This badge is an extension of the yellow badge and covers complex attacks

  • Java/Struts
  • Completed by 330 students

S2-052

  • Difficulty:

This exercise covers the exploitation of the Struts S2-052 vulnerability

  • Completed by 309 students

JWT VII

  • Difficulty:

This exercise covers the exploitation of a website using JWT for session without verifying the signature

  • 1 video
  • Completed by 381 students

Git Information Leak

  • Difficulty:

This exercise details how to retrieve information from an exposed .git directory on a web server

  • 1 video
  • Completed by 287 students

JWT V

  • Difficulty:

This exercise covers the exploitation of a trivial secret used to sign JWT tokens.

  • Completed by 246 students

Git Information Leak II

  • Difficulty:

This exercise details how to retrieve information from an exposed .git directory on a web server. This time, the directly listing is disabled

  • 1 video
  • Completed by 229 students

JWT III

  • Difficulty:

This exercise covers the exploitation of an issue in the usage of JWT token

  • 1 video
  • Completed by 207 students

JWT IV

  • Difficulty:

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

  • 1 video
  • Completed by 191 students

JWT VI

  • Difficulty:

This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism

  • 1 video
  • Completed by 128 students

CBC-MAC II

  • Difficulty:

This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV

CBC-MAC

  • Difficulty:

This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC

  • 1 video
  • Completed by 133 students

CVE-2018-0114

  • Difficulty:

This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT