Login
Register
Introduction 00 (next)
Course
Videos
Scoring
Introduction Badge
Introduction Badge (next)
Badges
Introduction
0 / 4
Unix
0 / 35
Essential
0 / 60
PCAP badge
0 / 35
HTTP
0 / 43
White
0 / 6
Serialize
0 / 5
Yellow
0 / 7
Blue
0 / 11
Green
0 / 16
Orange
0 / 15
Intercept
0 / 5
Authentication / Authorization
0 / 21
Android
0 / 8
Capture-The-Flag
0 / 6
Brown
0 / 26
Recon
0 / 27
API
0 / 19
Media
0 / 18
Code Review
0 / 107
Java Serialize
0 / 11
Login
Register
Blue Badge
1219
Completed
24
Videos
11
Exercises
Easy
S2-052
This exercise covers the exploitation of the Struts S2-052 vulnerability
1 video
Completed by 2100 students
Takes Less than an hour on average
Java/Struts
Easy
JWT VII
This exercise covers the exploitation of a website using JWT for session without verifying the signature
2 videos
Completed by 2654 students
Takes Less than an hour on average
jwt
cwe-310
Easy
Git Information Leak
This exercise details how to retrieve information from an exposed .git directory on a web server
1 video
Completed by 2780 students
Takes Less than an hour on average
Easy
JWT V
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
4 videos
Completed by 2446 students
Takes Less than an hour on average
jwt
cwe-310
Easy
Git Information Leak II
This exercise details how to retrieve information from an exposed .git directory on a web server. This time, the directly listing is disabled
1 video
Completed by 2099 students
Takes Less than an hour on average
Medium
JWT III
This exercise covers the exploitation of an issue in the usage of JWT token
3 videos
Completed by 2326 students
Takes Between 1 and 2 hours on average
jwt
cwe-310
Medium
JWT IV
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
3 videos
Completed by 2171 students
Takes Less than an hour on average
jwt
cwe-310
Medium
JWT VI
This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
3 videos
Completed by 2047 students
Takes Less than an hour on average
jwt
cwe-310
Medium
CBC-MAC II
This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
1 video
Completed by 1397 students
Takes Between 1 and 2 hours on average
crypto
Hard
CBC-MAC
This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
2 videos
Completed by 1358 students
Takes Between 1 and 2 hours on average
crypto
Hard
CVE-2018-0114
This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
3 videos
Completed by 1481 students
Takes Between 2 and 4 hours on average
jwt
CWE-347
