10010101 101110 11001 001 101 0111 101101 01101

WE WILL HELP YOU GET TO THE NEXT LEVEL!

TRY OUR FREE EXERCISES OR GO PRO

FILTER

	EXERCISE	AVERAGE TIME TO COMPLETE	# OF USERS COMPLETED

	Python Snippet #02	< 1 Hr.	268
	Java Snippet #10	< 1 Hr.	38
	Java Snippet #11	< 1 Hr.	35
	Java Snippet #12	< 1 Hr.	26
	API Payments 02	< 1 Hr.	49
	GCM Nonce Reuse	< 1 Hr.	12
	CVE-2019-5x2x	< 1 Hr.	21
	Java Snippet #07	< 1 Hr.	98
	Java Snippet #08	< 1 Hr.	83
	Java Snippet #09	< 1 Hr.	57
	API Payments 01	< 1 Hr.	107
	CVE-2022-26xx9	< 1 Hr.	32
	Python Snippet #07	< 1 Hr.	92
	Python Snippet #08	< 1 Hr.	77
	Python Snippet #09	< 1 Hr.	104
	Mongo IDOR	< 1 Hr.	128
	CVE-2008-5x8x_ii	< 1 Hr.	40
	CVE-2005-2x8x	< 1 Hr.	55
	Python Snippet #06	< 1 Hr.	154
	Golang Snippet #01	< 1 Hr.	125
	Java Snippet #06	1-2 Hr.	89
	CVE-2022-21449	1-2 Hr.	28
	CVE-2021-33564 Argument Injection in Ruby Dragonfly	< 1 Hr.	44
	CVE-2021-45xx9	< 1 Hr.	57
	PHP Snippet #07	< 1 Hr.	185
	PHP Snippet #08	< 1 Hr.	148
	PHP Snippet #09	< 1 Hr.	151
	Python Snippet #03	< 1 Hr.	192
	Python Snippet #04	< 1 Hr.	168
	Python Snippet #05	< 1 Hr.	192
	CVE-2021-39x3x	< 1 Hr.	52
	CVE-2022-21724: JDBC RCE PostgreSQL	< 1 Hr.	44
	Java Snippet #04	< 1 Hr.	185
	Java Snippet #05	< 1 Hr.	164
	Ox Remote Code Execution II	> 4 Hr.	9
	CVE-2009-3x8x	< 1 Hr.	65
	HTTP 41	< 1 Hr.	630
	HTTP 42	< 1 Hr.	637
	HTTP 43	< 1 Hr.	616
	CVE-2021-381xx	< 1 Hr.	73
	H2 RCE	< 1 Hr.	24
	TypeScript Snippet #04	< 1 Hr.	112
	TypeScript Snippet #05	< 1 Hr.	146
	TypeScript Snippet #06	1-2 Hr.	92
	TypeScript Snippet #07	< 1 Hr.	88
	TypeScript Snippet #08	< 1 Hr.	105
	TypeScript Snippet #09	< 1 Hr.	128
	CVE-2008-4x9x	< 1 Hr.	76
	Log4j RCE II	1-2 Hr.	68
	Log4j RCE	1-2 Hr.	184
	CVE-2021-4379x	< 1 Hr.	111
	API 08	< 1 Hr.	334
	JDBC RCE	2-4 Hr.	17
	CVE-2008-1x3x	< 1 Hr.	106
	Golang Snippet #12	< 1 Hr.	150
	TypeScript Snippet #01	< 1 Hr.	217
	TypeScript Snippet #02	< 1 Hr.	190
	TypeScript Snippet #03	< 1 Hr.	194
	API 07	< 1 Hr.	386
	CVE-2021-40438	< 1 Hr.	132
	CVE-2021-41773	< 1 Hr.	241
	CVE-2021-41773 II	2-4 Hr.	66
	HTTP 36	< 1 Hr.	819
	HTTP 37	< 1 Hr.	801
	HTTP 38	< 1 Hr.	806
	HTTP 39	< 1 Hr.	785
	HTTP 40	< 1 Hr.	803
	CVE-2006-4xxx	< 1 Hr.	144
	CVE-2006-4xxx_ii	< 1 Hr.	103
	PHP Snippet #04	< 1 Hr.	347
	PHP Snippet #05	< 1 Hr.	306
	PHP Snippet #06	< 1 Hr.	349
	API 06	< 1 Hr.	428
	CVE-2021-37xxx	< 1 Hr.	96
