AAA
Login

Weekly Pentest Tips & Tricks

  • Course
  • 219 Lessons

Do you run out of ideas during pentests? Are you feeling like missing something? Unsure if you covered everything?

This collection of tips & tricks will take your pentests to next level.

Ideal for beginners & intermediates looking to enhance their offsec skills and discover more impactful vulnerabilities.

The lessons are inspired from over 8 years of experience as pentester and bug bounty triager.

  • 200+ web & api pentest lessons to start off

  • hacking labs to practice

  • new tricks every week

  • request your favorite topic

  • practical exploits inspired from real pentests

  • access to exclusive content

  • micro-learning approach

  • tools recommendation and usage

  • Burp optimization

  • workflow automatization

  • step by step examples

  • weaponizing techniques

buy nowPreview

Lessons categories

  • Broken Access Control

  • Cryptographic Failures

  • Injection Attacks

  • Insecure Design

  • Security Misconfiguration

  • Vulnerable Components

  • Identification and Authentication Failures

  • Bug Bounties

  • AI/ML/LLM/MCP

  • Recon & Attack Surface

  • Tooling & Automation

  • Creative, Strategic and Mindset

Can't find what you look for?

Request a Pentest Trick

Hear from community

Nice one! Did not know that underscores can be used as wildcards! I really appreciate your tips and tricks threads!

Jimmy Åkerlund

Security Consultant @Zacco

"This is great work. There are a lot of JWT home-made solutions, making this even more valuable. Good stuff!"

Dennis Underwood

CEO @ Cyber Crucible

"Super relevant. Evil always hides in the shadows. Better to bring some light and document your systems"

Vincent van Dijk

Founder @Security Scientist

"I have seen such scenarios reproducing good bug bounties"

Saiman Patel

Bug hunter @Intigriti

"You are sharing gold tips! Thanks for the contribution"

Rojan Koc

Security Specialist @Microsoft

"I will spend almost the entire day tomorrow checking multiple sites for this!"

Aubrey

Researcher

"Saves alot of time 😲💨"

Sawan

Senior Analyst

"This was great, and I just received a 200$ bounty out of this"

JAI NIRESH

Bug Hunter @Hacker1

"No more booring request reviewing YUPPYYY"

Masab

Pentester

"Never thought of this before.. smart!"

Duncan Ochieng

System Administrator

"I’m an appsec guy and I’m also building an app. Your post helped me to see a weakness in my API which is now fixed"

Anthony Fielding

App Sec Consultant @Veracode

"Your attention to detail in addressing common SSRF pitfalls is impressive. Thanks for shedding light on this critical aspect of application security!"

Arif

Pentester

Frequently asked questions

You’ve got questions. We’ve got answers.

How is this course different compared to existing ones?

  1. Put in practice what you learn from day 1

  2. Get straight to the point lessons without any fluff

  3. Avoid wasting time on content that you find irrelevant

  4. See step-by-step examples from real pentests and bug bounties

  5. Continuous learning with weekly new content instead of one-off process

How long does it take? I don't have much time

Each lesson takes less than 5 minutes to complete, and you can jump straight to any lesson you like (they are independent from each other).

It's up to you if you want to do a full-day binge training or learn for 5 minutes every day

what type of content is it covered?

Web and API offensive security including tools, automatization, exploitation, discovery, etc. which you can put in practice during pentesting and bug hunting

who is target audience?

Pentesters and bug hunters who want to level up their skills and learn new tricks

how much prior knowledge do i need?

You need basic knowledge of OWASP top 10 attacks and experience working with Burp.

The lectures are targeted at beginner/intermediate level

This course is NOT for novice people who want to get into hacking.

what is microlearning?

Microlearning is a way of teaching and delivering content in bite-sized bursts (3-5 minutes) at the point, with a focused and specific learning outcome.

can i take a look before buying?

Sure! Scroll down to the "Contents" section and check out the lectures that have "Preview" enabled

do i have to follow the lectures in a particular order?

No! Each lecture is independent from the others and you can jump straight to the one that you find the most interesting

can i ask you questions about a lecture?

