01
Read with intent
Map untrusted inputs to policy checks, helpers, background jobs, and sinks before you ever touch a payload.
whitebox pentest learning experience
Read the code. Trace the trust boundary. Prove the exploit.
offseclabs.codes teaches offensive security through guided, source-aware labs. Each module starts inside the application, follows the real control flow, and ends with exploit proof, patch review, and notes you could hand to an engineering team without embarrassment.
- Source-first lab walkthroughs
- Exploit chain + patch diff debriefs
- Focused on application and auth attack paths
Why this feels different
This is not a flag hunt dressed up as AppSec. Learners inspect handlers, policies, serializers, background workers, and deployment assumptions so they can explain why the exploit works before they ever press send.
offseclabs: ~/labs/authz/order-history-02
▋
Live cohort signal
Applications
1
operators currently on the list
Role profiles
1
distinct backgrounds represented
What every lab closes with
- Exploit proof that ties back to the exact code path.
- Patch diff review with stronger alternatives when the quick fix is not enough.
- Regression notes so the lesson survives outside the training environment.
Source-aware
Read real implementation details before payloads and scanners start steering your thinking.
Exploit-driven
Convert code observations into repeatable attack paths with believable impact statements.
Fix-oriented
Pair every finding with patch review and reviewer guidance, not just a solved challenge.
// method
Built for practitioners who want the full reasoning chain.
The learning model mirrors how whitebox assessments actually happen in practice: start with code access, identify trust boundaries, build a believable exploit, and validate the fix with engineering-grade notes.
02
Attack with proof
Convert code observations into believable exploit chains with reproducible impact, not just endpoint trivia.
03
Patch like an engineer
Close each lab with a minimal fix, a stronger alternative, and the regression thinking behind both.
// lab flow
From first read to final patch review.
01
Open the brief
Start with a scoped architecture note, the relevant source files, and the threat assumptions that matter.
02
Trace the boundary
Follow user-controlled data through validation, policy checks, feature flags, and persistence layers.
03
Weaponize the gap
Build the smallest exploit that proves impact, and document why weaker attempts fail along the way.
04
Review the patch
Compare the quick fix to the safer design, then write the reviewer notes that would survive production reality.
// tracks
A curriculum shaped like real application review.
The first release should feel disciplined rather than broad. A smaller set of strong modules makes the promise clearer: source-first labs that teach how to reason from implementation to exploit to patch.
Track 01
Application Logic & Data Flow
Learn how user input actually moves through controllers, serializers, jobs, and secondary sinks.
- Handler review and request shaping
- Deserialization and parser trust edges
- Template execution and unsafe rendering
Track 02
Authentication & Authorization Paths
Break session assumptions, object ownership boundaries, and helper-level privilege mistakes.
- Session lifecycle and token trust flaws
- Broken object-level access control
- Privilege boundaries hidden in convenience code
Track 03
Internal Reachability & Cloud Edges
Review how internal-only assumptions collapse across proxies, workers, metadata services, and queues.
- SSRF and metadata exposure patterns
- Queue, worker, and background job abuse
- Implicit trust in service-to-service calls
Track 04
Exploit-to-Patch Debriefs
Turn findings into lasting engineering lessons by comparing fixes, tradeoffs, and regression risk.
- Minimal patches versus defense in depth
- Reviewer notes and regression thinking
- Turning a bug into a durable code review lesson
// learning outcome
Teach pentesting as a code review discipline.
The promise is simple: learners should leave able to explain the exploit path to both an attacker and an engineering team.
Source
Review controllers, jobs, guards, helpers, and infrastructure assumptions before payloads lead the thinking.
Proof
Produce a request, a chain of reasoning, and a believable impact statement grounded in the code path.
Patch
Compare the quick fix, the stronger fix, and the regression risk that remains once the issue is patched.
root@offseclabs:~$ ./apply.sh
Apply for the first whitebox cohort.
This intake is for builders, appsec engineers, and offensive operators who want labs that feel closer to real code review than canned challenge platforms.
- Small cohort format with hands-on source review
- Every lab ends with exploit proof and patch review
- Designed for practitioners who want the full reasoning chain
Applications
1
operators currently on the list
Role profiles
1
distinct backgrounds represented
Track momentum
App Logic
Application Logic & Data Flow
Last signal
1 hour ago
latest application timestamp
Cohort intake
Tell us where you want to go deeper.
We use this to shape cohort mix, prioritize tracks, and understand the kind of lab depth the first release should optimize for.