This platform was emerged from yehg.net where one of my research was awarded Top #9 in World Top 10 Web Hacking Techniques.
I developed it:
Challenges are crafted, based on bounty write-ups, real-world case studies, and incident news, not based on brain-burning CTFs.
As of today, I have crafted 241 exercises to challenge your skillsets and thought process. Outdated challenges are removed from the platform in line with the current trend.
Curated gists from various sources: tweets, blogs, papers, conferences, books, tubes, great people I've come across..etc.
Gists are updated if useful non-repeated information is learnt. Outdated gists are removed from the platform in line with the current trend.
Challenges are aimed for a wider audience -
students or professionals on pentest and other cyber fields.
This platform was created to share selected sets of my hands-on fieldwork experience, for which I am proud and find greater meaning to contribute to the community. The techniques you learn can be put into practice.
Web has been everywhere from mobile app, digital signage to iOT. It has been growing and more and more feature-rich than before including recent HTTP2, WebSocket, WebAssembly.
In this challenge series, all challenges are based on real-world incidents and researches.
Majority of world most infamous incidents are stemmed from the root cause of insecure designs, business limitations, human ignorance, and failure to foresee the risks.
In this challenge domain, you will be bombarded with questions on features broken by hackers up to date.
Majority of challenges do not rely on particular technology stacks.
Challenges are developed in technology neutral way mainly to reflect human mistakes, insecure design, poor implementation practices and common weakness patterns propagated across majority of technologies.