You can ask more questions about the lectures on our Discord channel where you'll get invited after purchase.

Either me, or someone else from the community will try to answer your questions

About me

  • Cybersecurity consultant and founder at Tripla Consult

  • Offensive Security Certified Professional (OSCP)

  • Certified Red Team Professional (CRTP)

  • Certified Azure Red Team Professional (CARTP)

  • Certified Information Systems Security Professional (CISSP)

  • Previous member at Synack Red Team

  • Bug bounty triager at Federacy.com

  • Mentor and trainer on Mentorcruise

CVEs:

  • CVE-2024-25675 – MISP – CSRF in Export Generation

  • CVE-2024-25674 – MISP – Arbitrary File Upload

  • CVE-2024-22272 – VMWare Cloud – Broken Access Control

Talks:

  • OWASP Copenhagen 2024

  • Disobey Helsinki 2025

  • SEC-T Stockholm 2025

  • Defcamp Workshop 2025

YoutubeLinked_inWebsiteX

Contents

Tips & Tricks Request

Request a Pentest Trick
Preview

Hacking Labs

Hacking Labs
Preview

A01 - Broken Access Control

0x02 - Broken Auth in 30 Seconds
Preview
0x19 - Account Takeover via Open Redirect
Preview
0x40 - Info Leak to Account Takeover
0x42 - Auth Bypass with 0-based UUIDs
0x64 - Pentesting Admin Accounts
0x77 - Another Way to Bypass 2FA
0x81 - Seven Ways to Bypass 403
0x122 - Finding Orphaned Privileges
0x123 - Deleted Page Gave Me Owner Access
0x158 - ATO With Cached Magic Links
0x183 - Run Postman Collections for BAC
0x184 - Exploiting Half-Open Sessions
0x187 - File Access Bypass using Chatbots
0x188 - HTTP Response Manipulation
0x192 - The Silent ATO

A02 - Cryptographic Failures

0x06 - JWT Exfil from Source Page
Preview
0x29 - Automating JWT Pentests
0x49 - Cracking JWT Tokens
0x75 - Validating Leaked API Keys
0x96 - Token Randomness Analysis
0x130 - Bypass Encryption w/ JS Debugger
0x132 - Reset Token to Backdoor Trick
0x152 - Cracking Password Reset Tokens

A03 - Injection Attacks

0x01 - XSS via Custom Named Tags
Preview
0x11 - Email Field Payload Injection
Preview
0x12 - XML Formatted XSS Payloads
Preview
0x15 - SSRF for Internal Network Scanning
0x18 - Burp Hackvertor for Advanced Injection
0x25 - OOB Template Injection via SMS
0x35 - HTML Injection for Phishing Emails
0x36 - File Read via Login Wallpapers
0x52 - XSS in SVG Images
0x76 - XSS via Phone Number Field
0x80 - Race Conditions with Turbo Intruder
0x89 - XSS via PostMessage
0x90 - XSS via HREF URLs
0x91 - Invading the DOM
0x115 - Real-World Reflected XSS
0x143 - Full-Width Characters Bypass
0x145 - Exploiting Blind HTML Injection
0x151 - File Upload + CSP + WAF Bypass = XSS

A04 – Insecure Design

0x17 - Exploiting Race Conditions
Preview
0x22 - Phishing via Signup Forms
Preview
0x37 - Open Redirect via REGEX Bypass
0x44 - No Email Verification Abuse
0x62 - Location Spoofing Tricks
0x99 - Loop Denial of Service
0x100 - Infinite Trial Period
0x141 - Why Pentesters Love Blacklists
0x153 - Business Logic Abuses
0x163 - DoS in Sparse Fieldsets API
0x165 - When Cronjobs Implode
0x173 - Test Credit Cards
0x175 - Pay Me Baby One More Time
0x195 - Business Logic Bug in Snapchat

