Sign in Create Account

Blue Badge

This badge is an extension of the yellow badge and covers complex attacks

11 exercises 1561 completed 24 videos

Exercises

Easy
blue badge icon
S2-052
  • This exercise covers the exploitation of the Struts S2-052 vulnerability
  • 1 video
  • Completed by 2582 students
  • Takes < 1 Hr. on average
  • Java/Struts

Easy
blue badge icon
JWT VII
  • This exercise covers the exploitation of a website using JWT for session without verifying the signature
  • 2 videos
  • Completed by 3432 students
  • Takes < 1 Hr. on average
  • JWT
  • cwe-310

Easy
blue badge icon
Git Information Leak
  • This exercise details how to retrieve information from an exposed .git directory on a web server
  • 1 video
  • Completed by 3553 students
  • Takes < 1 Hr. on average

Medium
blue badge icon
JWT V
  • This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
  • 4 videos
  • Completed by 3067 students
  • Takes < 1 Hr. on average
  • JWT
  • cwe-310

Medium
blue badge icon
Git Information Leak II
  • This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled
  • 1 video
  • Completed by 2631 students
  • Takes < 1 Hr. on average

Medium
blue badge icon
JWT kid Injection
  • This exercise covers the exploitation of an issue in the usage of JWT token
  • 3 videos
  • Completed by 2960 students
  • Takes 1-2 Hrs. on average
  • JWT
  • cwe-310

Medium
blue badge icon
JWT IV
  • This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
  • 3 videos
  • Completed by 2736 students
  • Takes < 1 Hr. on average
  • JWT
  • cwe-310

Medium
blue badge icon
JWT VI
  • This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
  • 3 videos
  • Completed by 2587 students
  • Takes < 1 Hr. on average
  • JWT
  • cwe-310

Medium
blue badge icon
CBC-MAC II
  • This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
  • 1 video
  • Completed by 1763 students
  • Takes 1-2 Hrs. on average
  • Crypto

Hard
blue badge icon
CBC-MAC
  • This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
  • 2 videos
  • Completed by 1730 students
  • Takes 1-2 Hrs. on average
  • Crypto

Hard
blue badge icon
CVE-2018-0114
  • This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
  • 3 videos
  • Completed by 1905 students
  • Takes 2-4 Hrs. on average
  • JWT
  • CWE-347