Homepage
Open in app
Sign in
Get started
Pentester Academy Blog
Highly Technical, Hands-on, Comprehensive Cybersecurity Training.
Blog
Pentester Academy
Follow
Following
Access On-Demand Bootcamp Recordings on Our Lab Platform
Access On-Demand Bootcamp Recordings on Our Lab Platform
Annual subscriptions now include select bootcamp recordings!
Pentester Academy
Aug 19, 2021
Lab Walkthrough — Shockin’ Shells: ShellShock [CVE-2014–6271]
Lab Walkthrough — Shockin’ Shells: ShellShock [CVE-2014–6271]
Let’s learn about the (in)famous ShellShock vulnerability and how it was leveraged by the malicious actors!
Pentester Academy
Apr 27, 2023
Lab Walkthrough — Authorization Bypass in RegexRequestMatcher [CVE-2022–22978]
Lab Walkthrough — Authorization Bypass in RegexRequestMatcher [CVE-2022–22978]
Let’s learn about a quick win trick to bypass authorization in vulnerable versions of Spring Security.
Pentester Academy
Apr 20, 2023
Lab Walkthrough — Lucee Server Arbitrary File Write [CVE-2021–21307]
Lab Walkthrough — Lucee Server Arbitrary File Write [CVE-2021–21307]
This exercise is to understand how to exploit the Lucee server using the Metasploit Framework.
Pentester Academy
Apr 13, 2023
Lab Walkthrough — LimeSurvey RCE [CVE-2021–44967]
Lab Walkthrough — LimeSurvey RCE [CVE-2021–44967]
This exercise is to understand how to exploit the LimeSurvey application.
Pentester Academy
Apr 5, 2023
INE’s eJPT Certification is Here to Kickstart Junior Penetration Testing Careers
INE’s eJPT Certification is Here to Kickstart Junior Penetration Testing Careers
With INE’s release of the eJPT Certification, you can learn and demonstrate mastery of all the necessary skills for cybersecurity roles.
Pentester Academy
Mar 29, 2023
Lab Walkthrough — Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]
Lab Walkthrough — Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]
This exercise is to understand how to exploit the Moodle server using the Metasploit Framework.
Pentester Academy
Mar 23, 2023
Lab Walkthrough — Drupalgeddon 2 [CVE-2018–7600]
Lab Walkthrough — Drupalgeddon 2 [CVE-2018–7600]
This exercise is to understand how to exploit the Drupal server using the Metasploit Framework and manually.
Pentester Academy
Mar 16, 2023
Cyber Security Accessibility for Small Businesses
Cyber Security Accessibility for Small Businesses
Small businesses are most likely to suffer after cyber attacks. Learn how INE can help you develop the necessary skills to protect yourself.
Pentester Academy
Mar 10, 2023
Lab Walkthrough — The WannaCry Ransomware
Lab Walkthrough — The WannaCry Ransomware
Understand how the Wannacry ransomware works and how it encrypts all personal data on the Windows system. Learn to prevent such attacks.
Pentester Academy
Feb 23, 2023
How To Use AWS Secrets Manager
How To Use AWS Secrets Manager
AWS Secrets Manager allows you to replace hardcoded credentials such as passwords in your code. Learn more about it in this post.
Pentester Academy
Jan 19, 2023
ImageTragick: A Tragick Image Conversion Tale
ImageTragick: A Tragick Image Conversion Tale
Let’s explore the (in)famous ImageTragick vulnerability and how it was used by attackers to gain code execution on the affected servers!
Pentester Academy
Dec 22, 2022
Lab Walkthrough — Exploiting Spring4Shell (CVE-2022–22965)
Lab Walkthrough — Exploiting Spring4Shell (CVE-2022–22965)
In this article, we will learn to exploit the Spring4Shell vulnerability in a realistic environment.
Pentester Academy
Nov 24, 2022
Getting started with Cloud Storage — Microsoft Azure
Getting started with Cloud Storage — Microsoft Azure
In this article, we will learn how to get started with Azure Cloud Storage.
Pentester Academy
Nov 15, 2022
Getting Started with Azure
Getting Started with Azure
Start your journey to the cloud with Microsoft Azure! In this post, we cover the basics of Azure and show you how to start using it.
Pentester Academy
Nov 1, 2022
Getting Started with AWS
Getting Started with AWS
In this post, we’ll explore the fundamentals of Amazon Web Services & how to get started with it.
Pentester Academy
Oct 19, 2022
Premium Lab Walkthrough: Server Side Request Forgery
Premium Lab Walkthrough: Server Side Request Forgery
In this walkthrough, learn how a vulnerable lambda function can be leveraged to perform an SSRF attack.
Pentester Academy
Oct 6, 2022
Premium Lab Walkthrough: Command Injection
Premium Lab Walkthrough: Command Injection
Learn how a vulnerable lambda function can be leveraged to perform a privileged operation.
Pentester Academy
Sep 29, 2022
Premium Lab Walkthrough: Overly Permissive Permission
Premium Lab Walkthrough: Overly Permissive Permission
Not adhering to minimum privileges when establishing roles and permissions exposes you to security threats.
Pentester Academy
Sep 22, 2022
Lab Walkthrough — DynamoDB: SQL Injection | INE
Lab Walkthrough — DynamoDB: SQL Injection | INE
SQL injection provides those hackers a clever way to enter a database and DynamoDB is no exception.
Pentester Academy
Sep 13, 2022
Premium Lab: Pass Role: EC2
Premium Lab: Pass Role: EC2
In this lab walkthrough, we show how in AWS EC2, overly permissive permissions can be abused by a user to perform privileged operations.
Pentester Academy
Sep 6, 2022
IaC (Terraform) for Pentesters
IaC (Terraform) for Pentesters
Infrastructure as Code (IaC) is an amazing tool for anyone managing infra. But like any other system, it can be attacked.
Shivam Bathla
Jun 27, 2022
From Zip Slip to System Takeover
From Zip Slip to System Takeover
How unzipping malicious archives can lead to Path Traversal and Symlink file overwrite attacks
Shivam Bathla
Jun 1, 2022
XSLT Injections for Dummies
XSLT Injections for Dummies
Discussing this often-overlooked class of vulnerabilities and possible attack surfaces.
Shivam Bathla
May 17, 2022
Supply Chain Attacks: Case Studies
Supply Chain Attacks: Case Studies
Let’s take a look at a few case studies on different Supply Chain Attacks.
Shivam Bathla
Apr 6, 2022
About Pentester Academy Blog
Latest Stories
Archive
About Medium
Terms
Privacy
Teams