A journey in a Symfony website with JMose CommandScheduler enabled lead to some interesting results.

A journey in rConfig 3.9.4 lead to preauth sql injection, auth bypass, and remote code execution

Here is my take on Advanced Web Attack and Exploitation course and relative exam for Offensive Security Web Expert