OSWE / WEB-300 instructional notes covering source code review, exploit chain analysis, authentication bypass, deserialization, SSTI, XXE, XSS, CSRF, SSRF, prototype pollution, WAF bypass, and real-world web vulnerability research patterns.

OSWE WEB-300 筆記 Part 6，涵蓋 Dangerous Functions、Bypass Security Filter to Trigger Eval、Dolibarr Eval Filter Bypass RCE、PostgreSQL injection、Bypass WAF、oraza WAF、RudderStack SQLi and Coraza WAF Bypass 等等。

OSWE WEB-300 筆記 Part 5，涵蓋 Server-Side Request Forgery、SSRF Port Scanning、SSRF Subnet Scanning、Render API Auth Bypass、Prototype Pollution、EJS Prototype Pollution RCE Exploitation、Handlebars Prototype Pollution RCE Exploitation 等等。

OSWE WEB-300 筆記 Part 4，涵蓋 Websocket client、Concord 身份繞過到 RCE、Same-Origin Policy (SOP)、Cross-Origin Resource Sharing (CORS)、SameSite、CORS+CSRF、DatabaseModule API Leak 等等。

OSWE WEB-300 筆記 Part 3，涵蓋 Password Reset Vulnerability、XML Parsing、XXE Exploit、Web Shells、openCRX 身份繞過與 RCE、openITCOCKPIT XSS、DOM-based XSS 等等。

OSWE WEB-300 筆記 Part 2，涵蓋 XmlSerializer、DotNetNuke Cookie Deserialization RCE 弱點、SSTI攻擊、ERPNext 身份繞過、ERPNext Authentication Bypass and Server Side Template Injection 等等。