F4l13n5n0w

“This course details all you need to know to start doing web penetration testing. PentesterLab tried to put together the basics of web testing and a summary of the most common vulnerabilities with the LiveCD to test them.” – PentesterLab

Due to this is quite a long course, I have to divide the course into several parts and this one is focus on Cross Site Script attack which is well known as XSS. More information and ISO download please check here. The official course is highly recommanded to read.

Difficulty: 1 / 5

This is an upgraded version from previous course “From SQL Injection to Shell” which is talking about how to exploit basic error-based SQL injection vulnerability, in this course “From SQL Injection to Shell II”, more advanced techniques will be used to exploit complicated Blind-SQL injection vulnerability.

More information and ISO download please check here. The official course is highly recommended to read, which explains how the vulnerabilities happened and the ways to exploit.

Difficulty: 3 / 5

This is an exercise from PentesterLab to reproduce & demonstrate how to exploit XSS and SQL injection vulnerabilities. More information and ISO download please check here. The official course is highly recommended to read, which explains how the vulnerabilities happened and the ways to exploit.

Difficulty: 3 / 5

This is an exercise from PentesterLab to reproduce & demonstrate how to exploit XSS and SQL injection vulnerabilities. More information and ISO download please check here. The official course is highly recommended to read, which explains how the vulnerabilities happened and the ways to exploit.

Difficulty: 2 / 5

This is an exercise from PentesterLab to reproduce & demonstrate how to exploit CVE-2014-6271 [Shellshock] vulnerability. More information and ISO download please check here. The official course is highly recommended to read, which explains how the bug works and the ways to exploit it for different purposes.

Difficulty: 1 / 5

“120天的旅程即将结束，以一场历时24小时没有选择题的考试，收获屠龙路上第一座里程碑。…” 这是我通过OSCP认证考试时，第一时间的感受。自豪和欣喜之情不亚于2008年我拿下CCIE R&S的时候。 关于 PWK (Pentesting with Kali Linux) 和OSCP (Offensive Security Certified Professional)，我想很多人会觉着陌生。但说起Offensive Security，BackTrack，Kali，NetHunter和Metasploit，圈里的朋友应该就熟悉多了。