Blue Badge

users completed icon
1509 Completed
video icon
24 Videos
book icon
11 Exercises

This badge is an extension of the yellow badge and covers complex attacks

Exercises

Easy
blue badge icon
S2-052
  • This exercise covers the exploitation of the Struts S2-052 vulnerability
  • 1 video
  • Completed by 2512 students
  • Takes < 1 Hr. on average
  • Java/Struts

 

Easy
blue badge icon
JWT VII
  • This exercise covers the exploitation of a website using JWT for session without verifying the signature
  • 2 videos
  • Completed by 3318 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Easy
blue badge icon
Git Information Leak
  • This exercise details how to retrieve information from an exposed .git directory on a web server
  • 1 video
  • Completed by 3450 students
  • Takes < 1 Hr. on average

 

Medium
blue badge icon
JWT V
  • This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
  • 4 videos
  • Completed by 2997 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
Git Information Leak II
  • This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled
  • 1 video
  • Completed by 2554 students
  • Takes < 1 Hr. on average

 

Medium
blue badge icon
JWT kid Injection
  • This exercise covers the exploitation of an issue in the usage of JWT token
  • 3 videos
  • Completed by 2870 students
  • Takes 1-2 Hrs. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
JWT IV
  • This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
  • 3 videos
  • Completed by 2652 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
JWT VI
  • This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
  • 3 videos
  • Completed by 2504 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
CBC-MAC II
  • This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
  • 1 video
  • Completed by 1704 students
  • Takes 1-2 Hrs. on average
  • Crypto

 

Hard
blue badge icon
CBC-MAC
  • This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
  • 2 videos
  • Completed by 1664 students
  • Takes 1-2 Hrs. on average
  • Crypto

 

Hard
blue badge icon
CVE-2018-0114
  • This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
  • 3 videos
  • Completed by 1830 students
  • Takes 2-4 Hrs. on average
  • jwt
  • CWE-347