Brown Badge

15 Completed

33 Videos

26 Exercises

image for Signing Oracle

Signing Oracle

This exercise covers how a signing oracle can be used to bypass authorization in place
2 videos
Completed by 697 students
Takes < 1 Hr. on average

image for JS Prototype Pollution

JS Prototype Pollution

This exercise covers how to exploit Prototype Pollution against a JavaScript application
1 video
Completed by 752 students
Takes < 1 Hr. on average

image for CVE-2021-41773

CVE-2021-41773

This challenge covers how to read arbitrary files by leveraging CVE-2021-41773
1 video
Completed by 402 students
Takes < 1 Hr. on average
Apache
CWE-23

image for JSON Web Encryption

JSON Web Encryption

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver
2 videos
Completed by 453 students
Takes < 1 Hr. on average

image for Apache Pluto RCE

Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic
1 video
Completed by 453 students
Takes < 1 Hr. on average
CWE-200

image for Unicode and Uppercase

Unicode and Uppercase

This exercise covers how you can use unicode to gain access to an admin account.
1 video
Completed by 559 students
Takes < 1 Hr. on average

image for Unicode and Downcase

Unicode and Downcase

This exercise covers how you can use unicode to gain access to an admin account.
1 video
Completed by 499 students
Takes < 1 Hr. on average

image for Zip symlink

Zip symlink

This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
1 video
Completed by 490 students
Takes < 1 Hr. on average

image for CVE-2020-14343: PyYAML unsafe loader

CVE-2020-14343: PyYAML unsafe loader

This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()
1 video
Completed by 244 students
Takes < 1 Hr. on average
CWE-20

image for Express Local File Read

Express Local File Read

This exercise covers how an insecure to render can be used to gain local file read with Express
1 video
Completed by 283 students
Takes < 1 Hr. on average

image for CVE-2021-40438

CVE-2021-40438

This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
1 video
Completed by 239 students
Takes < 1 Hr. on average
Apache
CWE-918

image for GCM Nonce Reuse

GCM Nonce Reuse

This challenge covers the impact of nonce reuse on GCM
2 videos
Completed by 98 students
Takes < 1 Hr. on average
Ruby

image for PHP phar://

PHP phar://

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
1 video
Completed by 290 students
Takes < 1 Hr. on average

image for Spring Actuators

Spring Actuators

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
1 video
Completed by 238 students
Takes 1-2 Hrs. on average

image for From SQL injection to Shell III: PostgreSQL Edition

From SQL injection to Shell III: PostgreSQL Edition

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript
2 videos
Completed by 165 students
Takes 2-4 Hrs. on average
Ruby-on-Rails
SQL Injection
CWE-89

image for Unicode and NFKC

Unicode and NFKC

This exercise covers how can leverage unicode to get exploit a directory traversal
1 video
Completed by 235 students
Takes < 1 Hr. on average

image for EDDSA vulnerability in Monocypher

EDDSA vulnerability in Monocypher

This exercise covers the exploitation of a vulnerability impacting Monocypher.
1 video
Completed by 115 students
Takes 1-2 Hrs. on average
crypto

image for CGI and Signature

CGI and Signature

This exercise covers the exploitation of a vulnerable CGI.
1 video
Completed by 160 students
Takes < 1 Hr. on average

image for CVE-2020-7115: Aruba Clearpass RCE

CVE-2020-7115: Aruba Clearpass RCE

This exercise covers a remote command execution issue on Aruba Clearpass RCE
1 video
Completed by 154 students
Takes < 1 Hr. on average
CWE-306

image for CVE-2021-41773 II

CVE-2021-41773 II

This challenge covers how to gain code execution by leveraging CVE-2021-41773
1 video
Completed by 132 students
Takes 1-2 Hrs. on average
Apache

image for CVE-2022-21449

CVE-2022-21449

This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
4 videos
Completed by 83 students
Takes < 1 Hr. on average
Java
jwt

image for CVE-2020-8163: Rails local name RCE

CVE-2020-8163: Rails local name RCE

This exercise details the exploitation of CVE-2020-8163 to gain code execution
2 videos
Completed by 186 students
Takes 1-2 Hrs. on average
CWE-94

image for RCE via argument injection

RCE via argument injection

This exercise covers a remote command execution vulnerability in which an attacker can only inject arguments
Completed by 32 students
Takes 2-4 Hrs. on average

image for Ox Remote Code Execution

Ox Remote Code Execution

This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.3
1 video
Completed by 46 students
Takes 2-4 Hrs. on average
Ruby

image for JSON Web Token XIII

JSON Web Token XIII

This exercise covers the exploitation of algorithm confusion when no public key is available
2 videos
Completed by 119 students
Takes < 1 Hr. on average
PHP
jwt
cwe-310

image for Ox Remote Code Execution II

Ox Remote Code Execution II

This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.7
Completed by 20 students
Takes 2-4 Hrs. on average
Ruby