This was actually a pretty good exam. I've been lacking in attacks, and this course covered them very well. And passing the MFA was also a great practice.

Now, everything I learned while studying for the OSCP and the PWPA has really paid off, and I mostly used Caido. For the amount of practice I've done with web and AD attacks, it kinda I'veme second nature to me.

Like using dirsearch to find a directory, then going to cadio to check out the traffic, using repeater to check the page and how I can mess with it, etc., also finding ways to bypass WAF, which is something I needed to learn badly.

That fixed small details that I didn't think I was missing. Like doing SQLi, it didn't really cover almost all of the OWASP Top 10 for this exam, and honestly, I really love that. This wasn't about getting API keys and finding that this wasn't an IDOR issue, but practice nonetheless.

I found it to be a really good, easy course, and I got it on sale right now for about $10 in America. They also have it set up to enumerate and find answers for the exam. I say it was a pretty good way to spend the afternoon.

Honestly, if you're new, everything you probably need to know is in the course. If you're looking to start web hacking, I recommend this course and TCM Security PWPA. Both were very real-world in what you learn vs. doing a ctf exam.

Thank you for reading! And keep hacking!