Orange Badge

229 Completed
15 Videos
15 Exercises
Easy image for Cross-Site Request Forgery

Cross-Site Request Forgery

  • This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
  • 2 videos
  • Completed by 1050 students
  • Takes Less than an hour on average
Easy image for JSON Cross-Site Request Forgery

JSON Cross-Site Request Forgery

  • This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
  • 2 videos
  • Completed by 913 students
  • Takes Less than an hour on average
Easy image for Introduction to CSP

Introduction to CSP

  • This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
  • 1 video
  • Completed by 1732 students
  • Takes Less than an hour on average
Easy image for XSS Include

XSS Include

  • This exercise covers how one can use Cross-Site-Scripting Include to leak information.
  • 1 video
  • Completed by 733 students
  • Takes Less than an hour on average
  • Ruby/Rails
  • XSS
Easy image for SVG XSS

SVG XSS

  • This exercise covers how one can use SVG to trigger a Cross-Site-Scripting.
  • 1 video
  • Completed by 1004 students
  • Takes Less than an hour on average
  • Ruby/Rails
Medium image for Cross-Site WebSocket Hijacking

Cross-Site WebSocket Hijacking

  • This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
  • 2 videos
  • Completed by 669 students
  • Takes Less than an hour on average
  • Ruby/Sinatra
Medium image for postMessage()

postMessage()

  • This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
  • 2 videos
  • Completed by 726 students
  • Takes Less than an hour on average
  • Ruby/Sinatra
Medium image for postMessage() II

postMessage() II

  • This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin
  • 2 videos
  • Completed by 637 students
  • Takes Less than an hour on average
  • Ruby/Sinatra
Medium image for postMessage() III

postMessage() III

  • This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
  • 2 videos
  • Completed by 577 students
  • Takes Between 1 and 2 hours on average
  • Ruby/Sinatra
Medium image for postMessage() IV

postMessage() IV

  • This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used
  • 1 video
  • Completed by 558 students
  • Takes Less than an hour on average
  • HTML/Javascript
Medium image for CVE-2018-6574: go get RCE

CVE-2018-6574: go get RCE

  • This exercise covers a remote command execution in Golang's go get command.
  • 1 video
  • Completed by 555 students
  • Takes Less than an hour on average
Medium image for CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

  • This exercise covers the exploitation of HTTPoxy against an old version of Golang
  • 2 videos
  • Completed by 564 students
  • Takes Less than an hour on average
Medium image for Cross-Origin Resource Sharing II

Cross-Origin Resource Sharing II

  • This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
  • 1 video
  • Completed by 604 students
  • Takes Less than an hour on average
  • Ruby/Sinatra/Angular
Hard image for CVE-2018-11235: Git Submodule RCE

CVE-2018-11235: Git Submodule RCE

  • This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution
  • Completed by 302 students
  • Takes Between 2 and 4 hours on average
Hard image for Cross-Site Leak

Cross-Site Leak

  • This exercise covers how one can use Cross-Site Leak to recover sensitive information
  • 1 video
  • Completed by 314 students
  • Takes Between 2 and 4 hours on average
  • Ruby