Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
JS Sandbox: AST-Based Filtering
This exercise covers bypassing AST-based sandbox filtering using computed property access or Reflect.get().
|
-- |  |
0 | PRO |
|
|
JS Sandbox: vm.runInNewContext Empty Context
This exercise covers escaping Node.js vm.runInNewContext with an empty sandbox object via the constructor chain.
|
-- | |
0 | PRO |
|
|
JS Sandbox: Type Confusion Bypass
This exercise covers bypassing string sanitization by sending an object when the sanitizer expects a string.
|
-- | |
0 | PRO |
|
|
JS Sandbox: Regex Filter Bypass
This exercise covers bypassing regex filters with hex escapes, unicode escapes, or base64 decoding.
|
-- | |
0 | PRO |
|
CVE-2025-XXXXX
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- |  |
0 | PRO |
|
|
CVE-2026-XX292
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
1 | PRO |
|
|
CVE-2026-XX822
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
1 | PRO |
|
|
CVE-2024-X7X95
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- | |
0 | PRO |
|
|
CVE-2026-XX27
This challenge covers the review of a CVE in a javascript codebase and its patch
|
-- | |
1 | PRO |
|
|
Web Fundamentals: Content Delivery Network | -- | |
0 | PRO |
|
|
Web Fundamentals: Virtual Hosts | -- | |
1 | PRO |
|
Web Fundamentals: HTTP | -- | |
1 | PRO |
|
|
Web Fundamentals: URL Parsing | -- | |
1 | PRO |
|
|
Web Fundamentals: JSON | -- | |
0 | PRO |
|
|
Web Fundamentals: URL Encoding | < 1 Hr. | |
10 | PRO |
|
|
Web Fundamentals: HTML | -- | |
1 | PRO |
|
|
Web Fundamentals: Cookies | -- | |
0 | PRO |
|
|
Web Fundamentals: HTML Forms | -- | |
1 | PRO |
|
|
JS Sandbox: Prototype Chain Navigation
This exercise covers navigating __proto__, .constructor, and .prototype from a string literal to reach the Function constructor.
|
-- |  |
1 | PRO |
|
|
JS Sandbox: The Function Constructor
This exercise covers using Function(...)() as an eval alternative to execute arbitrary code in an app that blocks eval.
|
-- | |
0 | PRO |
|
|
JS Sandbox: From Sandbox Escape to RCE
This exercise covers the standard Node.js RCE chain: process -> mainModule -> require('child_process') -> execSync.
|
-- | |
0 | PRO |
|
|
JS Sandbox: Keyword Blocklist Bypass
This exercise covers bypassing indexOf/includes blocklists with bracket notation and string concatenation.
|
-- | |
0 | PRO |
|
|
CVE-2026-XX977
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
0 | PRO |
|
|
CVE-2026-XX928
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
0 | PRO |
|
|
CVE-2026-XX762
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
0 | PRO |
|
|
CVE-2026-XX953
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
0 | PRO |
|
|
CVE-2026-XX230
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
0 | PRO |
|
|
CVE-2026-XX790
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
26 | PRO |
|
|
CVE-2026-XX130
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
31 | PRO |
|
|
CVE-2023-51XX9
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
25 | PRO |
Showing 1–30 of 726 exercises
Free Labs of the Month
