Languages › Regex
Regex
Live courseThe extraction engine of security automation.
22 modules · 24 lessons published · beginner-friendly
Overview
Regular expressions are how you find secrets, endpoints, and tokens in a sea of text — and how you read and break the validation and WAF filters that try to stop you. This course teaches regex from the first literal to elite filter-bypass and ReDoS research, weighted for a practitioner who reads and weaponises far more patterns than they write.
Why learn Regex
- It's the fastest way to find secrets, endpoints, and IOCs across huge text.
- Validation filters and WAFs are regex — reading them reveals the bypass.
- It works everywhere: grep, Python, Burp, Go tooling, and SIEM rules.
What you'll build
Security applications
- Secret and API-key discovery
- Endpoint and token extraction from bundles and source
- WAF and filter analysis and bypass research
- Log analysis and detection engineering
- ReDoS discovery and exploitation
Tools built with Regex
Full curriculum
1 Regex Fundamentals 3 lessons
Literals, classes, anchors, quantifiers, groups, alternation, lookarounds, and modes — every symbol explained.
2 JavaScript Regex for Pentesters 1 lessons
JS regex syntax, every method, and reading regex inside minified bundles.
3 Web Application Security Regex 1 lessons
Validation patterns, token detection, and why regex security controls fail.
4 Source Code Review Regex 1 lessons
Finding hardcoded secrets and credentials across seven languages.
5 Secret Discovery Regex 1 lessons
Production-grade, low-false-positive patterns for AWS, GitHub, Stripe, Slack, and more.
6 API Recon and Endpoint Discovery 1 lessons
Patterns for REST, GraphQL, Swagger, parameters, and routes.
7 Burp Suite Regex Workflows 1 lessons
Match-and-replace, scope, logger filters, and response analysis.
8 JavaScript Bundle Analysis 1 lessons
Extracting from webpack/Vite bundles, minified, and obfuscated code.
9 DOM XSS Discovery using Regex 1 lessons
Locating sources and sinks and tracing flows between them.
10 WAF Analysis and Filter Bypasses 1 lessons
Reading ModSecurity, Cloudflare, and AWS WAF signatures, and finding the gaps.
11 Regex Bypass Techniques 1 lessons
Blacklist, Unicode, and encoding bypasses, and the filter-vs-interpreter gap.
12 Regex DoS (ReDoS) 1 lessons
Backtracking, catastrophic backtracking, discovery, exploitation, and mitigation.
13 Python Regex for Security Automation 1 lessons
The re module end to end for recon, secret discovery, and log parsing.
14 Bash, grep, sed, awk Regex 1 lessons
BRE vs ERE vs PCRE and command-line recon pipelines.
15 Go Regex for Security Tooling 1 lessons
The regexp package and RE2's linear-time guarantee for scanners.
16 Node.js Regex for Security Tooling 1 lessons
Backend JS regex for API analysis and custom tooling.
17 Log Analysis Regex 1 lessons
Apache, Nginx, IIS, and cloud log patterns and attack detection.
18 Detection Engineering Regex 1 lessons
How regex powers Sigma, YARA, Suricata, and Snort rules.
19 Threat Hunting Regex 1 lessons
IOC extraction for domains, URLs, IPs, hashes, and emails, with defang handling.
20 Language-Specific Implementations 1 lessons
Regex in PHP, Java, C#, Ruby, Rust, and Perl for source review.
21 Regex Engine Internals 1 lessons
NFA, DFA, backtracking, optimization, and performance.
22 Expert Offensive Security Regex 1 lessons
How elite practitioners across seven roles wield regex in real engagements.