Since 2013, Docker has been a game changer in different IT industries in several ways, it gave both developers and users a lot of flexibility for developping and using many apps and operating syste...

Lab: Password reset poisoning via middleware To solve this lab, you have to mix different techniques seen in the previous labs of the same series in order to steal, once again, the cookie of this ...

Lab: Password reset broken logic In this lab, we’ll bypass the “Forgot password” feature to get access on Carlos’s account. On the home page, click “My account Next page, ...

This lab is in the same series than the previous article. The goal here to steal Carlos’s “stay-logged-in” cookie to steal and delete his account. Lab: Offline password cracking Click “My...

These days I daily work on Web Security Academy, the final goal is becoming a Burp Suite Certified Practitioner. The last lab I was working on is Brute-forcing a stay-logged-in cookie, which is not...

Since I’ve created this website, I didn’t write a “real” post yet. So, as a first start, I’ll talk about the new labs provided by Portswigger’s Web Security Academy few days ago: JWT Attacks). This...

Hello world ! console.log(alert("Hello world !")) This is just a test with Jekyll on Github. What is it about? This website will be about: Penetration testing Bug bounty hunting CTF