Login
Register
Introduction 00 (next)
Course
Videos
Scoring
Introduction Badge
Introduction Badge (next)
Badges
Introduction Badge
Unix Badge
Essential Badge
PCAP badge
White Badge
Serialize Badge
Yellow Badge
Blue Badge
Green Badge
Orange Badge
Intercept Badge
Authentication / Authorization Badge
Android Badge
Capture-The-Flag Badge
Brown Badge
Recon Badge
API Badge
Code Review Badge
Java Serialize Badge
HTTP Badge
Login
Register
Orange Badge
172
Completed
15
Exercises
Easy
Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
2 videos
Completed by 814 students
Takes Less than an hour on average
Easy
JSON Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
2 videos
Completed by 708 students
Takes Less than an hour on average
Easy
Introduction to CSP
This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
1 video
Completed by 1436 students
Takes Less than an hour on average
Easy
XSS Include
This exercise covers how one can use Cross-Site-Scripting Include to leak information.
1 video
Completed by 560 students
Takes Less than an hour on average
Ruby/Rails
Easy
SVG XSS
This exercise covers how one can use SVG to trigger a Cross-Site-Scripting.
1 video
Completed by 784 students
Takes Less than an hour on average
Ruby/Rails
Medium
Cross-Site WebSocket Hijacking
This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
2 videos
Completed by 531 students
Takes Between 1 and 2 hours on average
Ruby/Sinatra
Medium
postMessage()
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
2 videos
Completed by 582 students
Takes Between 1 and 2 hours on average
Ruby/Sinatra
Medium
postMessage() II
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin
2 videos
Completed by 502 students
Takes Less than an hour on average
Ruby/Sinatra
Medium
postMessage() III
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
2 videos
Completed by 458 students
Takes Between 1 and 2 hours on average
Ruby/Sinatra
Medium
postMessage() IV
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used
1 video
Completed by 432 students
Takes Less than an hour on average
HTML/Javascript
Medium
CVE-2018-6574: go get RCE
This exercise covers a remote command execution in Golang's go get command.
1 video
Completed by 456 students
Takes Less than an hour on average
Medium
CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict
This exercise covers the exploitation of HTTPoxy against an old version of Golang
2 videos
Completed by 480 students
Takes Less than an hour on average
Medium
Cross-Origin Resource Sharing II
This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
1 video
Completed by 462 students
Takes Less than an hour on average
Ruby/Sinatra/Angular
Hard
CVE-2018-11235: Git Submodule RCE
This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution
Completed by 240 students
Takes Between 2 and 4 hours on average
Hard
Cross-Site Leak
This exercise covers how one can use Cross-Site Leak to recover sensitive information
1 video
Completed by 236 students
Takes Between 2 and 4 hours on average
Ruby