Louis Nyffenegger (@snyff.pentesterlab.com)

Closing keynote for Day 1 announced for BSides Prague 2026 🎉

Louis Nyffenegger (@snyff.pentesterlab.com), application security expert and founder of PentesterLabs, is joining us!
📷 April 23, 2026 Don’t miss it. 📷🔥
#bsides #bsidesprg #keynote

04.03.2026 08:23 👍 0 🔁 1 💬 0 📌 0

Browser-Based Port Scanning in the Age of LNA

𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟵, 𝟮𝟬𝟮𝟲
Mostly AI...

💻 𝗕𝗿𝗼𝘄𝘀𝗲𝗿-𝗕𝗮𝘀𝗲𝗱 𝗣𝗼𝗿𝘁 𝗦𝗰𝗮𝗻𝗻𝗶𝗻𝗴 𝗶𝗻 𝘁𝗵𝗲 𝗔𝗴𝗲 𝗼𝗳 𝗟𝗡𝗔
Leveraging Local Network Access to create a port scanner! wiki.notveg.ninja/tools/lna-po....

01.03.2026 23:58 👍 2 🔁 3 💬 1 📌 0

What you don't see - PentesterLab's Blog More and more, with the progress of coding agents, people are rewriting software.And honestly, it looks easy. You write a good ...

I wrote about what happens when you rewrite mature software with agents. You rebuild the features. You don't rebuild the scars.

vinext: one engineer, one week, $1,100 in tokens. Then plenty of vulnerabilities found within days.

pentesterlab.com/blog/what-yo...

02.03.2026 00:04 👍 4 🔁 5 💬 0 📌 1

SEE MUM, "I" CAN STILL FIND BUGS!

21.01.2026 22:15 👍 2 🔁 0 💬 0 📌 0

Today (2025-12-29) is 2026-W01-1 in ISO week-date 🤯\

So it’s the first day of ISO week-year 2026, even though the date is still 2025.

(Week 1 = week with the first Thursday)

29.12.2025 00:15 👍 3 🔁 0 💬 1 📌 0

Black Friday at @pentesterlab.com 🧨

For a limited time:

🔒 1 year of PRO for $146.52
🎓 Student special: 3 months PRO for $25.99

Hands-on labs. Real CVEs. Security code review training used by real AppSec & pentest teams.

⏰ Offer ends 2 Dec 2025, 23:59:59 UTC
👉 pentesterlab.com/pro

27.11.2025 22:06 👍 2 🔁 3 💬 0 📌 0

I have been using docker for 10 years...

Today I learned that you don't need to provide the full container id when you run docker exec...

21.11.2025 06:25 👍 5 🔁 0 💬 0 📌 0

Thanks :) It was great to catch up! See you at Kawai!

20.10.2025 21:33 👍 3 🔁 0 💬 0 📌 0

Really awesome preso from @snyff.pentesterlab.com @pentesterlab.com over at BSides Perth. Jam packed with patterns, approaches, tips and tricks to level up finding bugs in code. #bsides #bsidesperth

19.10.2025 02:33 👍 3 🔁 2 💬 1 📌 0

I’ve spent 2 solid hours doing bug bounty and I still haven’t made $200k.

Can someone tell me what I’m doing wrong?

#bugbountytips

20.04.2025 23:09 👍 6 🔁 1 💬 1 📌 0

How AI-Generated Code Is Changing Secure Code Review Learn how AI-generated code impacts secure code review and application security. Discover why AI excels at catching common vulnerabilities but needs human expertise for complex bugs.

AI-generated code is reshaping secure code review—fewer trivial bugs, but more hidden threats.

Read more in our new blog post:

pentesterlab.com/blog/secure-...

What do you think?

24.02.2025 22:49 👍 0 🔁 1 💬 0 📌 0

I Don’t Want My Devs to Become Hackers! - PentesterLab's Blog Discover why encouraging developers to learn ethical hacking boosts security, reduces bugs, and fosters a proactive security culture in your organization.

Think teaching devs to hack is risky?

In reality, a bit of hacking knowledge helps them spot vulnerabilities early and build stronger apps.

Discover why having devs with a 'hacker mindset' is a win for security:

pentesterlab.com/blog/why-dev...

13.02.2025 18:21 👍 2 🔁 1 💬 0 📌 0

From now on, I'll call any snippet of vulnerable code shared on Social Media as

"Security Code Review Porn"

It gives the wrong expectations about what real code review actually involves.

07.02.2025 02:44 👍 5 🔁 0 💬 0 📌 0

Common OAuth Vulnerabilities · Doyensec's Blog Common OAuth Vulnerabilities

Articles worth reading discovered last week:

🤝 blog.doyensec.com/2025/01/30/o...
☠️ www.feistyduck.com/newsletter/i...
📚 pathonproject.com/zb/?871f0933...

And as always, it’s in our blog: pentesterlab.com/blog/researc...