A05 – Security Misconfiguration

0x05 - DB Dump via Underscore Wildcards
Preview
0x28 - Azure Subdomain Takeover at Scale
Preview
0x32 - Command Injection in Azure Webapps
0x34 - File Upload Bypass in Firebase
0x38 - Dir Listing via Range Header Abuse
0x41 - Crashing Apps with Large Inputs
0x47 - CORS Misconfig Exploitation
0x85 - Escalating Debug Log Pages
0x121 - File Upload Bypass via ZIPs
0x144 - Bypassing Firewalls Whitelisting
0x179 - Leaking Source Code with Fuzzing

A06 – Vulnerable Components

0x48 - Finding NPM Dependency Confusion
Preview
0x53 - Using Collaborator as Email Inbox
Preview
0x65 - Can't Find Dependency Confusion?
0x83 - Hacking GitHub CI/CD Workflows
0x88 - Attacking GWT-RPC Apps
0x102 - File Upload Bypasses for 2025
0x108 - Bypassing Geolocation Restrictions
0x118 - Exploiting Dangling JS Dependencies
0x127 - Denial of.. Wallet?!
0x156 - Triggering OOM With Bomb GIFs
0x196 - Reversing Blazor Web Apps

A07 – Identification and Authentication Failures

0x07 - GraphQL Crash via Recursive Queries
Preview
0x23 - Private Email Leak via Google SSO
0x27 - Email Spoof via Client-Side Bypass
0x43 - Email Spoof via DMARC Policy Abuse
0x59 - File Access Bypass via Referer in CDN
0x95 - How the Microsoft MFA was Bypassed
0x133 - Authentication Bypasses for 2025
0x166 - Data Leakage Through Updates
0x197 - Bypass Auth with GraphQL
0x198 - Wrong Email, Right Token

Recon & Attack Surface

0x04 - Reading Intercom Widget Messages
Preview
0x14 - Hidden Endpoints via Link Headers
Preview
0x30 - Hidden API Endpoints in WADL Files
Preview
0x39 - SSRF in PDF Generators
Preview
0x58 - Google Maps API Key Testing
0x66 - Attack Surface via Timing Attacks
0x69 - Finding CSRF through Methods Change
0x79 - Attack Paths in API Docs
0x84 - Finding Only Exploitable CVEs
0x86 - Email Enumeration with Slack
0x98 - Scanning OpenAPI with SOAPI
0x110 - Exploiting Typos in DNS Records
0x106 - Finding Backups From the Past
0x120 - Reverse Engineering APIs
0x135 - Secrets in GitHub Garbage
0x147 - Checking Ports for Exfiltration
0x186 - New Era of Secret Detection
0x189 - NextJS Paths Recon
0x199 - Reversing JS Apps

Tooling & Automation

0x08 - Better Folder Enumeration
Preview
0x13 - Optimizing Payload Lists
Preview
0x20 - Firebase Pentest with Artillery
0x21 - Auto-Finding Dangerous JS Functions
0x24 - GraphQL Voyager for Circular Refs
0x26 - Burp + Python for Pentest Automation
0x31 - Automating Pentests with Bamdas
0x33 - Hiding Uninteresting HTTP Headers
0x51 - Auto-Finding Injectable Parameters
0x55 - No Collaborator? No Problem!
0x57 - Missed Request Smuggling Vulns
0x60 - Burp Fuzzing Insertion Points
0x61 - Modifying Requests on the Fly
0x63 - Reviewing Scanner Payloads in Burp
0x73 - Websocket Pentesting Extension
0x74 - UUID Bruteforce with Custom Lists
0x78 - Blind XSS Hunting in Seconds
0x87 - SQLMap Command Generator
0x93 - Bypassing URL Validation
0x101 - So You Decided to Password Spray?
0x105 - The Offsec Toolkit
0x136 - API Scanning Automation FTW
Preview
0x137 - Optimizing Burp Scanner
0x160 - Source Code in Plain Sight
0x174 - Comment Crusader
0x176 - 429 Too Many Request
0x177 - Maximizing Tricks Value
Preview
0x180 - Replaying POST Payloads in Browser
0x194 - The Kasada Anti-Bot
0x202 - CSP Bypass Search

