10010101 101110 11001 001 101 0111 101101 01101

WE WILL HELP YOU GET TO THE NEXT LEVEL!

TRY OUR FREE EXERCISES OR GO PRO

FILTER

	EXERCISE	AVERAGE TIME TO COMPLETE	# OF USERS COMPLETED

	CVE-2021-381xx	< 1 Hr.	16
	H2 RCE	< 1 Hr.	6
	TypeScript Snippet #04	< 1 Hr.	18
	TypeScript Snippet #05	< 1 Hr.	29
	TypeScript Snippet #06	2-4 Hr.	16
	TypeScript Snippet #07	< 1 Hr.	18
	TypeScript Snippet #08	< 1 Hr.	18
	TypeScript Snippet #09	< 1 Hr.	26
	CVE-2008-4x9x	< 1 Hr.	23
	Log4j RCE II	< 1 Hr.	39
	Log4j RCE	1-2 Hr.	143
	CVE-2021-4379x	< 1 Hr.	33
	API 08	< 1 Hr.	74
	JDBC RCE	2-4 Hr.	3
	CVE-2008-1x3x	< 1 Hr.	36
	Golang Snippet #12	< 1 Hr.	64
	Python Snippet #02	< 1 Hr.	88
	TypeScript Snippet #01	< 1 Hr.	75
	TypeScript Snippet #02	< 1 Hr.	67
	TypeScript Snippet #03	< 1 Hr.	68
	API 07	< 1 Hr.	70
	CVE-2021-40438	< 1 Hr.	74
	CVE-2021-41773	< 1 Hr.	148
	CVE-2021-41773 II	1-2 Hr.	23
	HTTP 36	< 1 Hr.	256
	HTTP 37	< 1 Hr.	240
	HTTP 38	< 1 Hr.	249
	HTTP 39	< 1 Hr.	228
	HTTP 40	< 1 Hr.	245
	CVE-2006-4xxx	< 1 Hr.	72
	CVE-2006-4xxx_ii	< 1 Hr.	49
	PHP Snippet #04	< 1 Hr.	158
	PHP Snippet #05	< 1 Hr.	103
	PHP Snippet #06	< 1 Hr.	162
	API 06	< 1 Hr.	122
	CVE-2021-37xxx	< 1 Hr.	49
	PHP Snippet #01	< 1 Hr.	310
	PHP Snippet #02	< 1 Hr.	243
	PHP Snippet #03	< 1 Hr.	161
	HTTP 31	< 1 Hr.	333
	HTTP 32	< 1 Hr.	327
	HTTP 35	< 1 Hr.	293
	HTTP 34	< 1 Hr.	300
	HTTP 33	< 1 Hr.	324
	API 05	< 1 Hr.	182
	API 04	< 1 Hr.	192
	Golang Snippet #1	< 1 Hr.	263
	Golang Snippet #02	< 1 Hr.	160
	Golang Snippet #03	< 1 Hr.	122
	Golang Snippet #04	< 1 Hr.	151
	Golang Snippet #05	< 1 Hr.	133
	Golang Snippet #06	< 1 Hr.	110
	Golang Snippet #07	< 1 Hr.	114
	Golang Snippet #08	< 1 Hr.	105
	Golang Snippet #09	< 1 Hr.	104
	Golang Snippet #10	< 1 Hr.	103
	Golang Snippet #11	< 1 Hr.	98
	Javascript Snippet #01	< 1 Hr.	202
	Javascript Snippet #02	< 1 Hr.	182
	Javascript Snippet #03	< 1 Hr.	183
	Javascript Snippet #04	< 1 Hr.	162
	Javascript Snippet #05	< 1 Hr.	172
	Javascript Snippet #06	< 1 Hr.	147
	Javascript Snippet #07	< 1 Hr.	161
	Python Snippet #01	< 1 Hr.	190
	Ruby Snippet #01	1-2 Hr.	56
	Ruby Snippet #02	< 1 Hr.	72
	Ruby Snippet #03	< 1 Hr.	82
	Ruby Snippet #04	< 1 Hr.	74
	Ruby Snippet #05	< 1 Hr.	73
	Ruby Snippet #06	< 1 Hr.	68
	Ruby Snippet #07	< 1 Hr.	60
	Ruby Snippet #08	< 1 Hr.	67
	Ruby Snippet #09	< 1 Hr.	63
	HTTP 26	< 1 Hr.	400
