Blue Badge

877 Completed
11 Exercises
Easy image for S2-052

S2-052

  • This exercise covers the exploitation of the Struts S2-052 vulnerability
  • 1 video
  • Completed by 1531 students
  • Takes Less than an hour on average
  • Java/Struts
Easy image for JWT VII

JWT VII

  • This exercise covers the exploitation of a website using JWT for session without verifying the signature
  • 2 videos
  • Completed by 1868 students
  • Takes Less than an hour on average
  • jwt,
Easy image for Git Information Leak

Git Information Leak

  • This exercise details how to retrieve information from an exposed .git directory on a web server
  • 1 video
  • Completed by 1998 students
  • Takes Less than an hour on average
Easy image for JWT V

JWT V

  • This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
  • 4 videos
  • Completed by 1749 students
  • Takes Less than an hour on average
  • jwt,
Easy image for Git Information Leak II

Git Information Leak II

  • This exercise details how to retrieve information from an exposed .git directory on a web server. This time, the directly listing is disabled
  • 1 video
  • Completed by 1484 students
  • Takes Less than an hour on average
Medium image for JWT III

JWT III

  • This exercise covers the exploitation of an issue in the usage of JWT token
  • 3 videos
  • Completed by 1657 students
  • Takes Between 1 and 2 hours on average
  • jwt,
Medium image for JWT IV

JWT IV

  • This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
  • 3 videos
  • Completed by 1545 students
  • Takes Less than an hour on average
  • jwt,
Medium image for JWT VI

JWT VI

  • This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
  • 3 videos
  • Completed by 1454 students
  • Takes Less than an hour on average
  • jwt,
Medium image for CBC-MAC II

CBC-MAC II

  • This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
  • 1 video
  • Completed by 1007 students
  • Takes Between 1 and 2 hours on average
  • crypto,
Hard image for CBC-MAC

CBC-MAC

  • This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
  • 2 videos
  • Completed by 980 students
  • Takes Between 2 and 4 hours on average
  • crypto,
Hard image for CVE-2018-0114

CVE-2018-0114

  • This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
  • 3 videos
  • Completed by 1070 students
  • Takes Between 2 and 4 hours on average
  • jwt,