PentesterLab

Wrote something today about tracking while doing manual security code review. We all review code… but very rarely do we track what was actually reviewed, what is pending, and what was marked as vulnerability. Over time, things get blurry. So I started using simple markers and even line highlights directly inside the editor to tag files, folders, and specific lines as secure, pending, needs review, important, suspicious, etc. You see instantly what needs attention instead of just guessing. It’s not a fancy method but it makes manual review way more structured and clearer. This idea actually clicked for me during web security code review training from PentesterLab #securecodereview #appsec #pentesterlab https://lnkd.in/gZCsYpuj

Uma das coisas que tenho feito ultimamente é investir horas e horas estudando teoria e prática e hoje decidi fazer os labs de Recon (free) da PentesterLab, e de fato foi gratificante, por mais que seja básico, relembrei algumas coisas e testei algumas novas práticas. Acredito que independente do nível, o importante é validar, revalidar, testar e retestar. Seguimos em frente por mais um dia :)

🚀 Excited to share that I’ve successfully completed the Recon Badge from PentesterLab! This certification strengthened my understanding of the reconnaissance phase in penetration testing — including: • Directory & virtual host discovery • DNS enumeration • Host brute-forcing • Information extraction from Git repositories • Structured attack surface mapping Recon is not just “information gathering.” It’s strategic intelligence. The quality of recon directly determines the success of exploitation. This journey sharpened my mindset: Think deeper. Enumerate harder. Assume nothing. Verify everything. Next focus: Advanced attack surface mapping & vulnerability chaining. If you're into Web Security, Bug Bounty, or Red Teaming — let’s connect and grow together. 💻🔥 #CyberSecurity #WebSecurity #Pentesting #Pentester #EthicalHacking #InfoSec #ApplicationSecurity #AppSec #BugBounty #BugBountyHunter #RedTeam #BlueTeam #SOC #SecurityResearch #OffensiveSecurity #HTTP #Networking #OWASP #LearningInPublic #ContinuousLearning #HandsOnLearning #CyberCareer #TechCommunity #SecurityEngineer #CyberJourney #TryHarder #PentesterLab #Reconnaissance #InfosecCommunity

A long overdue blog post on GCM tag truncation: https://lnkd.in/gTAMW8ZF

New PentesterLab exercise is live: JWT: Invalid Algorithm https://lnkd.in/g6KSmYur It’s based on a real bypass pattern we (💻 Louis Nyffenegger) recently discovered (unknown/unsupported alg handling): https://lnkd.in/gczjAjQU If you do AppSec, code review, or maintain auth code, this is a practical one to add to your toolkit.

Recently attended a live hacking session led by the HackerOne Ambassador for Lebanon Hasan Sheet, in collaboration with Semicolon Security. Following the session, I received PentesterLab Pro subscription and the “Real-World Bug Hunting: A Field Guide to Web Hacking” eBook by Peter Yaworski. Big thanks to the organizers for creating opportunities to grow the local security community! #BugBounty #WebSecurity #CyberSecurity #EthicalHacking #Pentesting #InfoSec #HackerOne #HandsOnLearning #BugHunting

🚀 Achievement Unlocked – PentesterLab HTTP Badge 🔐 I’m excited to share that I have successfully completed the HTTP Badge on PentesterLab and earned my certificate! This badge demonstrates the ability to: ✔ Forge complex HTTP requests ✔ Work deeply with request/response structures ✔ Use curl effectively for manual testing ✔ Understand headers, methods, content types, and JSON payload handling ✔ Build scripts to automate HTTP interactions Through these labs, I strengthened my understanding of how web applications communicate at the protocol level — which is fundamental for Web Penetration Testing and Bug Bounty hunting. Mastering HTTP is not optional in cybersecurity — it’s the foundation. Every vulnerability exploitation starts with understanding how requests are crafted and processed. On to the next challenge. 💪🔥 #CyberSecurity #WebSecurity #Pentesting #Pentester #EthicalHacking #InfoSec #ApplicationSecurity #AppSec #BugBounty #BugBountyHunter #RedTeam #BlueTeam #SOC #SecurityResearch #OffensiveSecurity #HTTP #Networking #OWASP #LearningInPublic #ContinuousLearning #HandsOnLearning #CyberCareer #TechCommunity #SecurityEngineer #CyberJourney #TryHarder #PentesterLab #HTTP

𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟲, 𝟮𝟬𝟮𝟲 Busy week! AI, AI, AI and the death of Flash! 🤖 𝗦𝗲𝗺𝗴𝗿𝗲𝗽'𝘀 𝗔𝗴𝗲𝗻𝘁 𝗦𝗸𝗶𝗹𝗹𝘀 Semgrep released a set of agent skills worth looking into: https://lnkd.in/gv_7C2Gj. 🤿 𝗦𝗵𝗮𝗸𝗶𝗻𝗴 𝘁𝗵𝗲 𝗠𝗖𝗣 𝗧𝗿𝗲𝗲: 𝗔 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗗𝗲𝗲𝗽 𝗗𝗶𝘃𝗲 You may think "just another MCP bug" but this post is actually worth reading: https://lnkd.in/gxdMdCzP. 🤖 𝗘𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗺𝗶𝘁𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗴𝗿𝗼𝘄𝗶𝗻𝗴 𝗿𝗶𝘀𝗸 𝗼𝗳 𝗟𝗟𝗠-𝗱𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗲𝗱 𝟬-𝗱𝗮𝘆𝘀 This section resumes it: "Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models": https://lnkd.in/d7D2UBSN. ♦️ 𝗖𝗼 -𝗥𝗲𝗱𝗧𝗲𝗮𝗺: 𝗢𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗲𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝘆 𝗮𝗻𝗱 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝘄𝗶𝘁𝗵 𝗟𝗟𝗠 𝗔𝗴𝗲𝗻𝘁𝘀 If you are working on a "LLM based hacker", you are going to want to read this: https://lnkd.in/g3M4CTNs. 🚨 𝗔𝗻 𝗶𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗟𝗟𝗠 𝗿𝗲𝗱 𝘁𝗲𝗮𝗺𝗶𝗻𝗴 Promptfoo is a neat tool to add to your red teaming arsenal: https://lnkd.in/giPPipF4. 🛠️ 𝗦𝗰𝗮𝗹𝗮𝗯𝗹𝗲 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝘁𝗼𝗼𝗹𝗶𝗻𝗴 𝗳𝗼𝗿 𝗮𝗴𝗲𝗻𝘁 𝘀𝘆𝘀𝘁𝗲𝗺𝘀 A great post on how to scale tooling for agent: https://lnkd.in/ge8AHCEN. 🦝 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗶𝗻𝗴 𝗡𝗲𝗴𝗮𝘁𝗶𝘃𝗲-𝗗𝗮𝘆𝘀 𝘄𝗶𝘁𝗵 𝗟𝗟𝗠 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀 That's something I toyed with in 2012 (Monitoring repositories for Fun and Profit - Ruxcon 2012), I used basic rules at the time. Obviously, having LLMs is a game changer for this kind of workload: https://lnkd.in/gTucXh7P. ⚡️ 𝗪𝗵𝗮𝘁 𝗥𝗲𝗮𝗹𝗹𝘆 𝗞𝗶𝗹𝗹𝗲𝗱 𝗙𝗹𝗮𝘀𝗵 𝗣𝗹𝗮𝘆𝗲𝗿: 𝗔 𝗦𝗶𝘅-𝗬𝗲𝗮𝗿 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗼𝗳 𝗗𝗲𝗹𝗶𝗯𝗲𝗿𝗮𝘁𝗲 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗪𝗼𝗿𝗸 The story of the death of Adobe Flash, a must-read for AppSec practitioners. https://lnkd.in/gb7s6TjW.

Who has a logo that looks like a ✏️, awesome training content and will visit a few conferences and meetups in Europe during spring?