

How to get real value out of NSE for authorized enumeration on simulated internal networks, with script examples, output parsing, and pentest pipeline integration.

Read →

Pivoting with Chisel and Ligolo-ng: Segmented Networks in a Pentest Lab

How to pivot across VLANs using Chisel and Ligolo-ng in a controlled lab, and which artifacts the blue team can capture to detect the reverse tunnel.

Read →

Android Mobile App Pentest: Frida, MobSF, and a Genymotion Lab

End-to-end setup for dynamic analysis of your own APKs using Frida, MobSF, and Genymotion, with hands-on hooks and a technical checklist.

Read →