Blue Badge

users completed icon
1522 Completed
video icon
24 Videos
book icon
11 Exercises

This badge is an extension of the yellow badge and covers complex attacks

Exercises

Easy
blue badge icon
S2-052
  • This exercise covers the exploitation of the Struts S2-052 vulnerability
  • 1 video
  • Completed by 2523 students
  • Takes < 1 Hr. on average
  • Java/Struts

 

Easy
blue badge icon
JWT VII
  • This exercise covers the exploitation of a website using JWT for session without verifying the signature
  • 2 videos
  • Completed by 3337 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Easy
blue badge icon
Git Information Leak
  • This exercise details how to retrieve information from an exposed .git directory on a web server
  • 1 video
  • Completed by 3471 students
  • Takes < 1 Hr. on average

 

Medium
blue badge icon
JWT V
  • This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
  • 4 videos
  • Completed by 3016 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
Git Information Leak II
  • This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled
  • 1 video
  • Completed by 2572 students
  • Takes < 1 Hr. on average

 

Medium
blue badge icon
JWT kid Injection
  • This exercise covers the exploitation of an issue in the usage of JWT token
  • 3 videos
  • Completed by 2884 students
  • Takes 1-2 Hrs. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
JWT IV
  • This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
  • 3 videos
  • Completed by 2667 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
JWT VI
  • This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
  • 3 videos
  • Completed by 2519 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
blue badge icon
CBC-MAC II
  • This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
  • 1 video
  • Completed by 1717 students
  • Takes 1-2 Hrs. on average
  • Crypto

 

Hard
blue badge icon
CBC-MAC
  • This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
  • 2 videos
  • Completed by 1676 students
  • Takes 1-2 Hrs. on average
  • Crypto

 

Hard
blue badge icon
CVE-2018-0114
  • This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
  • 3 videos
  • Completed by 1842 students
  • Takes 2-4 Hrs. on average
  • jwt
  • CWE-347