i have yet to implement delete posts lol sorry guys. just um make it blank for now if you want.

watch the last couple of videos in the active directory section of the course. watch the case studies.

After detection of DOM-based/reflected XSS, the most important thing is executing the payload, which is quite different in the real world. We mostly need to create a customized payload for every case. For crafting the XSS payload, "brute logic" categorized it into 7 main cases, which is quite important to know while executing the XSS payload.

That's a fantastic insight! Many beginners overlook the difference between View Source and Inspect Element, but understanding it is crucial for finding DOM-based XSS. Your explanation is clear and to the point—definitely the kind of tip that can level up someone's XSS testing game! Looking forward to your video; it sounds like it'll be super valuable!

Here's something I didn’t realize until recently while studying DOM-based vs. reflected XSS: The HTML you see when you right-click and Inspect Element is not the same as what you see in View Page Source. View Source shows the original HTML from the server. Inspect Element shows the live DOM after JavaScript has executed. This difference is huge when testing for XSS vulnerabilities. For example, with Reflected XSS, you might see the payload in View Source, but with DOM-based XSS, it’ll only appear in the DOM via Inspect Element. will make a video on this.

yes, so I strongly recommend the Portswigger labs because they always work! They are burp suite labs basically. There are about 300 of them. Some of them take a few minutes, some longer, some a few hours. If you notice, there are usually youtube walkthrouhgs on the bottom. One guy, I won't say his name, is so dry haha. All he does is say the exact solution that is already given by portswigger. Instead, look out for Z3nSh3ll videos, which would be linked right under. Not every lab has a Z3nSh3ll video. But a lot of the important ones do. For instance, just hit the XSS labs, there are like 30 of them. Just go one after the other, and Z3nSh3ll will explain it to you beautifully. He really talks you through it. The logic behind all the attacks, and how to conduct similar attacks it's the best.

Hey, everyone’s different, and it all comes down to how you present yourself. Should I add a resume help section to this site? hmm i might. That said, why not make your resume kickass. It's just as much about how you present what you got than what you got. ha think of it that way. be humble and honest about where you are. who knows someone might pick you up. Mention any cool experience you gained from doing the PNPT, For web security, I highly recommend the PortSwigger labs. Go through all the ones that Z3nSh3ll has videos for—PortSwigger themselves even link to his videos. Watching them is the best for web security. And the PortSwigger Labs always work . . I'll let you know more about the CRTO soon.

Take my advice with a grain of salt...