Penetration Testing ยท Security Dev ยท Labs

Hack, test, document.

Real-world cybersecurity by Ayoub El Gharniti โ€” pentester and security developer. Every article is companion content to a YouTube video, with all commands, screenshots, and extras.

Browse Articles View Labs
๐Ÿ”ด

Tutorials

Step-by-step pentest labs with commands, configs, and full explanations.

Explore โ†’
๐Ÿ› ๏ธ

Tools

Custom scripts, one-liners, and offensive security tools I built or use.

Explore โ†’
๐Ÿ“

Blog

Write-ups, CVE research, bug bounty notes, and security analysis.

Explore โ†’
๐ŸŽฅ

YouTube

Every article has a companion video โ€” watch and follow along.

Watch โ†’

Recent Articles

View all โ†’
web-security beginner

Cookie Security: SameSite, HttpOnly, Secure, and __Host- Prefix

A practical guide to session cookie security attributes. What each flag does, how to test them, and what happens when they're missing.
nomad intermediate

Nomad TLS Configuration: Securing Cluster Communication

How to generate TLS certificates for HashiCorp Nomad servers and clients, configure mTLS, and fix common x509 errors.

๐ŸŽฅ Video
web-security intermediate

Subdomain Takeover: Detection, Exploitation & Prevention

How dangling DNS records lead to subdomain takeovers, how to find them at scale, and how to prevent them in your own infrastructure.