	PHP Snippet #01	< 1 Hr.	614
	PHP Snippet #02	< 1 Hr.	494
	PHP Snippet #03	< 1 Hr.	363
	HTTP 31	< 1 Hr.	894
	HTTP 32	< 1 Hr.	883
	HTTP 35	< 1 Hr.	849
	HTTP 34	< 1 Hr.	854
	HTTP 33	< 1 Hr.	878
	API 05	< 1 Hr.	543
	API 04	< 1 Hr.	567
	Golang Snippet #02	< 1 Hr.	285
	Golang Snippet #03	< 1 Hr.	220
	Golang Snippet #04	< 1 Hr.	280
	Golang Snippet #05	< 1 Hr.	242
	Golang Snippet #06	< 1 Hr.	189
	Golang Snippet #07	< 1 Hr.	212
	Golang Snippet #08	< 1 Hr.	191
	Golang Snippet #09	< 1 Hr.	185
	Golang Snippet #10	< 1 Hr.	193
	Golang Snippet #11	< 1 Hr.	184
	Javascript Snippet #01	< 1 Hr.	442
	Javascript Snippet #02	< 1 Hr.	375
	Javascript Snippet #03	< 1 Hr.	372
	Javascript Snippet #04	< 1 Hr.	330
	Javascript Snippet #05	< 1 Hr.	346
	Javascript Snippet #06	< 1 Hr.	295
	Javascript Snippet #07	< 1 Hr.	319
	Python Snippet #01	< 1 Hr.	445
	Ruby Snippet #01	1-2 Hr.	110
	Ruby Snippet #02	< 1 Hr.	134
	Ruby Snippet #03	< 1 Hr.	152
	Ruby Snippet #04	< 1 Hr.	137
	Ruby Snippet #05	< 1 Hr.	140
	Ruby Snippet #06	< 1 Hr.	128
	Ruby Snippet #07	< 1 Hr.	112
	Ruby Snippet #08	< 1 Hr.	128
	Ruby Snippet #09	< 1 Hr.	121
	HTTP 26	< 1 Hr.	1000
	HTTP 27	< 1 Hr.	984
	HTTP 28	< 1 Hr.	961
	HTTP 29	< 1 Hr.	932
	HTTP 30	< 1 Hr.	902
	CVE-2020-17xx7	< 1 Hr.	175
	Ox Remote Code Execution	2-4 Hr.	17
	CVE-2020-9x9x	< 1 Hr.	124
	HTTP 21	< 1 Hr.	1078
	HTTP 22	< 1 Hr.	1062
	HTTP 23	< 1 Hr.	1048
	HTTP 24	< 1 Hr.	1045
	HTTP 25	< 1 Hr.	1043
	HTTP 16	< 1 Hr.	1145
	HTTP 20	< 1 Hr.	1091
	HTTP 18	< 1 Hr.	1125
	HTTP 19	< 1 Hr.	1103
	HTTP 17	< 1 Hr.	1135
	CVE-2020-17xx8	< 1 Hr.	128
	CVE-2021-22204: Exiftool RCE	1-2 Hr.	89
	SSRF via FFMPEG II	1-2 Hr.	72
	API 03	< 1 Hr.	556
	CVE-2020-11xxx	< 1 Hr.	143
	OAuth2: Authorization Server XSS II	< 1 Hr.	130
	HTTP 11	< 1 Hr.	1273
	HTTP 15	< 1 Hr.	1211
	HTTP 12	< 1 Hr.	1257
	HTTP 13	< 1 Hr.	1230
	HTTP 14	< 1 Hr.	1215
	API 02	< 1 Hr.	915
	Express Local File Read	< 1 Hr.	157
	OAuth2: Authorization Server XSS	1-2 Hr.	169
	HTTP 10	< 1 Hr.	1344
	HTTP 09	< 1 Hr.	1369
	HTTP 07	< 1 Hr.	1445
	HTTP 06	< 1 Hr.	1454
	HTTP 08	< 1 Hr.	1389
	HTTP 03	< 1 Hr.	1640
	HTTP 04	< 1 Hr.	1582
	HTTP 05	< 1 Hr.	1551
	HTTP 02	< 1 Hr.	1710
	HTTP 01	< 1 Hr.	1830
	API 01	< 1 Hr.	1214
	JSON Web Token XIII	1-2 Hr.	72
	SAML: Comment Injection II	< 1 Hr.	272
	Recon 24	< 1 Hr.	1612
	Recon 25	1-2 Hr.	1023
	Recon 26	< 1 Hr.	1631