	HTTP 27	< 1 Hr.	392
	HTTP 28	< 1 Hr.	380
	HTTP 29	< 1 Hr.	364
	HTTP 30	< 1 Hr.	344
	CVE-2020-17xx7	< 1 Hr.	102
	Ox Remote Code Execution	2-4 Hr.	9
	CVE-2020-9x9x	< 1 Hr.	73
	HTTP 21	< 1 Hr.	464
	HTTP 22	< 1 Hr.	461
	HTTP 23	< 1 Hr.	454
	HTTP 24	< 1 Hr.	452
	HTTP 25	< 1 Hr.	448
	HTTP 16	< 1 Hr.	517
	HTTP 20	< 1 Hr.	481
	HTTP 18	< 1 Hr.	503
	HTTP 19	< 1 Hr.	488
	HTTP 17	< 1 Hr.	511
	CVE-2020-17xx8	< 1 Hr.	82
	CVE-2021-22204: Exiftool RCE	< 1 Hr.	53
	SSRF via FFMPEG II	< 1 Hr.	43
	API 03	< 1 Hr.	180
	CVE-2020-11xxx	< 1 Hr.	94
	OAuth2: Authorization Server XSS II	< 1 Hr.	89
	HTTP 11	< 1 Hr.	624
	HTTP 15	< 1 Hr.	591
	HTTP 12	< 1 Hr.	612
	HTTP 13	< 1 Hr.	595
	HTTP 14	< 1 Hr.	591
	API 02	< 1 Hr.	471
	Express Local File Read	< 1 Hr.	101
	OAuth2: Authorization Server XSS	< 1 Hr.	116
	HTTP 10	< 1 Hr.	679
	HTTP 09	< 1 Hr.	698
	HTTP 07	< 1 Hr.	748
	HTTP 06	< 1 Hr.	747
	HTTP 08	< 1 Hr.	705
	HTTP 03	< 1 Hr.	890
	HTTP 04	< 1 Hr.	847
	HTTP 05	< 1 Hr.	833
	HTTP 02	< 1 Hr.	924
	HTTP 01	< 1 Hr.	1006
	API 01	< 1 Hr.	699
	JSON Web Token XIII	< 1 Hr.	53
	SAML: Comment Injection II	< 1 Hr.	198
	Recon 24	< 1 Hr.	1030
	Recon 25	1-2 Hr.	686
	Recon 26	< 1 Hr.	1086
	SSRF via FFMPEG	1-2 Hr.	99
	SAML: Signature Wrapping II	< 1 Hr.	143
	RCE via argument injection	2-4 Hr.	13
	Code Review 16	< 1 Hr.	44
	SAML: Signature Wrapping	< 1 Hr.	182
	Recon 20	< 1 Hr.	1246
	Recon 21	< 1 Hr.	1236
	Recon 22	< 1 Hr.	1143
	Recon 23	< 1 Hr.	1162
	SAML: SAMLResponse forwarding	< 1 Hr.	175
	CGI and Signature	< 1 Hr.	69
	Recon 17	< 1 Hr.	1371
	Recon 18	< 1 Hr.	1300
	Recon 19	< 1 Hr.	1173
	Code Review 15	< 1 Hr.	44
	Code Review 14	< 1 Hr.	46
	CVE-2020-14343: PyYAML unsafe loader	< 1 Hr.	125
	OAuth2: State Fixation	1-2 Hr.	161
	Code Review 13	2-4 Hr.	37
	CVE-2020-7115: Aruba Clearpass RCE	1-2 Hr.	76
	Code Review 12	< 1 Hr.	70
	OAuth2: Predictable State II	1-2 Hr.	111
	Recon 13	< 1 Hr.	1730
	Recon 14	< 1 Hr.	1589
	Recon 15	< 1 Hr.	1308
	Recon 16	< 1 Hr.	1460
	EDDSA vulnerability in Monocypher	1-2 Hr.	42
	Code Review 11	> 4 Hr.	20
	OAuth2: Predictable State	2-4 Hr.	121
	Code Review 10	< 1 Hr.	61
	Recon 11	< 1 Hr.	1501
	Recon 12	< 1 Hr.	1794
	Unicode and NFKC	< 1 Hr.	126
	SAML: Trusted Embedded Key	< 1 Hr.	164
	Recon 06	< 1 Hr.	2911
	Recon 07	< 1 Hr.	2551
	Recon 08	< 1 Hr.	2260
	CVE-2020-8163: Rails local name RCE	2-4 Hr.	104
	SAML: Known Key	1-2 Hr.	143
