Login
Register
Introduction 00 (next)
Course
Videos
Scoring
Introduction Badge
Introduction Badge (next)
Badges
Introduction
0 / 4
Unix
0 / 35
Essential
0 / 60
PCAP badge
0 / 35
HTTP
0 / 43
White
0 / 6
Serialize
0 / 5
Yellow
0 / 7
Blue
0 / 11
Green
0 / 16
Orange
0 / 15
Intercept
0 / 5
Authentication / Authorization
0 / 21
Android
0 / 8
Capture-The-Flag
0 / 6
Brown
0 / 26
Recon
0 / 27
API
0 / 19
Media
0 / 18
Code Review
0 / 107
Java Serialize
0 / 11
Login
Register
Authentication / Authorization Badge
113
Completed
39
Videos
21
Exercises
Easy
OAuth2: Authorization Server CSRF
This exercise covers the exploitation of a CSRF in the Authorization server
2 videos
Completed by 871 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails
CWE-352
Easy
SAML: Introduction
This exercise covers the exploitation of a signature stripping vulnerability in SAML
2 videos
Completed by 2088 students
Takes Less than an hour on average
RoR
Easy
SAML: Comment Injection
This exercise covers the exploitation of a comment injection vulnerability in SAML
2 videos
Completed by 1144 students
Takes Less than an hour on average
Ruby on Rails
Easy
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
2 videos
Completed by 1515 students
Takes Less than an hour on average
RoR
Medium
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in the OAuth2 Client
2 videos
Completed by 745 students
Takes Less than an hour on average
Ruby-On-Rails
CWE-352
Medium
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in the OAuth2 Client
2 videos
Completed by 361 students
Takes Between 2 and 4 hours on average
Ruby-On-Rails
CWE-352
Medium
SAML: Known Key
This exercise covers the exploitation of a known key in SAML
3 videos
Completed by 312 students
Takes Between 1 and 2 hours on average
Ruby on Rails
Medium
SAML: Trusted Embedded Key
This exercise covers the exploitation of a service provider (SP) that doesn't check the certificate provided in the SAMLResponse
2 videos
Completed by 313 students
Takes Less than an hour on average
Ruby on Rails
Medium
SAML: SAMLResponse forwarding
This exercise covers how one can pass the SAMLResponse from one Service Provider to another Service Provider.
Completed by 291 students
Takes Less than an hour on average
Ruby on Rails
Medium
OAuth2: State Fixation
This exercise covers the exploitation of a state fixation in the OAuth2 Client
2 videos
Completed by 262 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails
Medium
SAML: Comment Injection II
This exercise covers the exploitation of a comment injection vulnerability in SAML
2 videos
Completed by 343 students
Takes Less than an hour on average
Ruby on Rails
Medium
OAuth2: Authorization Server XSS
This exercise covers the exploitation of a XSS in the Authorization server
2 videos
Completed by 222 students
Takes Less than an hour on average
Ruby-On-Rails
Medium
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in the Authorization Server
3 videos
Completed by 767 students
Takes Less than an hour on average
Ruby-On-Rails
Medium
OAuth2: Client OpenRedirect
This exercise covers the exploitation of an OpenRedirect in the OAuth2 Client
2 videos
Completed by 668 students
Takes Less than an hour on average
Ruby-On-Rails
Hard
OAuth2: Github HTTP HEAD
This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
2 videos
Completed by 355 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails
Hard
OAuth2: Client Server XSS
This exercise covers the exploitation of a Cross-Site Scripting in the OAuth2 Client Server
2 videos
Completed by 252 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails
Hard
OAuth2: Predictable State
This exercise covers the exploitation of predictable state in the OAuth2 Client
2 videos
Completed by 198 students
Takes Between 2 and 4 hours on average
Ruby-On-Rails
Hard
OAuth2: Predictable State II
This exercise covers the exploitation of predictable state in the OAuth2 Client
2 videos
Completed by 182 students
Takes Between 1 and 2 hours on average
Ruby-On-Rails
Hard
SAML: Signature Wrapping
This exercise covers how one can use Signature Wrapping to become arbitrary users.
1 video
Completed by 334 students
Takes Less than an hour on average
Ruby on Rails
Hard
SAML: Signature Wrapping II
This exercise covers how one can use Signature Wrapping to become arbitrary users.
Completed by 252 students
Takes Less than an hour on average
Ruby on Rails
Hard
OAuth2: Authorization Server XSS II
This exercise covers the exploitation of a XSS in the Authorization server
2 videos
Completed by 173 students
Takes Less than an hour on average
Ruby-On-Rails