	SSRF via FFMPEG	1-2 Hr.	143
	SAML: Signature Wrapping II	< 1 Hr.	197
	RCE via argument injection	2-4 Hr.	20
	Code Review 16	< 1 Hr.	61
	SAML: Signature Wrapping	< 1 Hr.	257
	Recon 20	< 1 Hr.	1805
	Recon 21	< 1 Hr.	1783
	Recon 22	< 1 Hr.	1675
	Recon 23	< 1 Hr.	1690
	SAML: SAMLResponse forwarding	< 1 Hr.	235
	CGI and Signature	< 1 Hr.	97
	Recon 17	< 1 Hr.	1954
	Recon 18	< 1 Hr.	1848
	Recon 19	< 1 Hr.	1698
	Code Review 15	< 1 Hr.	61
	Code Review 14	< 1 Hr.	66
	CVE-2020-14343: PyYAML unsafe loader	< 1 Hr.	159
	OAuth2: State Fixation	1-2 Hr.	212
	Code Review 13	2-4 Hr.	49
	CVE-2020-7115: Aruba Clearpass RCE	1-2 Hr.	105
	Code Review 12	< 1 Hr.	97
	OAuth2: Predictable State II	1-2 Hr.	143
	Recon 13	< 1 Hr.	2400
	Recon 14	< 1 Hr.	2190
	Recon 15	< 1 Hr.	1832
	Recon 16	< 1 Hr.	2017
	EDDSA vulnerability in Monocypher	1-2 Hr.	57
	Code Review 11	2-4 Hr.	27
	OAuth2: Predictable State	2-4 Hr.	158
	Code Review 10	< 1 Hr.	76
	Recon 11	< 1 Hr.	2081
	Recon 12	< 1 Hr.	2439
	Unicode and NFKC	< 1 Hr.	154
	SAML: Trusted Embedded Key	< 1 Hr.	240
	Recon 06	< 1 Hr.	4089
	Recon 07	< 1 Hr.	3594
	Recon 08	< 1 Hr.	3215
	CVE-2020-8163: Rails local name RCE	2-4 Hr.	130
	SAML: Known Key	1-2 Hr.	228
	Code Review 09	1-2 Hr.	64
	Recon 04	< 1 Hr.	5358
	Recon 05	< 1 Hr.	4057
	Recon 01	< 1 Hr.	6995
	OAuth2: Client Server XSS	1-2 Hr.	208
	Zip symlink	< 1 Hr.	366
	Code Review 08	1-2 Hr.	67
	SAML: Comment Injection	< 1 Hr.	1007
	Unicode and Downcase	< 1 Hr.	387
	Code Review 07	1-2 Hr.	86
	Java Serialize 01	< 1 Hr.	220
	Unicode and Uppercase	< 1 Hr.	437
	Code Review 06	2-4 Hr.	37
	Cross-Site Leak	2-4 Hr.	411
	From SQL injection to Shell III: PostgreSQL Edition	2-4 Hr.	108
	OAuth2: Client CSRF II	2-4 Hr.	318
	XSS Include	< 1 Hr.	937
	OAuth2: Client CSRF	< 1 Hr.	672
	Code Review 05	2-4 Hr.	65
	Code Review 04	1-2 Hr.	165
	JS Prototype Pollution	< 1 Hr.	580
	OAuth2: Authorization Server CSRF	1-2 Hr.	789
	Code Review 03	2-4 Hr.	73
	SSRF in PDF generation	< 1 Hr.	598
	OAuth2: Github HTTP HEAD	1-2 Hr.	312
	SVG XSS	< 1 Hr.	1258
	Apache Pluto RCE	< 1 Hr.	354
	JSON Cross-Site Request Forgery	< 1 Hr.	1116
	Cross-Site Request Forgery	< 1 Hr.	1220
	Code Review 02	1-2 Hr.	194
	postMessage() IV	< 1 Hr.	694
	Spring Actuators	1-2 Hr.	189
	postMessage() III	1-2 Hr.	711
	postMessage() II	< 1 Hr.	786
	PHP phar://	< 1 Hr.	236
