Hands-on reference sheets with interactive quizzes. No fluff — just the commands, concepts, and techniques you need.
SUID, sudo misconfigs, capabilities, cron jobs, writable paths, kernel exploits — the full methodology.
Server-side template injection in Jinja2, Twig, Freemarker — detection, payloads, and RCE chains.
XML external entity attacks — file read, SSRF, blind/OOB exfiltration, and WAF bypass techniques.
Signature wrapping, XML injection, authentication bypass, and common SSO misconfigurations.
JWT attacks, session fixation, cookie security, token storage mistakes — the full picture of broken auth.
Critical authentication bypass in ruby-saml — how it works, what's exploitable, and how to patch.