#PentesterLabWeekly

02.02.2025 21:50 👍 6 🔁 3 💬 0 📌 0

If you’re in the area, here’s my schedule:
* OWASP Bay Area (Feb 11)
* CactusCon in Mesa/Phoenix (Feb 14 & 15)
* OWASP Los Angeles (Feb 18)
* OWASP Orange County (Feb 20)

I’d love to connect—if you’re nearby, please stop by and say hello (and maybe grab some swag)!

29.01.2025 23:33 👍 0 🔁 0 💬 0 📌 0

I’m excited to share that in a few weeks I’ll be heading to the US for a series of talks and workshops focused on security code review and JWT—and I’ll be bringing some
@pentesterlab.com swag along too!

29.01.2025 23:33 👍 5 🔁 2 💬 1 📌 0

28.01.2025 03:12 👍 9 🔁 1 💬 0 📌 0

PentesterLab: Learn with our Recon Badge The Recon badge is our set of exercises created to help you learn Reconnaissance. From findings usual files down to DNS and TLS exploration, this badge will help you get better at finding new targets

🚀 Level up your #CyberSecurity skills FOR FREE! 🛡️

Earn the Recon Badge with Pentesterlab and master: 🔍 Virtual Hosts 🌐 DNS Recon 🔒 TLS Recon ...and so much more!

Start your journey today
👉 pentesterlab.com/badges/recon

25.01.2025 00:09 👍 2 🔁 2 💬 0 📌 0

...

22.01.2025 09:35 👍 2 🔁 0 💬 1 📌 0

Networking but not TCP/IP - PentesterLab's Blog Discover how building real-world connections in the InfoSec community can accelerate your journey into pentesting and cybersecurity. From local meetups and conferences to online communities, this guid...

Networking in InfoSec isn’t just about IP addresses and ports—it’s also about people!

Discover how meetups, conferences, and volunteering can open big career doors in InfoSec.

Read more: pentesterlab.com/blog/infosec...

11.01.2025 23:59 👍 11 🔁 3 💬 0 📌 0

A Signature Verification Bypass in Nuclei (CVE-2024-43405) | Wiz Blog Wiz's engineering team discovered a high-severity signature verification bypass in Nuclei which could potentially lead to arbitrary code execution.

Someone shared this write-up in the @pentesterlab.com 's discord:

www.wiz.io/blog/nuclei-...

I love this article so much! The content and the analysis are A+

I really like the 🚩 (very similar to pentesterlab.com/blog/another...)

05.01.2025 03:02 👍 8 🔁 0 💬 0 📌 0

joernchen - Friday 13th @ 1°C YouTube video by Tiny Club Berlin

Have a great weekend and enjoy some tunes:

youtu.be/j_Md8_7mhOU

04.01.2025 13:46 👍 6 🔁 3 💬 2 📌 0

Subscribe to PentesterLab on Gumroad PentesterLab is an easy and great way to learn security code review and penetration testing. We provide vulnerable systems that can be used to test and understand vulnerabilities.

If your New Year’s resolution is to get better at web security code review, don’t miss our upcoming live training. Learn how to find vulnerabilities and strengthen your skills:

pentesterlab.gumroad.com

31.12.2024 22:49 👍 3 🔁 2 💬 0 📌 0

Learn Web Penetration Testing: The Right Way Learn Web Penetration Testing: The Right Way

Happy New Year!

pentesterlab.com/gift/xDzcB35... (3-month)
pentesterlab.com/gift/UBMtCsi... (3-month)
pentesterlab.com/gift/BWEYEme... (3-month)

31.12.2024 22:48 👍 2 🔁 1 💬 0 📌 0

Golang: because hackers haven’t given up on SQL injection in 2024...

30.12.2024 00:48 👍 11 🔁 1 💬 0 📌 0

Learn Web Penetration Testing: The Right Way Learn Web Penetration Testing: The Right Way

🎅

pentesterlab.com/gift/v5kegJq... (3-month)
pentesterlab.com/gift/4VG6RYU... (3-month)
pentesterlab.com/gift/lsgfEwJ... (3-month)

24.12.2024 22:41 👍 9 🔁 3 💬 2 📌 0

Thank you! ☺️☺️☺️

23.12.2024 06:09 👍 1 🔁 0 💬 0 📌 0

Someone replied that I had the wrong handle for James, I fixed it but I cannot find the original message.

Thanks to whoever raised it.

18.12.2024 21:56 👍 1 🔁 0 💬 1 📌 0

I put together a VERY limited (for now) list of web hackers in a Starter pack:

go.bsky.app/9uay4Ad

A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!

18.12.2024 00:54 👍 31 🔁 14 💬 3 📌 0

Cross-Site POST Requests Without a Content-Type Header by @lukejahnke
https://nastystereo.com/security/cross-site-post-without-content-type.html
#BBRENewsletter85

16.12.2024 15:05 👍 2 🔁 1 💬 0 📌 0

Louis Nyffenegger

Latest posts by Louis Nyffenegger @snyff.pentesterlab.com