	Signing Oracle	< 1 Hr.	550
	Length Extension Attack	1-2 Hr.	493
	JSON Web Encryption	< 1 Hr.	351
	postMessage()	< 1 Hr.	890
	CVE-2019-5418	1-2 Hr.	339
	Cross-Site WebSocket Hijacking	< 1 Hr.	821
	JWT XII	1-2 Hr.	452
	Cross-Origin Resource Sharing II	< 1 Hr.	768
	JWT XI	1-2 Hr.	448
	cve-2019-5420 II	1-2 Hr.	383
	OAuth2: Client OpenRedirect	< 1 Hr.	610
	CVE-2019-5420	2-4 Hr.	605
	JWT X	< 1 Hr.	513
	GraphQL: SQL Injection	1-2 Hr.	905
	OAuth2: Authorization Server OpenRedirect	< 1 Hr.	700
	JWT IX	< 1 Hr.	594
	Gogs RCE II	< 1 Hr.	404
	JWT VIII	1-2 Hr.	641
	SAML: Signature Stripping	< 1 Hr.	1402
	GraphQL Introspection	< 1 Hr.	1610
	Gogs RCE	1-2 Hr.	458
	Android 07	1-2 Hr.	978
	Android 06	< 1 Hr.	1149
	Android 05	1-2 Hr.	1367
	Ruby 2.x Universal RCE Deserialization Gadget Chain	< 1 Hr.	1000
	CVE-2018-10933: LibSSH auth bypass	--	0
	Android 04	< 1 Hr.	1746
	Android 03	< 1 Hr.	2353
	From SQL injection to Shell III	1-2 Hr.	763
	Android 02	< 1 Hr.	2576
	IDOR to Shell	1-2 Hr.	731
	Android 01	< 1 Hr.	2754
	Introduction to CSP	< 1 Hr.	1958
	CVE-2018-11235: Git Submodule RCE	2-4 Hr.	379
	Git Information Leak II	< 1 Hr.	1919
	Git Information Leak	< 1 Hr.	2532
	JWT VII	< 1 Hr.	2414
	CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict	< 1 Hr.	683
	Unix 31	< 1 Hr.	10862
	Unix 30	< 1 Hr.	10893
	Unix 25	< 1 Hr.	11392
	Unix 32	< 1 Hr.	10846
	Unix 34	< 1 Hr.	10792
	Unix 33	< 1 Hr.	10826
	Unix 27	< 1 Hr.	11253
	Unix 29	< 1 Hr.	11196
	Unix 28	< 1 Hr.	11211
	Unix 26	< 1 Hr.	11321
	CBC-MAC II	1-2 Hr.	1300
	JWT VI	< 1 Hr.	1872
	CVE-2018-6574: go get RCE	< 1 Hr.	671
	Unix 11	< 1 Hr.	14996
	Unix 12	< 1 Hr.	14602
	Unix 13	< 1 Hr.	14001
	Unix 14	< 1 Hr.	13689
	Unix 15	< 1 Hr.	12558
	Unix 16	< 1 Hr.	12295
	Unix 17	< 1 Hr.	12494
	Unix 18	< 1 Hr.	12435
	Unix 19	< 1 Hr.	12362
	Unix 20	< 1 Hr.	11610
	Unix 21	< 1 Hr.	11747
	Unix 22	< 1 Hr.	11633
	Unix 23	< 1 Hr.	11454
	Unix 24	< 1 Hr.	11397
	JWT V	< 1 Hr.	2235
	CVE-2018-0114	2-4 Hr.	1368
	JWT IV	< 1 Hr.	1982
	CBC-MAC	1-2 Hr.	1260
	JWT III	1-2 Hr.	2122
	Code Execution 09	< 1 Hr.	8273
	Server Side Template Injection 02	< 1 Hr.	6495
	MongoDB Injection 02	1-2 Hr.	6556
	Authorization 06	< 1 Hr.	11145
	Code Execution 08	< 1 Hr.	8393
	Authorization 04	< 1 Hr.	12042
	Authorization 05	< 1 Hr.	11605
	Command Execution 03	< 1 Hr.	8627
	Server Side Template Injection 01	< 1 Hr.	6495
