I have built: - A security testing repo: github.com/The-XSS-Rat/Secur… - An API hacking tool: github.com/The-XSS-Rat/hackx… - A blog: blog.hackxpert.com/ (Yeah I know cert expired, will look into that today) - 150 exploits 6 lifelike labs: labs.hackxpert.com/ - A student base of over 180 000 big: udemy.com/user/wesley-thijs/… - A wealth of courses: thexssrat.com/ - A youtube channel with over 1200 video's: youtube.com/c/thexssrat - A medium with over 7300 followers: thexssrat.medium.com/ - An incredible fanbase of over 50 000 rats on youtube 150 000 here - A discord server with over 10 000 members one for CAPIE CNWPP Hacker's toolkit - A list of 10 students i got to directly reporting bugs: thexssrat.podia.com/achievem… - A song: youtube.com/watch?v=S3bP3juJ… (No AI) - A family of my own - Reports on some of the giants of this earth - A pentesting company And still i get constantly attacked for not knowing anything - just copy pasting shit and not being good enough :-) hahaha you are so funny - THEN GO DO BETTER <3 Much love rat pack!! Thank you for the support!

22 euro's - 3 certifications - web API and pentesting thexssrat.podia.com/903-the-… YEP I am loosing money on this one to proctor the exams - butttt I want my certs out there and you are lucky. Buy them now and do them later - They do not expire - You get 3 tries - All support by certs.thexssrat.com - Public hash verified certs - Discord server per cert - Live lessons - How can you fail? Easy ... don't study and just do the exam ... which is why this one comes with ALL my needed course materials.

🐀 Hands-on hacking labs built by The XSS Rat. 41 active machines — from basic enumeration to extreme multi-vector chains. Register, unlock targets, submit flags, track your progress. Free to start. Premium for more. 👉 ratctf.com #CyberSecurity #EthicalHacking #CTF #PenTest

Bug bounty is not dead - it is just getting started thexssrat.podia.com/big-beau… The platforms are over-run with bad AI reports so let's change that and put our name on some real bugs. thexssrat.podia.com/achievem… This is me, my group and the people I coached to success, are you next?

Do you know why my 906 bundle - the web app hacker's collection is so beloved? Because I got 55 web bugs to my name in bug bounty, my OSCP, and my own pentesting company. This bundle starts you off nice and easy and gets you going into one of the toughest exams in the industry... but are you ready? thexssrat.podia.com/901-begi…

🚩 Run your own branded CTF — in minutes. RatCTF White Label gives you a fully branded hacking competition platform for your team, students, or community. ✅ Custom logo & colours ✅ Unlimited challenges & machines ✅ Live leaderboard ✅ Just $20/month — cancel any time 👉 ratctf.com/white-label

Educators & team leads: run your own branded CTF — no infra to manage. 🚩 Your logo & colours, unlimited challenges machines, live leaderboard. Live in minutes. $20/mo, cancel anytime. Try the demo: ratctf.com/wl/demo/login Get started: ratctf.com/white-label

Coming soon - a full OSCP training course. 4/12 videos done.

Do you want to get certified in a web app hacking? Start low and slow with my web app hacking bundle - This bundle doesn't just contain all my courses you need - it but also a web app hacking certs - Grab it now for just 25EUR thexssrat.podia.com/901-begi…

🐀 New on RatCTF: API Users (ExposedAPI) — a hands-on BOLA/IDOR lab. A simple GET /api/v1/users/2 leaks the admin object... including an ssh_password field. From there it's a clean sudo ruby GTFOBins hop to root. If you hunt APIs, this one's built for you 👉 Want to go deeper into web & API hacking? Uncle Rat's Pentesting Paradise has you covered (a discount applies via the link): #infosec #bugbounty #ctf

🐀 New on HackXpert Labs: Server-Side Template Injection (SSTI)! Learn how template engines get turned into code execution — detection, SSTI→RCE, and filter bypass. Hands-on, free, right in your browser. 👉 Want to level up your whole pentest game? Uncle Rat's Pentesting Paradise has you covered (a discount applies via the link): #infosec #bugbounty

New from Uncle Rat 🐀 — Why CAPIE[M] is the best API hacking certificate in the API hacking industry. He breaks down what the exam covers and why it actually proves you can hack APIs, not just talk about it. Watch it here: Want to go deeper and get hands-on? Uncle Rat's Pentesting Paradise bundle is the natural next step (a discount applies via the link): #infosec #bugbounty #APIsecurity

🐀 Uncle Rat's Bug Bounty Methodology — 2026 Version is live. A full 5-phase playbook built from a real hunt on tesla.com: recon → mapping → discovery → exploitation → reporting. Input-classification decision trees, escalation chains (XSS→ATO, SSRF→RCE), the 20-minute rotation rule, and a 7-question report gate that triagers actually respect. Read it 👉 Liked this? Level up with 912 Uncle Rat's Pentesting Paradise — a discount applies via the link: #infosec #bugbounty

🐀 Want to actually practice XSS instead of just reading about it? This XSS lab pack in my SecurityTesting repo drops you straight into the deep end — reflected, DOM-based, JS-context, tag-based, and even a whitelist-bypass challenge, each isolated in its own vulnerable PHP page. Spin them up locally and start hunting 👇 Ready to go from labs to live targets? Level up with 912 Uncle Rat's Pentesting Paradise — a discount applies via the link: #infosec #bugbounty

I walk alone - I create what makes the next generation smarter - I build on you ... you my amazing hackers

NEW LABS - SSTI

Is this you? 👇 You've watched the tutorials. You've got the tools. But the payouts just aren't landing — and you can't quite tell what you're doing wrong. That's exactly what 1:1 coaching fixes. We hunt together, live on YOUR screen, and I build you a repeatable methodology that actually works on real targets. Money-back guarantee after your first session, so it's zero risk to try. A discount applies via the link 👇 Brand new to hacking? Start with the course bundles instead: #bugbounty #mentorship

🐀 Want to actually HACK an API — not just read about one? CAPIE (Certified API hacking Expert) drops you straight into my signature labs: REST vs SOAP, the OWASP API Top 10 (2019 & 2023), API documentation, API firewalls… then you go break them with your own two hands. Real targets, real reps, zero fluff. Come hack me if you can 😏 Start the path 👉 New here? Build your base with the beginner web hacking bundle 👉 #cybersecurity #pentesting

Reading about defense isn't the same as doing defense. 🐀 The Purple Team series drops you onto 5 live hosts mid-breach. Parse the auth.log Apache logs to rebuild the kill chain, write a Python script that auto-triages 15 SOC alerts, hunt planted vulns with semgrep and git history, then defend a host that's actively under attack — fail2ban, ufw, block the IP, clean up the malware. In the right order. Hands on keyboard, not eyes on slides. Boxes auto-reset every 30 min so you can drill it 👇 New to this? Start with the course bundles: #purpleteam #infosec