#Pentest

2 posts in this category.

Pentest8 min read

Exploiting JWT Misconfigurations in Modern APIs

JSON Web Tokens promise stateless, tamper-proof authentication until a single misconfiguration hands an attacker the keys to every account.

Jun 12, 2026

Pentest9 min read

From Read-Only LFI to RCE via PHP Filters

Chaining filter wrappers into a working payload when nothing else is writable.

Mar 11, 2026