Windows Privilege Escalation via Startup Folder | Real-World Technique

Windows Privilege Escalation via Scheduled Tasks | From User to SYSTEM

Windows Privilege Escalation: The Complete Series (Start Here)

OSWE Certification – Is It Really Worth It? (My Honest Experience)

Start Cyber Security in 2026: Top 3 Beginner Certs Under $500!

My OSWP Certification Experience

My KLCP Certification Experience

PortSwigger Path Traversal Lab-6 | Validation of file extension with null byte bypass

PortSwigger Path Traversal Lab-5 | Validation of start of path

PortSwigger Path Traversal Lab-4 | Traversal sequences stripped with superfluous URL-decode

PortSwigger Path Traversal Lab-3 | Traversal sequences stripped non-recursively

PortSwigger Path Traversal Lab-2 | Traversal sequences blocked with absolute path bypass

PortSwigger Path Traversal Lab-1 | File path traversal, simple case

PortSwigger Server-Side Template Injection (SSTI) Lab-7 | SSTI with a custom exploit

PortSwigger Server-Side Template Injection (SSTI) Lab-6 | SSTI in a sandboxed environment

PortSwigger Server-Side Template Injection (SSTI) Lab-5 | Information leak via user-supplied objects

PortSwigger Server-Side Template Injection (SSTI) Lab-4 | Unknown language with a documented exploit

PortSwigger Server-Side Template Injection (SSTI) Lab-3 | SSTI using documentation

PortSwigger Server-Side Template Injection (SSTI) Lab-2 | Basic SSTI (code context)

PortSwigger Server-Side Template Injection (SSTI) Lab-1 | Basic server-side template injection

PortSwigger OS Command Injection Lab-5 | Blind command injection with out-of-band data exfiltration

PortSwigger OS Command Injection Lab-4 | Blind OS command injection with out-of-band interaction

PortSwigger OS Command Injection Lab-3 | Blind OS command injection with output redirection

PortSwigger OS Command Injection Lab-2 | Blind OS command injection with time delays

PortSwigger OS Command Injection Lab-1 | Simple case

PortSwigger HTTP Request Smuggling Lab-21 | Server-side pause-based request smuggling

PortSwigger HTTP Request Smuggling Lab-20 | Client-side desync

PortSwigger HTTP Request Smuggling Lab-19 | Web cache poisoning via HTTP/2 request tunnelling

PortSwigger HTTP Request Smuggling Lab-18 | Bypassing access controls via HTTP/2 request tunnelling

PortSwigger HTTP Request Smuggling Lab-17 | HTTP request smuggling to perform web cache deception

PortSwigger HTTP Request Smuggling Lab-16 | HTTP request smuggling to perform web cache poisoning

PortSwigger HTTP Request Smuggling Lab-15 | HTTP request smuggling, obfuscating the TE header

PortSwigger HTTP Request Smuggling Lab-14 | HTTP request smuggling, basic TE.CL vulnerability

PortSwigger HTTP Request Smuggling Lab-13 | HTTP request smuggling, basic CL.TE vulnerability

PortSwigger HTTP Request Smuggling Lab-12 | CL.0 request smuggling

PortSwigger HTTP Request Smuggling Lab-11 | HTTP/2 request splitting via CRLF injection

PortSwigger HTTP Request Smuggling Lab-10 | HTTP/2 request smuggling via CRLF injection

PortSwigger HTTP Request Smuggling Lab-9 | H2.CL request smuggling

PortSwigger HTTP Request Smuggling Lab-8 | Response queue poisoning via H2.TE request smuggling

PortSwigger HTTP Request Smuggling Lab-7 | Deliver reflected XSS

PortSwigger HTTP Request Smuggling Lab-6 | Capture other users requests

PortSwigger HTTP Request Smuggling Lab-5 | Reveal front-end request rewriting

PortSwigger HTTP Request Smuggling Lab-4 | Bypass front-end security controls, TE.CL vulnerability

PortSwigger HTTP Request Smuggling Lab-3 | Bypass front-end security controls, CL.TE vulnerability

PortSwigger HTTP Request Smuggling Lab-2 | Confirming TE.CL vulnerability via differential responses

PortSwigger HTTP Request Smuggling Lab-1 | Confirming CL.TE vulnerability via differential responses

PortSwigger Server-Side Request Forgery (SSRF) Lab-7 | SSRF with whitelist-based input filter

PortSwigger Server-Side Request Forgery (SSRF) Lab-6 | Blind SSRF with Shellshock exploitation

PortSwigger Server-Side Request Forgery (SSRF) Lab-5 | SSRF with filter bypass via open redirection

PortSwigger Server-Side Request Forgery (SSRF) Lab-4 | SSRF with blacklist-based input filter

PortSwigger Server-Side Request Forgery (SSRF) Lab-3 | Blind SSRF with out-of-band detection

PortSwigger Server-Side Request Forgery (SSRF) Lab-2 | Basic SSRF against another back-end system

PortSwigger Server-Side Request Forgery (SSRF) Lab-1 | Basic SSRF against the local server

PortSwigger XML External Entity (XXE) injection Lab-9 | Retrieve data by repurposing a local DTD

PortSwigger XML External Entity (XXE) injection Lab-8 | Exploiting XXE via image file upload

xxe lab 7 Full HD 1080p MEDIUM FR30

PortSwigger XML External Entity (XXE) injection Lab-6 | Blind XXE to retrieve data via error message

PortSwigger XML External Entity (XXE) injection Lab-5 | Blind XXE using a malicious external DTD

PortSwigger XML External Entity (XXE) injection Lab-4 | Blind XXE via XML parameter entities

PortSwigger XML External Entity (XXE) injection Lab-3 | Blind XXE with out-of-band interaction