Let's learn security

Free learning guides and code review challenges

Learning Guides →
arcan3@workstation (~/.aws/)$ aws iam list-users
@app.route("/download/<filename>", methods=["GET"])
def download(filename):
      return open("./downloads/" + filename).read()

A range of high quality learning guides covering a number of topics

Reading And Writing Files Via SQL Injection

Although SQL is traditionally used to manipulate data within a database. Occasionally, it can be used to read and write system files. The ability to interact with the file system grants much further reach and can lead to further compromise. Although there are several SQL database technologies, i... Continue reading

Guide
Critical

Deserialization Vulnerabilities With Pythons Pickle Library

Deserialization vulnerabilities occur when an application deserializes a user-controlled serialized object. In Python, the native way to serialize and deserialize an object is with the Pickle library. Other libraries are also available, these include JsonPickle and Pyaml. The pickle loads() func... Continue reading

Information Piece

Exporing And Exploiting PHP Wrappers

Web applications are often built using a combination of files, this allows developers to reuse the same code across multiple pages and reduce the impact on server resources. Each PHP application is built differently but the common factor across include vulnerabilities is the use of the include ... Continue reading

Information Piece

Latest posts from the arctil blog

CorpAPI – A Vulnerable API For Testing

Wanting to improve my Python programming and API penetration testing has long been on my to-do list. Finally, with some free time on my hands, I opted to build a…

A Retrospective Look Back At Pen-200 And The OSCP Exam

So before I jump into it, I’ll first set the scene. Aside from some knowledge which I’d gained from YouTube, Google and doing hobbyist web development, I had no experience…