🤖 AI threats in the wild: The current state of prompt injections on the web • 🪟 Persistence Atlas: 19 Techniques Nobody Talks About • 😳 Securing GitHub: Wiz Research uncovers RCE in GitHub.com
In this blog post, we are going to cover a strategy to help you get a job as a pentester or ...
Too often (me included), savvy code reviewers recommend to get started into code review by “Just reading code” and that is ...
I recently found a small issue in some TLS clients. More precisely, it is more of a difference between what happens ...
After reading this blog post on a bug in Github and Unicode, I started playing more and more with Unicode (even ...
Every week, our twitter account @PentesterLab publishes a list of articles worth-reading. This is the list of all the articles for ...
For a long time, I have been looking at solving a simple problem: be more efficient when scaling vulnerability research/bug hunting. ...
When building a Capture-The-Flag (for a conference), you need to have a good mix of very easy challenges and very hard ...
One of the common advice when trying to improve security at scale is to invest in QA. In this article, we ...
Since it’s something I’m really passionate about, I have decided to spend more time writing about application security at scale. Today ...
If you follow PentesterLab on Twitter, you probably saw the following tweet: Want to bypass WAF when exploiting CVE-2019-5418 ? curl ...
In this short article, I’m going to discuss a little bit on the exploitability of CVE-2019–5420. Ruby-on-Rails offers three different environments ...
Tell me a bit more about yourself? Current occupation? Aspirations? Twitter? I run my own security business called Shea Information Security ...