Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Web Fundamentals: Same-Origin Policy Introduction | -- |  |
9 | PRO |
|
|
Web Fundamentals: CORS Introduction | -- | |
10 | PRO |
|
|
Web Fundamentals: GraphQL | -- | |
9 | PRO |
|
|
Web Fundamentals: WebSockets | -- | |
10 | PRO |
|
Web Fundamentals: API | -- | |
12 | PRO |
|
|
Web Fundamentals: Sessions | -- | |
31 | PRO |
|
|
Web Fundamentals: Client-Side Code | -- | |
36 | PRO |
|
|
Web Fundamentals: Databases | -- | |
33 | PRO |
|
|
Web Fundamentals: Server-Side Code | -- | |
32 | PRO |
|
|
JS Sandbox: static-eval Direct Constructor Access
This exercise covers exploiting the original unpatched static-eval with unrestricted property access on functions.
|
< 1 Hr. |  |
9 | PRO |
|
|
JS Sandbox: vm.runInNewContext Null Prototype
This exercise covers escaping vm.runInNewContext when the context is created with Object.create(null) so this.constructor is undefined.
|
< 1 Hr. | |
9 | PRO |
|
|
JS Sandbox: static-eval Destructuring Parameter Bypass
This exercise covers bypassing static-eval parameter validation using destructured parameters (ObjectPattern).
|
< 1 Hr. | |
5 | PRO |
|
|
JS Sandbox: static-eval Function Property Blocked
This exercise covers bypassing post-2.0 static-eval that blocks member access on functions, using anonymous function bodies.
|
< 1 Hr. | |
9 | PRO |
|
|
JS Sandbox: vm.runInNewContext Restricted Globals
This exercise covers escaping vm.runInNewContext when specific safe objects are provided but frozen, using Error objects or Promise callbacks.
|
< 1 Hr. | |
9 | PRO |
|
CVE-2026-XX242
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
27 | PRO |
|
|
CVE-2026-XX738
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
27 | PRO |
|
|
Web Fundamentals: Introduction | < 1 Hr. | |
73 | PRO |
|
|
JS Sandbox: Type Confusion Bypass
This exercise covers bypassing string sanitization by sending an object when the sanitizer expects a string.
|
-- | |
13 | PRO |
|
|
JS Sandbox: AST-Based Filtering
This exercise covers bypassing AST-based sandbox filtering using computed property access or Reflect.get().
|
-- | |
13 | PRO |
|
|
JS Sandbox: vm.runInNewContext Empty Context
This exercise covers escaping Node.js vm.runInNewContext with an empty sandbox object via the constructor chain.
|
-- | |
11 | PRO |
|
|
JS Sandbox: Regex Filter Bypass
This exercise covers bypassing regex filters with hex escapes, unicode escapes, or base64 decoding.
|
< 1 Hr. | |
15 | PRO |
|
|
CVE-2025-XXXXX
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
< 1 Hr. | |
26 | PRO |
|
|
CVE-2026-XX27
This challenge covers the review of a CVE in a javascript codebase and its patch
|
-- | |
31 | PRO |
|
|
CVE-2024-X7X95
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
< 1 Hr. | |
24 | PRO |
|
|
CVE-2026-XX822
This challenge covers the review of a CVE in a typescript codebase and its patch
|
< 1 Hr. | |
36 | PRO |
|
|
CVE-2026-XX292
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
35 | PRO |
|
|
Web Fundamentals: Content Delivery Network | < 1 Hr. | |
61 | PRO |
|
|
Web Fundamentals: Virtual Hosts | < 1 Hr. | |
66 | PRO |
|
|
Web Fundamentals: URL Parsing | < 1 Hr. | |
94 | PRO |
|
Web Fundamentals: HTTP | < 1 Hr. | |
88 | PRO |
Showing 1–30 of 743 exercises
Free Labs of the Month
