Let's learn security

Free learning guides and code review challenges

Learning Guides →
arcan3@workstation (~/.aws/)$ aws iam list-users
@app.route("/download/<filename>", methods=["GET"])
def download(filename):
      return open("./downloads/" + filename).read()

A range of high quality learning guides covering a number of topics

Exporing And Exploiting PHP Wrappers

Web applications are often built using a combination of files, this allows developers to reuse the same code across multiple pages and reduce the impact on server resources. Each PHP application is built differently but the common factor across include vulnerabilities is the use of the include ... Continue reading

Information Piece

Identifying Cross-Site Scripting Within A Web Application

When testing for Cross-Site Scripting vulnerabilities prior permission should always be obtained, this can either be through penetration testing rules of engagement or a bug bounty program. Multiple bug bounty programs exist and enable users to test for vulnerabilities on real-world targets. Any vu... Continue reading

Information Piece

AWS Penetration Testing - Series Overview

In this series, we'll explore Amazon's approach towards users testing the security of their AWS services. We'll explore popular ways to enumerate and take advantage of various AWS services to compromise the target infrastructure further. Throughout this series some examples will be provided, any... Continue reading

Information Piece

Latest posts from the arctil blog

CorpAPI – A Vulnerable API For Testing

Wanting to improve my Python programming and API penetration testing has long been on my to-do list. Finally, with some free time on my hands, I opted to build a…

A Retrospective Look Back At Pen-200 And The OSCP Exam

So before I jump into it, I’ll first set the scene. Aside from some knowledge which I’d gained from YouTube, Google and doing hobbyist web development, I had no experience…