Command injection detection guide covering OS command injection vulnerabilities in web applications. Learn how to identify injection points, detect command execution, test filter bypasses, and confirm vulnerabilities using manual testing and tools like Commix and Burpsuite.

Community lab submissions coming soon….

Cross-Site Request Forgery (CSRF) penetration testing guide covering token analysis, request forgery testing, and CSRF exploitation techniques. Learn how to identify vulnerable endpoints, create PoC attacks, and test CSRF protection mechanisms for web security assessments.

SQL injection penetration testing guide covering union-based, boolean-based, time-based, and error-based SQL injection techniques using SQLMap and manual methods to exploit database vulnerabilities and extract sensitive data during security assessments.

Cross-Site Scripting (XSS) penetration testing guide covering reflected, stored, and DOM-based XSS vulnerabilities. Learn detection techniques, filter bypass methods, and exploitation using tools like XSSer, Dalfox, and manual testing for web application security assessments.

DNS penetration testing guide covering zone transfer testing, subdomain enumeration, DNS cache snooping, and DNS amplification attacks using tools like Dig, DNSRecon, Fierce, and Sublist3r for security assessments and ethical hacking.

SMB penetration testing guide covering share enumeration, authentication testing, Null session exploitation, and SMB vulnerability assessment using tools like Enum4linux, Smbclient, and Impacket for Windows network security testing.

FTP penetration testing guide covering anonymous login testing, brute force attacks, banner grabbing, and file transfer exploitation using tools like Nmap, Hydra, and Netcat for security assessments and ethical hacking.

Lab for learning SSH Man-in-the-Middle (MITM) attacks using ARP spoofing and credential interception.

React2Shell (CVE-2025-55182 / CVE-2025-66478) vulnerability lab - Learn to detect and exploit vulnerable Next.js applications

Vulnerability scanning guide for penetration testing using Nmap NSE scripts, SearchSploit, OpenVAS, and specialized scanners to identify security weaknesses, misconfigurations, CVEs, and known vulnerabilities in systems and services.

Web enumeration techniques for penetration testing using Gobuster, Ffuf, Dirb, and Nuclei to discover directories, files, virtual hosts, API endpoints, and security weaknesses in web applications during security assessments.

Service enumeration techniques for penetration testing to gather detailed information about running services, including version detection, banner grabbing, and configuration analysis using Nmap, Netcat, and specialized tools to identify vulnerabilities and attack paths.

Port scanning techniques for penetration testing using Nmap, including TCP SYN scans, UDP scans, firewall evasion, and comprehensive port enumeration methods to identify open services and potential attack vectors.

Host discovery techniques for penetration testing, including ping sweeps, ARP scans, and Nmap host discovery methods to identify active systems and live hosts on target networks during security assessments.

This is a walkthrough of the Mr. Robot themed Vulnhub box, located here: https://www.vulnhub.com/entry/mr-robot-1,151/

A medium CTF challenge that demonstrates a PHP Cookie Serialization Attack via preferences.php, leading to a reverse shell. Discover how the .Xauthority file was exploited to capture sensitive data, and learn about privilege escalation techniques used to gain root access without a password.

Photographer contains multiple exploits and misconfigurations. Starting with retrieving credentials from Samba shares then exploiting Koken CMS to gain a reverse shell. LinPEAS revealed MySQL credentials and a SUID PHP binary, enabling privilege escalation to root.

This box is exploited using OpenSSL's predictable PRNG to brute-force an SSH key, gaining access as another user. A sudo misconfiguration is then used to modify /etc/passwd, adding a root user, allowing privilege escalation and capturing the final flag.

Ephemeral 2 is a medium-level box involving Samba exploitation, reverse shells, and privilege escalation. Key steps include discovering open ports, brute-forcing SMB credentials, exploiting a "magic script," and leveraging cron jobs and writable profile scripts to gain root access..

The "Corrosion: 1" CTF involved exploiting log poisoning and path abuse for remote command execution and privilege escalation. Key steps included cracking a ZIP file password and exploiting a vulnerable script to gain root access, culminating in the capture of the root flag.

Vulnhub's Web Machine N7. Labeled as a medium difficulty box with a lot of directory enumeration and some use of sqlmap

Walkthrough of Corrosion 2 vulnhub box. This is considered to be a medium level that involves zip file password cracking and RCE via tomcat protocol.

A walkthrough of VulnHub's Matrix: 2 box. It is an intermediate challenge with directory traversal, password cracking and steganography.

A walkthrough of vulnhub's Matrix: 1 box. It is an intermediate box that involves brute force and breaking out of a restricted shell.