Organized by Category Solving Portswigger Labs with ZAP 2FA bypass using a brute-force attack Password brute-force via password change Broken brute-force protection, multiple credentials per request Password reset poisoning via middleware