CyberSecurity WTF


Welcome to CyberSecurity WTF!

This platform offers you with:
1) CHALLENGES in form of web pentesting exercises and security thought process drills;
2) KATANA knowledge base in form of techniques, tips, tricks, notes and tools.


Challenges are crafted, based on bounty write-ups, real-world case studies, and incident news, not based on brain-burning CTFs.

As of today, a total of 157 exercises have been crafted to challenge your skillsets and thought process.

KATANA Database

A collection of curated 1000+ least-technology-neutral gists derived from tweets, blog posts, white papers, conferences, books, tubes and the like.

Great treasures are spread among many places and forgotten. Use it as your desk reference.

Convenient & Time-saving

A lot of lab resources require you to set up which is mostly problematic and you end up troubleshooting to make it work. Some online resources have been no longer in operation.

Now what you see is the ready-to-practice challenge platform with no time-consuming set-up and coding by yourself. Make the best of it and level up your skills to next level.

Technology Neutral & Long-lasting

99% of challenges do not rely on particular technology stacks.

Challenges are developed in technology neutral way mainly to reflect human mistakes, insecure design, poor implementation practices and common weakness patterns propagated across majority of technologies. They would remain valid for years.

Wider Audience

Challenges are aimed for a wider audience - The Web War For penetration testers, CyberSecurity drills for Cyber/App Sec/Project Managers.

This platform was created to share my learning and and assessment experience with you, for which I am proud of as a veteran professional. The techniques you learn can be put into practice right away.

The Web War

Web has been everywhere from mobile app, digital signage to iOT. It has been growing and more and more feature-rich than before including recent HTTP2, WebSocket, WebAssembly. In this challenge series, all challenges are based on real-world incidents and researches.

Cybersecurity Drills

Majority of world most infamous incidents are stemmed from the root cause of insecure designs and failure to foresee the risks. This challenge domain, you will be bombarded with questions on features broken by hackers up to date. This is designed to make you think through secure principles to avoid the weakness.

Leadership Drills

When it comes to organizations, our security performance is all traced back to organization processes, people, management, leadership as well. Soft skills are vital and built on top of technical skills. Without either one, we cannot save our organisations from holistic point of views.