	Code Review 09	1-2 Hr.	56
	Recon 04	< 1 Hr.	3755
	Recon 05	< 1 Hr.	2883
	Recon 01	< 1 Hr.	4706
	OAuth2: Client Server XSS	1-2 Hr.	156
	Zip symlink	< 1 Hr.	310
	Code Review 08	2-4 Hr.	52
	SAML: Comment Injection	< 1 Hr.	871
	Unicode and Downcase	< 1 Hr.	332
	Code Review 07	1-2 Hr.	76
	Java Serialize 01	< 1 Hr.	194
	Unicode and Uppercase	< 1 Hr.	384
	Code Review 06	2-4 Hr.	33
	Cross-Site Leak	2-4 Hr.	349
	From SQL injection to Shell III: PostgreSQL Edition	2-4 Hr.	91
	OAuth2: Client CSRF II	2-4 Hr.	259
	XSS Include	< 1 Hr.	805
	OAuth2: Client CSRF	< 1 Hr.	582
	Code Review 05	2-4 Hr.	60
	Code Review 04	1-2 Hr.	155
	JS Prototype Pollution	< 1 Hr.	499
	OAuth2: Authorization Server CSRF	1-2 Hr.	689
	Code Review 03	2-4 Hr.	62
	SSRF in PDF generation	< 1 Hr.	522
	OAuth2: Github HTTP HEAD	1-2 Hr.	272
	SVG XSS	< 1 Hr.	1095
	Apache Pluto RCE	< 1 Hr.	308
	JSON Cross-Site Request Forgery	< 1 Hr.	984
	Cross-Site Request Forgery	< 1 Hr.	1115
	Code Review 02	1-2 Hr.	174
	postMessage() IV	< 1 Hr.	607
	Spring Actuators	1-2 Hr.	157
	postMessage() III	1-2 Hr.	624
	postMessage() II	< 1 Hr.	689
	PHP phar://	< 1 Hr.	212
	Signing Oracle	< 1 Hr.	493
	Length Extension Attack	1-2 Hr.	407
	JSON Web Encryption	< 1 Hr.	304
	postMessage()	< 1 Hr.	784
	CVE-2019-5418	1-2 Hr.	285
	Cross-Site WebSocket Hijacking	< 1 Hr.	725
	JWT XII	1-2 Hr.	387
	Cross-Origin Resource Sharing II	< 1 Hr.	663
	JWT XI	1-2 Hr.	383
	cve-2019-5420 II	1-2 Hr.	321
	OAuth2: Client OpenRedirect	< 1 Hr.	550
	CVE-2019-5420	2-4 Hr.	516
	JWT X	< 1 Hr.	438
	GraphQL: SQL Injection	1-2 Hr.	754
	OAuth2: Authorization Server OpenRedirect	1-2 Hr.	637
	JWT IX	< 1 Hr.	514
	Gogs RCE II	< 1 Hr.	345
	JWT VIII	1-2 Hr.	556
	SAML: Signature Stripping	< 1 Hr.	1273
	GraphQL Introspection	< 1 Hr.	1416
	Gogs RCE	1-2 Hr.	395
	Android 07	1-2 Hr.	868
	Android 06	1-2 Hr.	1026
	Android 05	1-2 Hr.	1231
	Ruby 2.x Universal RCE Deserialization Gadget Chain	< 1 Hr.	872
	CVE-2018-10933: LibSSH auth bypass	--	0
	Android 04	< 1 Hr.	1576
	Android 03	< 1 Hr.	2109
	From SQL injection to Shell III	1-2 Hr.	654
	Android 02	< 1 Hr.	2325
	IDOR to Shell	1-2 Hr.	642
	Android 01	< 1 Hr.	2490
	Introduction to CSP	< 1 Hr.	1811
	CVE-2018-11235: Git Submodule RCE	2-4 Hr.	323
	Git Information Leak II	< 1 Hr.	1712
	Git Information Leak	< 1 Hr.	2270
	JWT VII	< 1 Hr.	2142
	CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict	< 1 Hr.	602
	Unix 31	< 1 Hr.	9909
	Unix 30	< 1 Hr.	9925
	Unix 25	< 1 Hr.	10389
	Unix 32	< 1 Hr.	9896
	Unix 34	< 1 Hr.	9854
	Unix 33	< 1 Hr.	9878
	Unix 27	< 1 Hr.	10261
	Unix 29	< 1 Hr.	10209
	Unix 28	< 1 Hr.	10224
	Unix 26	< 1 Hr.	10313
	CBC-MAC II	1-2 Hr.	1156
	JWT VI	< 1 Hr.	1665
	CVE-2018-6574: go get RCE	< 1 Hr.	591
	Unix 11	< 1 Hr.	13586
	Unix 12	< 1 Hr.	13228
	Unix 13	< 1 Hr.	12691
	Unix 14	< 1 Hr.	12431
	Unix 15	< 1 Hr.	11412
	Unix 16	< 1 Hr.	11186
	Unix 17	< 1 Hr.	11364
	Unix 18	< 1 Hr.	11313
	Unix 19	< 1 Hr.	11251
	Unix 20	< 1 Hr.	10588
	Unix 21	< 1 Hr.	10715
	Unix 22	< 1 Hr.	10604
	Unix 23	< 1 Hr.	10439
	Unix 24	< 1 Hr.	10393
	JWT V	< 1 Hr.	2000
	CVE-2018-0114	2-4 Hr.	1217
	JWT IV	< 1 Hr.	1766
	CBC-MAC	2-4 Hr.	1119
	JWT III	1-2 Hr.	1898
	Code Execution 09	< 1 Hr.	7551
	Server Side Template Injection 02	< 1 Hr.	5928
	MongoDB Injection 02	1-2 Hr.	6000
	Authorization 06	< 1 Hr.	10098
	Code Execution 08	< 1 Hr.	7664
	Authorization 04	< 1 Hr.	10922
	Authorization 05	< 1 Hr.	10510
	Command Execution 03	< 1 Hr.	7865
	Server Side Template Injection 01	< 1 Hr.	5935
	Code Execution 05	< 1 Hr.	8701
	Code Execution 06	< 1 Hr.	8541
	Code Execution 07	< 1 Hr.	8367
	Introduction to code review	--	0
	S2-052	< 1 Hr.	1736
	SQL Injection 06	< 1 Hr.	6395
	XML Attacks 01	< 1 Hr.	6235
	XML Attacks 02	< 1 Hr.	5948
	SQL Injection 04	< 1 Hr.	6761
	SQL Injection 05	< 1 Hr.	6715
	SQL Injection 01	< 1 Hr.	7461
	SQL Injection 02	< 1 Hr.	7252
	SQL Injection 03	< 1 Hr.	7092
	Code Execution 02	< 1 Hr.	9617
	Authorization 03	< 1 Hr.	11647
	Command Execution 01	< 1 Hr.	8182
	Command Execution 02	< 1 Hr.	7964
	Server Side Request Forgery 04	< 1 Hr.	6703
	Open Redirect 01	< 1 Hr.	6906
	Open Redirect 02	< 1 Hr.	6694
	MongoDB Injection 01	< 1 Hr.	7061
	SAML: Introduction	< 1 Hr.	1730
	Server Side Request Forgery 02	< 1 Hr.	6965
	Server Side Request Forgery 03	< 1 Hr.	6944
	Server Side Request Forgery 01	< 1 Hr.	7082
	XSS 09	< 1 Hr.	6242
	XSS 10	< 1 Hr.	5807
	Directory Traversal 01	< 1 Hr.	8262
	Directory Traversal 02	< 1 Hr.	8143
	Directory Traversal 03	< 1 Hr.	8074
	XSS 02	< 1 Hr.	7344
	XSS 03	< 1 Hr.	7092
	XSS 04	< 1 Hr.	6740
	XSS 05	< 1 Hr.	6553
	XSS 06	< 1 Hr.	6526
	XSS 07	< 1 Hr.	6415
	XSS 08	< 1 Hr.	6323
	File Upload 01	< 1 Hr.	6455
	File Upload 02	< 1 Hr.	6381
	XSS 01	< 1 Hr.	7592
