Login
Register
Introduction 00 (next)
Course
Videos
Scoring
Introduction Badge
Introduction Badge (next)
Badges
Introduction
0 / 4
Unix
0 / 35
Essential
0 / 60
PCAP badge
0 / 35
HTTP
0 / 43
White
0 / 6
Serialize
0 / 5
Yellow
0 / 7
Blue
0 / 11
Green
0 / 16
Orange
0 / 15
Intercept
0 / 5
Authentication / Authorization
0 / 21
Android
0 / 8
Capture-The-Flag
0 / 6
Brown
0 / 26
Recon
0 / 27
API
0 / 19
Media
0 / 16
Code Review
0 / 107
Java Serialize
0 / 11
Login
Register
Blue Badge
1196
Completed
24
Videos
11
Exercises
Easy
S2-052
This exercise covers the exploitation of the Struts S2-052 vulnerability
1 video
Completed by 2075 students
Takes Less than an hour on average
Java/Struts
Easy
JWT VII
This exercise covers the exploitation of a website using JWT for session without verifying the signature
2 videos
Completed by 2603 students
Takes Less than an hour on average
jwt
Easy
Git Information Leak
This exercise details how to retrieve information from an exposed .git directory on a web server
1 video
Completed by 2719 students
Takes Less than an hour on average
Easy
JWT V
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
4 videos
Completed by 2401 students
Takes Less than an hour on average
jwt
Easy
Git Information Leak II
This exercise details how to retrieve information from an exposed .git directory on a web server. This time, the directly listing is disabled
1 video
Completed by 2054 students
Takes Less than an hour on average
Medium
JWT III
This exercise covers the exploitation of an issue in the usage of JWT token
3 videos
Completed by 2280 students
Takes Between 1 and 2 hours on average
jwt
Medium
JWT IV
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
3 videos
Completed by 2129 students
Takes Less than an hour on average
jwt
Medium
JWT VI
This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
3 videos
Completed by 2005 students
Takes Less than an hour on average
jwt
Medium
CBC-MAC II
This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
1 video
Completed by 1378 students
Takes Between 1 and 2 hours on average
crypto
Hard
CBC-MAC
This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
2 videos
Completed by 1338 students
Takes Between 1 and 2 hours on average
crypto
Hard
CVE-2018-0114
This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
3 videos
Completed by 1457 students
Takes Between 2 and 4 hours on average
jwt
CWE-347