Jan 27 · 4 min read · Entering cybersecurity today can feel overwhelming. Newcomers are often torn between formal certifications focused on theory (like the ISC2 Certified in Cybersecurity – CC) and hands-on platforms such as TryHackMe and PortSwigger Web Security Academy...
Join discussion
Dec 12, 2025 · 7 min read · Cross-Site Scripting (XSS) remains one of the most deceptive and flexible web vulnerabilities because it blurs the line between user input and executable code. A single unchecked text field can allow an attacker to rewrite what a user sees, steal inf...
Join discussion
Sep 5, 2025 · 17 min read · Hi everyone, this doc is gonna be loooong so you might need to grab some coffee In penetration testing, speed can make all the difference (as soon as you’re not getting caught). The faster your scripts can send requests, gather responses, and process...
Join discussion
Aug 16, 2025 · 2 min read · Our target is to exploit a hypothetical web application, simulating real-world scenarios. To demonstrate HTTP/2 request splitting, we will follow a step-by-step solution provided by the lab: Setup with Burp Suite: Start by sending a request for GET ...
Join discussion
Aug 10, 2025 · 3 min read · There was a time when I thought the best play was to touch everything.One day I’d poke at XSS, the next day IDOR, maybe SSRF if I was in the mood.It felt like I was moving fast — learning “a bit of everything” — but in reality, I was skimming the sur...
Join discussion
Jul 23, 2025 · 5 min read · Introduction Cross-Origin Resource Sharing (CORS) vulnerabilities can take many forms, and one of the most interesting variants involves trusting the "null" origin. In this article, we'll explore the PortSwigger Web Security Academy lab "CORS vulnera...
Join discussion
Jul 23, 2025 · 4 min read · Introduction Cross-Origin Resource Sharing (CORS) vulnerabilities represent a significant security risk when misconfigured. In this walkthrough, we'll explore PortSwigger's "CORS vulnerability with basic origin reflection" lab, demonstrating how impr...
Join discussion
Jul 11, 2025 · 4 min read · Strap in and get prepared for takeoff! The Aviator game on Spinmatch isn’t just a game; it’s a thrilling experience. One minute you're on cloud 9, and the next, you're regretting not cashing out. But don’t worry. That happens to all people at some t...
Join discussion
May 24, 2025 · 2 min read · Introduction Today, I'm sharing my hands-on adventure through a real-world lab from PortSwigger's Web Security Academy, where I successfully exploited a Path Traversal vulnerability to read the sensitive /etc/passwd file. If you've ever wondered how ...
Join discussion