Creative, Strategic, and Mindset

0x00 - Sandbox Escape in Point of Sale (POS)
Preview
0x09 - Bypassing CAPTCHA - Techniques
0x16 - Path Traversal - Techniques
0x45 - Exploiting Online Compilers
0x50 - Payload Gen with SCAMMPERR
0x54 - Tracking Users with Image URLs
0x56 - Domain Blacklist Bypass w/ Azure DNS
0x70 - Pentesting SIP Protocols
0x71 - RickRolling a Payment Terminal
0x82 - Exploiting Hop-by-Hop Headers
0x94 - When SQLmap Fails: 3 Tips
0x103 - What's Response Filter DoS
0x104 - Train Your (Hacker) Imagination
0x107 - Should We Avoid Burp Collaborator?
0x109 - How to Write Exploits
0x119 - Is Google Sabotaging Hackers?
0x124 - Find Your Crush on Dating Apps
0x125 - Unveiling the Web's Secrets
0x129 - Honey, I'm h̶o̶m̶e̶ payload!
0x131 - How to Exploit Slopsquatting
0x134 - Are Browsers Sabotaging Hackers?
0x139 - Look Where Others Haven’t
0x140 - Making Exploits More Reliable
0x142 - Github Issues for Inspiration
0x148 - Web Attack Escalations
0x150 - How to Hack an ATM
0x154 - The Rule of #3
0x161 - Three Pentesting Mistakes I Made
Preview
0x190 - OWASP Top Ten 2025
0x200 - Smart Input Data

Bug Bounty $$$

0x03 - Maximizing Vulns Impact
Preview
0x46 - Weaponizing XSS for Maximum Impact
0x67 - Unlocking Premium for Free
0x97 - Is This in Scope?
0x111 - Leaking YouTube Emails for $10K
0x112 - $4,000 Bounty for Clickjacking?
0x116 - $1000 Privacy Loophole Exploit
0x146 - High Demand Bounties ($50k+)
0x155 - Get 1,500$ For Your Research
0x157 - Don't Track Me!
0x162 - $350,000 Bounties for HTTP/1.1
0x164 - Three Tips for BB Reports
0x169 - How I Hacked 500 Routers
0x170 - How I Hacked My Hotel
0x171 - Amazon Payment Bypass
0x178 - API Key Rotation
0x181 - Deleting Messages With Emojis 😂
0x182 - Cache Poisoning Profile Pics
0x185 - Bug Bounty Helper
0x193 - The 600,000$ Discount Bug
0x201 - Getting $13,337 for HTML Injection
0x208 - The $200k BugBounty Extension
0x215 - $55,000 for Spring Boot Actuator

AI/ML/LLM/MCP

0x68 - Top 10 AI Chatbot Attack Ideas
0x72 - Stealing AI Chatbot Prompts
0x92 - Scanning Docs with NotebookLM
0x113 - What is Burp's Shadow Repeater
0x114 - Is Nuclei AI Worth It?
0x117 - Email Assistant Account Takeover
0x126 - Formatting XSS Payloads
0x128 - What's a Model Context Protocol (MCP)
0x138 - Vibe Coding -> More Hacking
0x149 - RCE in MCP Inspector
Preview
0x159 - Recon the Cursor
0x167 - LLM Bypass via Alternative Language
0x168 - Hacking MCP Servers
0x172 - Building & Breaking AI Agents
0x191 - AI Liberating Prompts

Latest Tips & Tricks

0x203 - Bypass TLS Fingerprinting
0x204 - Inject in Tooltip Message
0x205 - 3 Levels of BAC Difficulty
0x206 - Quick File Secrets Recon?
Preview
0x207 - Modifying JS On the Fly
0x209 - Hacking WorkOS Intents
0x210 - Quick Kubernetes Checklist
Preview
0x211 - Update/Read Parallel Intruder
Preview
0x212 - Subdomain Takeover + Image Injection
0x213 - Hacking Webapps Through SSH
0x214 - Recon for Protocols
0x216 - Top 10 Hacks of 2025
0x217 - The Hidden Attack Surface