graphql is a query language for APIs that runs on a single endpoint (usually /graphql). unlike REST (multiple endpoints), graphql lets clients request exactly the data they want. if not properly se...

fuzzing is how you find what’s hidden: directories, parameters, virtual hosts, API endpoints. pick your tool, pick your wordlist, and let it rip. When to Fuzz if the website has no links to ...

file upload vulnerabilities are about getting a shell (or something malicious) onto the server by abusing how upload filters are implemented. the key mindset: every filter has a gap — your job is t...

file inclusion vulnerabilities let you read (or in some cases execute) files on the server. LFI is the common one, but PHP wrappers open up a whole extra layer of exploitation. Local File Inclus...

a lot of targets run off-the-shelf software: WordPress, Joomla, Jenkins, Tomcat, etc. knowing the common attack vectors for these saves a ton of time. this covers discovery, enumeration, and exploi...

command injection lets you run OS commands through a vulnerable application. it comes down to understanding how filters work, and how to get around them. common types of injections ...

broken authentication covers weaknesses in login, registration, password reset, and session management that let you bypass authentication or take over accounts. this is one of those topics where un...

REST APIs are everywhere and often poorly secured. this covers how to enumerate, probe, and exploit common API vulnerabilities following the OWASP API Security Top 10. OWASP API Security Top 10 ...

active recon means you’re actually touching the target — sending queries, probing responses. noisier than passive, but you get way more detail. this is where you start building the real attack surf...