Source Incite

The last training for this year is at Romhack between 24th-27th of September at romhack.io/training/2024/… some student discount codes still available, DM us.

Samstung Part 2 :: Remote Code Execution in MagicINFO 9 Server srcincite.io/blog/2026/01/2…

Samstung Part 1 :: Remote Code Execution in MagicINFO 9 Server srcincite.io/blog/2026/01/2…

I really appreciate the hard work that goes into these Phrack publications! A huge shoutout goes to @richinseattle, @chompie1337, @netspooky, @bsdaemon and anyone else at @phrack for their incredible spirit of keeping this amazing e-zine alive!

Here is a really cool blog post by wasamasa whos is a past student of our FSWA class: emacsninja.com/posts/cve-2025…. You can find them on Mastodon: @wasamasa/" target="_blank" rel="nofollow noopener">lonely.town/@wasamasa/

Some of the fun things we get to do in the FSWA class: Analyze fresh NDAY that comes out just two days before class!

We are taking a break from delivering our Full Stack Web Attack class in 2025 to focus more on the research. However on a case by case basis, we may still offer private trainings: srcincite.io/training/sched…

Popping calc with some .NET magic in some enterprise software during @steventseeley training. This guy is amazing, book his training if you are interested in advance web exploitation targeting Java and .NET applications #romhack

Excited to be back in Rome delivering Full Stack Web Attack and landing a beautiful RCE the day before! Carpe diem! #FSWA

Very excited to deliver Full Stack Web Attack next week, we have some new exciting content to share :-> 🤌🏻

For those curious, we had this bug in our Full Stack Web Attack training for ~1 year prior to disclosure :-)

Definitely worth participating - if you want a solid training on web attacks, consider this one! :) I did it recently - and it was super useful!

🔥One of the best advance exploitation trainings out there, you do not want to miss the boat on this, there are only a few seats left, sign up 💯

Time to retire some content! JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: srcincite.io/blog/2024/07/2…

@steventseeley "pop thy shell" lives on

This full chain analysis from discovery to exploit has been added to Full Stack Web Attack. The last training for this year is at Romhack between 24th-27th of September at romhack.io/training/2024/…. Student discount codes available, PM me but I only have a few left.

Highly recommended training! You'll gain valuable insights and skills, and the next three months will be packed for applying what you've learned on real-world targets.

Landed a nice auth-bypass via an XXE! If you wish to learn techniques like this, you should definitely sign up to our Sep 24-27th Full Stack Web Attack class at @cybersaiyanIT: romhack.io/training/2024/…

That’s ok, the course content was updated this year anyway, but now you all know why I no longer offer online training.

@smartdeckk @steventseeley @offensive_con srcincite.io/training/sched… you can see the next trainings here and you can browse the syllabuses for their training :)