	Code Execution 05	< 1 Hr.	9557
	Code Execution 06	< 1 Hr.	9362
	Code Execution 07	< 1 Hr.	9155
	Introduction to code review	--	0
	S2-052	< 1 Hr.	1954
	SQL Injection 06	< 1 Hr.	7055
	XML Attacks 01	< 1 Hr.	6837
	XML Attacks 02	< 1 Hr.	6524
	SQL Injection 04	< 1 Hr.	7455
	SQL Injection 05	< 1 Hr.	7396
	SQL Injection 01	< 1 Hr.	8227
	SQL Injection 02	< 1 Hr.	7981
	SQL Injection 03	< 1 Hr.	7794
	Code Execution 02	< 1 Hr.	10568
	Authorization 03	< 1 Hr.	12841
	Command Execution 01	< 1 Hr.	8976
	Command Execution 02	< 1 Hr.	8726
	Server Side Request Forgery 04	< 1 Hr.	7368
	Open Redirect 01	< 1 Hr.	7578
	Open Redirect 02	< 1 Hr.	7344
	MongoDB Injection 01	< 1 Hr.	7732
	SAML: Introduction	< 1 Hr.	1912
	Server Side Request Forgery 02	< 1 Hr.	7643
	Server Side Request Forgery 03	< 1 Hr.	7618
	Server Side Request Forgery 01	< 1 Hr.	7776
	XSS 09	< 1 Hr.	6887
	XSS 10	< 1 Hr.	6404
	Directory Traversal 01	< 1 Hr.	9069
	Directory Traversal 02	< 1 Hr.	8941
	Directory Traversal 03	< 1 Hr.	8852
	XSS 02	< 1 Hr.	8101
	XSS 03	< 1 Hr.	7826
	XSS 04	< 1 Hr.	7439
	XSS 05	< 1 Hr.	7235
	XSS 06	< 1 Hr.	7215
	XSS 07	< 1 Hr.	7093
	XSS 08	< 1 Hr.	6981
	File Upload 01	< 1 Hr.	7074
	File Upload 02	< 1 Hr.	6998
	XSS 01	< 1 Hr.	8385
	Authentication 05	< 1 Hr.	13124
	Code Execution 03	< 1 Hr.	10077
	Code Execution 04	< 1 Hr.	9899
	File Include 01	< 1 Hr.	8461
	File Include 02	< 1 Hr.	8283
	LDAP 01	< 1 Hr.	8212
	LDAP 02	< 1 Hr.	7879
	Authentication 04	< 1 Hr.	13755
	Authentication 01	< 1 Hr.	14903
	Authentication 02	< 1 Hr.	14406
	Authentication 03	< 1 Hr.	14001
	Authorization 01	< 1 Hr.	13282
	Authorization 02	< 1 Hr.	13030
	Code Execution 01	< 1 Hr.	11181
	CVE-2016-10033: PHPMailer RCE	< 1 Hr.	2947
	Cipher block chaining	1-2 Hr.	2250
	Struts s2-045	< 1 Hr.	2188
	CVE-2016-2098	< 1 Hr.	2833
	CVE-2014-4511: Gitlist RCE	--	0
	ECDSA	2-4 Hr.	299
	Werkzeug DEBUG	< 1 Hr.	1301
	Padding Oracle	1-2 Hr.	724
	Unickle	1-2 Hr.	580
	CVE-2015-3224	< 1 Hr.	1303
	Luhn	2-4 Hr.	525
	CVE-2013-0156: Rails Object Injection	< 1 Hr.	3258
	JSON Web Token II	1-2 Hr.	2813
	CVE-2016-0792	< 1 Hr.	3821
	ObjectInputStream	< 1 Hr.	3501
	XMLDecoder	< 1 Hr.	4270
	CVE-2014-1266	1-2 Hr.	997
	CVE-2011-0228	1-2 Hr.	1150
	Intercept 03	< 1 Hr.	1408
	Intercept 02	< 1 Hr.	1541
	Intercept 01	1-2 Hr.	1690
	Struts devMode	--	0
	JSON Web Token	< 1 Hr.	7950
