PentesterLab

💥🐹 4 new Go Code Review Labs just dropped! 🐹💥 Read the code, peek at the diff, find the bug. Sharpen your skills: pentesterlab.com/badges/golang-…

Back in the day I used to do code reviews to actually learn stuff… now I’m just doing them like quick little brain teasers 😄 Big shoutout to @PentesterLab for keeping my puzzle game strong.

I just completed @Pentesterlab's Golang Code Review Badge!!!

I just completed @Pentesterlab's Essential Badge!!!

I spent last week, this week-end and the start of this week working on a redesign of @PentesterLab 's website. Aiming for something a bit more modern... Let me know what you think!

"Users can log in with any password". Some of the best bugs make zero sense until you look into the code! Great writeup.

@AhmedMo15851348 خبرتك في ال web dev هتوفر عليك وقت كبير ال ejpt بداية كويسه لو حابب تسرع الدنيا ممكن تشترك في @PentesterLab لو تقدر هيختصر عليك وقت أكبر

💥 Another 3 new JS code review lab: pentesterlab.com/badges/javascr…

A commit meant to "strengthen the crypto" in FreshRSS ended up removing the need for a correct password. Why? Longer SHA-256 nonce + bcrypt truncation at 72 bytes. A nice example of why secure systems are about composition, not just stronger primitives. pentesterlab.com/blog/freshrss-…

𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟭𝟬, 𝟮𝟬𝟮𝟲 A great mix of content this week! 🔒 𝗜𝗿𝗼𝗻𝗖𝘂𝗿𝘁𝗮𝗶𝗻: 𝗔 𝗣𝗲𝗿𝘀𝗼𝗻𝗮𝗹 𝗔𝗜 𝗔𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁 𝗕𝘂𝗶𝗹𝘁 𝗦𝗲𝗰𝘂𝗿𝗲 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗚𝗿𝗼𝘂𝗻𝗱 𝗨𝗽 Niels Provos (from OpenBSD's systrace) is sharing a new tool to sandbox your AI assistant: provos.org/p/ironcurtain-…. 🚥 𝗺𝗶𝘁𝗺𝗽𝗿𝗼𝘅𝘆 𝗳𝗼𝗿 𝗳𝘂𝗻 𝗮𝗻𝗱 𝗽𝗿𝗼𝗳𝗶𝘁: 𝗜𝗻𝘁𝗲𝗿𝗰𝗲𝗽𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗼𝗳 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗧𝗿𝗮𝗳𝗳𝗶𝗰 A write-up on how to use mitmproxy: synacktiv.com/en/publication…. ✨ 𝗧𝗵𝗲 𝗠𝗖𝗣 𝗔𝘂𝘁𝗵𝗡/𝗭 𝗡𝗶𝗴𝗵𝘁𝗺𝗮𝗿𝗲 A reminder of the mess AuthN/Z with MCP is: blog.doyensec.com/2026/03/05/mcp…. 😎 𝗩𝗶𝗯𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗮𝗱𝗮𝗿 A cool little project to track the security issues created by vibe coding: vibe-radar-ten.vercel.app. ⛓️‍💥 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗕𝘆𝗽𝗮𝘀𝘀 𝗶𝗻 𝗽𝗮𝗰𝟰𝗷 Another issue with a library leveragining JWT: codeant.ai/security-resea….

@EliotGeo 🚀

I just completed @Pentesterlab's Recon Badge!!!

@jundybaba @AhmedMosaa18 Not at the moment.

@PentesterLab @AhmedMosaa18 ops how about pro users

Thanks @PentesterLab for these awesome swags

@jundybaba @AhmedMosaa18 It comes with our code review training: pentesterlab.com/live-training/

@PentesterLab @AhmedMosaa18 When will I get mine?

@Tato_418 @AhmedMosaa18 It comes with our code review training: pentesterlab.com/live-training/

@PentesterLab @AhmedMosaa18 how to get the tshirt?

@FabrePierrejean @AhmedMosaa18 That comes with the code review training

@PentesterLab @AhmedMosaa18 How can I get some of these goodies? I've been a subscriber for years.

I wrote about what happens when you rewrite mature software with agents. You rebuild the features. You don't rebuild the scars. vinext: one engineer, one week, $1,100 in tokens. Then plenty of vulnerabilities found within days. pentesterlab.com/blog/what-you-…

𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟵, 𝟮𝟬𝟮𝟲 Mostly AI... 💻 𝗕𝗿𝗼𝘄𝘀𝗲𝗿-𝗕𝗮𝘀𝗲𝗱 𝗣𝗼𝗿𝘁 𝗦𝗰𝗮𝗻𝗻𝗶𝗻𝗴 𝗶𝗻 𝘁𝗵𝗲 𝗔𝗴𝗲 𝗼𝗳 𝗟𝗡𝗔 Leveraging Local Network Access to create a port scanner! wiki.notveg.ninja/tools/lna-port…. 🪟 𝟭𝟬𝟬+ 𝗞𝗲𝗿𝗻𝗲𝗹 𝗕𝘂𝗴𝘀 𝗶𝗻 𝟯𝟬 𝗗𝗮𝘆𝘀 Behind the (impressive) result, the methodology is probably the most important. Make sure you read between the lines: substack.com/home/post/p-18…. ⛈️ 𝘃𝗶𝗻𝗲𝘅𝘁: 𝗩𝗶𝗯𝗲-𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲'𝘀 𝗩𝗶𝗯𝗲-𝗖𝗼𝗱𝗲𝗱 𝗡𝗲𝘅𝘁.𝗷𝘀 𝗥𝗲𝗽𝗹𝗮𝗰𝗲𝗺𝗲𝗻𝘁 It's raining bugs in the cloud. A great example of agent capabilities on a never-seen-before target: hacktron.ai/blog/hacking-c….

I just completed @Pentesterlab's Unix Badge!!!