Orange Badge

133 Completed

15 Exercises

image for Cross-Site Request Forgery

Cross-Site Request Forgery

This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
2 videos
Completed by 649 students
Takes Less than an hour on average

image for JSON Cross-Site Request Forgery

JSON Cross-Site Request Forgery

This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
2 videos
Completed by 573 students
Takes Less than an hour on average

image for Introduction to CSP

Introduction to CSP

This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
1 video
Completed by 1242 students
Takes Less than an hour on average

image for XSS Include

XSS Include

This exercise covers how one can use Cross-Site-Scripting Include to leak information.
1 video
Completed by 439 students
Takes Less than an hour on average
Ruby/Rails

image for SVG XSS

SVG XSS

This exercise covers how one can use SVG to trigger a Cross-Site-Scripting.
1 video
Completed by 622 students
Takes Less than an hour on average
Ruby/Rails

image for Cross-Site WebSocket Hijacking

Cross-Site WebSocket Hijacking

This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
2 videos
Completed by 432 students
Takes Between 1 and 2 hours on average
Ruby/Sinatra

image for postMessage()

postMessage()

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
2 videos
Completed by 479 students
Takes Between 1 and 2 hours on average
Ruby/Sinatra

image for postMessage() II

postMessage() II

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin
2 videos
Completed by 409 students
Takes Less than an hour on average
Ruby/Sinatra

image for postMessage() III

postMessage() III

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
2 videos
Completed by 370 students
Takes Between 1 and 2 hours on average
Ruby/Sinatra

image for postMessage() IV

postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used
1 video
Completed by 348 students
Takes Less than an hour on average
HTML/Javascript

image for CVE-2018-6574: go get RCE

CVE-2018-6574: go get RCE

This exercise covers a remote command execution in Golang's go get command.
1 video
Completed by 378 students
Takes Less than an hour on average

image for CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

This exercise covers the exploitation of HTTPoxy against an old version of Golang
2 videos
Completed by 409 students
Takes Less than an hour on average

image for Cross-Origin Resource Sharing II

Cross-Origin Resource Sharing II

This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
1 video
Completed by 372 students
Takes Less than an hour on average
Ruby/Sinatra/Angular

image for CVE-2018-11235: Git Submodule RCE

CVE-2018-11235: Git Submodule RCE

This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution
Completed by 199 students
Takes Between 1 and 2 hours on average

image for Cross-Site Leak

Cross-Site Leak

This exercise covers how one can use Cross-Site Leak to recover sensitive information
1 video
Completed by 186 students
Takes Between 2 and 4 hours on average
Ruby

Black Friday Special! 2x 13.37% PRO subscription

See detail