	Cross-Origin Resource Sharing	--	0
	API to Shell	2-4 Hr.	2784
	Pickle Code Execution	< 1 Hr.	5202
	Play XML Entities	1-2 Hr.	1779
	CVE-2014-6271/Shellshock	< 1 Hr.	7247
	Play Session Injection	< 1 Hr.	2231
	CVE-2007-1860: mod_jk double-decoding	1-2 Hr.	4999
	XSS and MySQL FILE	--	0
	Electronic Code Book	1-2 Hr.	4767
	Web for Pentester II	--	0
	From SQL Injection to Shell II	--	0
	CVE-2012-6081: MoinMoin code execution	--	0
	Web for Pentester	--	0
	Axis2 Web service and Tomcat Manager	--	0
	CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability	--	0
	From SQL Injection to Shell: PostgreSQL edition	--	0
	Rack Cookies and Commands injection	--	0
	Linux Host Review	--	0
	CVE-2012-2661: ActiveRecord SQL injection	--	0
	CVE-2012-1823: PHP CGI	--	0
	PHP Include And Post Exploitation	--	0
	From SQL Injection to Shell	< 1 Hr.	6618
	Code Review 01	1-2 Hr.	311
	Introduction 01	< 1 Hr.	21948
	Recon 00	< 1 Hr.	6984
	Introduction 02	< 1 Hr.	21694
	Recon 02	< 1 Hr.	5809
	Introduction 03	< 1 Hr.	21254
	Recon 03	< 1 Hr.	5175
	Introduction 00	< 1 Hr.	22643
	Recon 10	< 1 Hr.	2274
	Recon 09	< 1 Hr.	3632
	Code Review 17	1-2 Hr.	27
	Unix 00	< 1 Hr.	19220
	Unix 01	< 1 Hr.	18789
	Unix 02	< 1 Hr.	18628
	Unix 03	< 1 Hr.	18404
	Unix 04	< 1 Hr.	18176
	Unix 05	< 1 Hr.	17310
	Unix 06	< 1 Hr.	16640
	Unix 07	< 1 Hr.	16387
	Unix 08	< 1 Hr.	16147
	Unix 09	< 1 Hr.	15662
	Unix 10	< 1 Hr.	15261
	PCAP 01	< 1 Hr.	5883
	PCAP 02	< 1 Hr.	5751
	PCAP 03	< 1 Hr.	5670
	PCAP 04	< 1 Hr.	5448
	PCAP 05	< 1 Hr.	5354
	PCAP 06	< 1 Hr.	5274
	PCAP 07	< 1 Hr.	5224
	PCAP 08	< 1 Hr.	5184
	PCAP 09	< 1 Hr.	5158
	PCAP 10	< 1 Hr.	4882
	PCAP 11	< 1 Hr.	4871
	PCAP 12	< 1 Hr.	4857
	PCAP 13	< 1 Hr.	4907
	Java Snippet #01	< 1 Hr.	320
	PCAP 14	< 1 Hr.	4891
	Java Snippet #02	< 1 Hr.	285
	PCAP 15	< 1 Hr.	4880
	Java Snippet #03	< 1 Hr.	259
	PCAP 16	< 1 Hr.	4855
	PCAP 17	< 1 Hr.	4804
	PCAP 18	< 1 Hr.	4798
	PCAP 19	< 1 Hr.	4775
	PCAP 20	< 1 Hr.	4693
	PCAP 21	< 1 Hr.	4647
	PCAP 22	< 1 Hr.	4628
	PCAP 23	< 1 Hr.	4622
	PCAP 24	< 1 Hr.	4612
	PCAP 25	< 1 Hr.	4614
	PCAP 26	< 1 Hr.	4611
	PCAP 27	< 1 Hr.	4561
	PCAP 28	< 1 Hr.	4543
	PCAP 29	< 1 Hr.	4532
	PCAP 30	< 1 Hr.	4509
	PCAP 31	< 1 Hr.	4493
	PCAP 32	< 1 Hr.	4432
	CVE-2021-4xx50	< 1 Hr.	186
	PCAP 33	< 1 Hr.	4361
	PCAP 34	< 1 Hr.	4408
	PCAP 35	< 1 Hr.	4469
	Android 08	1-2 Hr.	925
No search results found...