This badge is an extension of the yellow badge and covers complex attacks
- Java/Struts
- Completed by 110 students
S2-052
This exercise covers the exploitation of the Struts S2-052 vulnerability
- Completed by 0 students
JWT VII Coming soon
- Completed by 0 students
Git Information Leak Coming soon
This exercise details how to retrieve information from an exposed .git directory on a web server
- Completed by 46 students
JWT V
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
- Completed by 35 students
JWT III
This exercise covers the exploitation of an issue in the usage of JWT token
- Completed by 36 students
JWT IV
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
- Completed by 22 students
JWT VI
This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
- Completed by 9 students
CBC-MAC II
This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
- Completed by 14 students
CBC-MAC
This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
- Completed by 18 students
CVE-2018-0114
This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT