Labs

WebSecurity Academy Web LLM attacks

Portswigger’s WebSec Academy now has a section with Web LLM attacks. I’m always saying it’s a great resource and I’ll definitely do these labs soon. https://portswigger.net/web-security/llm-attacks

Portswigger GraphQL labs

Portswigger labs are the best practical resource for learning the basics of web security. Period. They now released the article and 5 labs about GraphQL so if that’s something you want to improve at, make sure to give it a try!...

The hardest CTF task I’ve ever done

Last week, I published a video about a crazy task from a CTF that we’ve solved. We being me and JustCatTheFish team with which I play as a guest. Tasks on a real, ranked CTF were really hard but that just makes solving one more satisfying. This challenge involved two...

AWS security labs

For anyone interested in cloud security, these labs from KONTRA are a must-do. They are free and at the moment there are 13 labs available, covering different aspects of AWS security. The best thing about them is that they really make you understand the bug and see...

HTTP/2 Request smuggling labs

Portswigger released the long-awaited WebSec academy labs about HTTP/2 request smuggling. I haven't yet done them but surely I will do. Did you try them already? If yes, let me know what was the hardest part for you. Maybe it's worth making a video about it?...