PentestLab Team.
We break things for a living. 10+ years of offensive security research, red team engagements, and CVE disclosures β documented here so the community learns faster than attackers do.
Who We Are
PentestLab is a team of senior penetration testers and security researchers with a combined 30+ years of offensive security experience. We’ve broken into everything from Fortune 500 web applications to industrial IoT gateways β and we document every technique here.
Our Specialisms
| Domain | Focus Areas | Experience |
|---|---|---|
| π Web App Security | OWASP Top 10, OAuth abuse, API security, IDOR | 10+ yrs |
| π₯οΈ Network / Infra | AD attacks, lateral movement, cloud pivoting | 12+ yrs |
| π§ IoT & Embedded | Firmware RE, UART/JTAG, BLE, radio protocols | 7+ yrs |
| π± Mobile Security | Android/iOS, OWASP MASVS, frida, bypass | 6+ yrs |
| π£ Phishing / Awareness | Red team phishing, vishing, pretexting simulations | 8+ yrs |
Why This Blog
Most security blogs either stay surface-level or hide the good stuff behind consulting fees. We disagree. Deep technical knowledge shared openly makes the entire ecosystem stronger β defenders learn the real attack paths, and attackers have fewer dark corners to hide in.
Every post here is written by practitioners who ran the attack in a real engagement or controlled lab β not aggregated from other blogs.
Get In Touch
- Twitter / X: @subliminal_web
- GitHub: github.com/subliminal-web
- HackerOne: hackerone.com/subliminal-web
- Email: hello@pentestlab.example.com (PGP key available)
- Consulting: Available for engagements β reach out
“The attacker only needs to be right once. The defender needs to be right every time. We exist to close that gap.”
Let's Work Together
Available for red team engagements, penetration tests, and security research consulting.
Get In Touch