Blue Badge

This badge is an extension of the yellow badge and covers complex attacks

11

Exercises

231

Completed this badge

12

CPEs

S2-052

This exercise covers the exploitation of the Struts S2-052 vulnerability

Difficulty: EASY
  • Java/Struts
  • Completed by 538 students
  • Takes Less than an hour on average

JWT VII

This exercise covers the exploitation of a website using JWT for session without verifying the signature

Difficulty: EASY
  • 2 videos
  • Completed by 604 students
  • Takes Less than an hour on average

Git Information Leak

This exercise details how to retrieve information from an exposed .git directory on a web server

Difficulty: EASY
  • 1 video
  • Completed by 697 students
  • Takes Less than an hour on average

JWT V

This exercise covers the exploitation of a trivial secret used to sign JWT tokens.

Difficulty: EASY
  • 3 videos
  • Completed by 571 students
  • Takes Less than an hour on average

Git Information Leak II

This exercise details how to retrieve information from an exposed .git directory on a web server. This time, the directly listing is disabled

Difficulty: EASY
  • Completed by 470 students
  • Takes Less than an hour on average

JWT III

This exercise covers the exploitation of an issue in the usage of JWT token

Difficulty: MEDIUM
  • 2 videos
  • Completed by 499 students
  • Takes Between 1 and 2 hours on average

JWT IV

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

Difficulty: MEDIUM
  • 2 videos
  • Completed by 472 students
  • Takes Less than an hour on average

JWT VI

This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism

Difficulty: MEDIUM
  • 2 videos
  • Completed by 430 students
  • Takes Between 1 and 2 hours on average

CBC-MAC II

This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV

Difficulty: MEDIUM
  • 1 video
  • Completed by 287 students
  • Takes Between 1 and 2 hours on average

CBC-MAC

This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC

Difficulty: HARD
  • 2 videos
  • Completed by 283 students
  • Takes Between 2 and 4 hours on average

CVE-2018-0114

This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT

Difficulty: HARD
  • 2 videos
  • Completed by 310 students
  • Takes Between 2 and 4 hours on average