~/pyfu $ subscribe --mailing-list

Get the latest Python exploitation techniques

Join the PyFu mailing list for hands-on breakdowns of real Python vulnerabilities, the exploit and the fix, straight from the lab to your inbox. No theory dumps, no fluff, just tradecraft you can use on your next assessment.

python3 — join the mailing list

>>> import requests
>>> requests.post(
...     "https://app.kit.com/forms/9557223/subscriptions",
...     data={"email_address": "you@domain.com"},
... )
<Response [200]>  # on the PyFu mailing list — confirm via email

SSTI
Pickle RCE
JWT attacks
SSRF
Deserialization
Sandbox escapes
Prompt injection
FastMCP

// exploit

Real, working exploits

Every technique ships with a runnable payload and proof, not hand-wavy descriptions.

// mitigate

And the fix that stops it

Each issue closes with the defensive pattern that actually holds, not just the bug.

// lab

Straight from the lab

Backed by a Docker lab you can run locally and break for yourself, end to end.