Ethical Hacking & Pentesting Blog
Technical articles on offensive cybersecurity, web hacking and CTF from real practice.
OWASP MAS: The Standard for Auditing Mobile Application Security
What OWASP MAS is and how to audit mobile apps with it: MASVS, MASWE and MASTG explained, the standard's categories and how to apply it on Android and iOS.
Read article β
Prompt injection: the new class of vulnerability (OWASP Top 10 LLM)
What prompt injection is and why it is the number one risk in AI applications: direct vs indirect, the OWASP Top 10 for LLMs and how to test and defend against it.
Read article β
AiTM Phishing: How the Second Factor Gets Bypassed (and Why MFA Is No Longer Enough)
What AiTM (adversary-in-the-middle) phishing is, how it steals the session to bypass MFA, why classic two-factor does not stop it and how to detect and defend against it.
Read article β
From 0 to Pentester in 2026: The Complete Roadmap to Start in Offensive Security
The real roadmap to become a pentester from scratch in 2026: fundamentals, web hacking, specialization and the role of AI. No shortcuts.
Read article β
Fraudulent Domains: Typosquatting and IDN Homograph Attacks
How phishing's fraudulent domains really work: typosquatting, combosquatting, bitsquatting and IDN homograph attacks. Detection and defense.
Read article β
MXS is here: mobile pentesting with your own APK and private domain
We've launched MXS, our new mobile pentesting certification. Learn to audit Android apps with your own lab: a unique APK and domain per student.
Read article β
This is how SixHack Academy courses work
Full breakdown of the WXJ and WXE course classroom: PDF theory manual, module-based videos, hands-on labs with dedicated Docker containers, discussion forum, and certification exam with built-in scheduler.
Read article β