whoami on Askiesec

fred url declutter

Fri, 17 Apr 2026 00:00:00 +0000

Fred URL Declutter

When doing URL recon for bug bounty, most of your list is noise. Wayback Machine and gau return everything they’ve ever seen for a domain — scanner payloads, tracking parameters, duplicate endpoints with different IDs, static assets. Before you can do anything useful with that list you need to clean it.

I built fred to handle this step.

The Problem

Take a typical gau run against a target. You get 50k URLs back. Most of them are useless.

eJPT v2 - Junior Penetration Tester Certification Review

Sat, 21 Mar 2026 00:00:00 +0000

The eJPT or eLearnSecurity Junior Penetration Tester certification is often recommended for people new to offensive security. After taking the exam I wanted to share my review of the experience, exam format and whether its worth it.

What the Certification Is

The eJPT certification is designed as an introductory penetration testing certification. It focuses on evaluating whether the candidate understands the methodology of a pentest, rather than theory or memorization.

Quick thoughts on CyberWarFare Labs certifications

Sat, 21 Mar 2026 00:00:00 +0000

Recently I spent some time looking into a few certifications from CyberWarFare Labs. The three that show up most often when people talk about their training are:

Certified Red Team Analyst - CRTA
Certified Web Red Team Analyst - WEB-RTA
Certified API Red Team Analyst - API-RTA

They are not as widely recognized as some of the bigger certifications in offensive security, but they’ve been getting attention because the focus is simple: hands-on labs and realistic attack scenarios instead of mostly theoretical material.