	Authentication 05	< 1 Hr.	11883
	Code Execution 03	< 1 Hr.	9188
	Code Execution 04	< 1 Hr.	9016
	File Include 01	< 1 Hr.	7733
	File Include 02	< 1 Hr.	7566
	LDAP 01	< 1 Hr.	7496
	LDAP 02	< 1 Hr.	7197
	Authentication 04	< 1 Hr.	12480
	Authentication 01	< 1 Hr.	13527
	Authentication 02	< 1 Hr.	13070
	Authentication 03	< 1 Hr.	12701
	Authorization 01	< 1 Hr.	12049
	Authorization 02	< 1 Hr.	11823
	Code Execution 01	< 1 Hr.	10167
	CVE-2016-10033: PHPMailer RCE	< 1 Hr.	2693
	Cipher block chaining	1-2 Hr.	2039
	Struts s2-045	< 1 Hr.	1979
	CVE-2016-2098	< 1 Hr.	2576
	CVE-2014-4511: Gitlist RCE	--	0
	ECDSA	2-4 Hr.	290
	Werkzeug DEBUG	< 1 Hr.	1218
	Padding Oracle	1-2 Hr.	690
	Unickle	1-2 Hr.	558
	CVE-2015-3224	< 1 Hr.	1223
	Luhn	2-4 Hr.	505
	CVE-2013-0156: Rails Object Injection	< 1 Hr.	3013
	JSON Web Token II	1-2 Hr.	2551
	CVE-2016-0792	< 1 Hr.	3547
	ObjectInputStream	< 1 Hr.	3254
	XMLDecoder	< 1 Hr.	3968
	CVE-2014-1266	1-2 Hr.	956
	CVE-2011-0228	1-2 Hr.	1112
	Intercept 03	< 1 Hr.	1357
	Intercept 02	< 1 Hr.	1478
	Intercept 01	1-2 Hr.	1620
	Struts devMode	--	0
	JSON Web Token	< 1 Hr.	7437
	Cross-Origin Resource Sharing	--	0
	API to Shell	2-4 Hr.	2571
	Pickle Code Execution	< 1 Hr.	4863
	Play XML Entities	1-2 Hr.	1614
	CVE-2014-6271/Shellshock	< 1 Hr.	6807
	Play Session Injection	< 1 Hr.	2020
	CVE-2007-1860: mod_jk double-decoding	1-2 Hr.	4678
	XSS and MySQL FILE	--	0
	Electronic Code Book	1-2 Hr.	4459
	Web for Pentester II	--	0
	From SQL Injection to Shell II	--	0
	CVE-2012-6081: MoinMoin code execution	--	0
	Web for Pentester	--	0
	Axis2 Web service and Tomcat Manager	--	0
	CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability	--	0
	From SQL Injection to Shell: PostgreSQL edition	--	0
	Rack Cookies and Commands injection	--	0
	Linux Host Review	--	0
	CVE-2012-2661: ActiveRecord SQL injection	--	0
	CVE-2012-1823: PHP CGI	--	0
	PHP Include And Post Exploitation	--	0
	From SQL Injection to Shell	< 1 Hr.	6217
	Code Review 01	1-2 Hr.	288
	Introduction 01	< 1 Hr.	19807
	Recon 00	< 1 Hr.	4742
	Introduction 02	< 1 Hr.	19586
	Recon 02	< 1 Hr.	3995
	Introduction 03	< 1 Hr.	19220
	Recon 03	< 1 Hr.	3624
	Introduction 00	< 1 Hr.	20437
	Recon 10	< 1 Hr.	1636
	Recon 09	< 1 Hr.	2575
	Code Review 17	1-2 Hr.	17
	Unix 00	< 1 Hr.	17305
	Unix 01	< 1 Hr.	16926
	Unix 02	< 1 Hr.	16786
	Unix 03	< 1 Hr.	16597
	Unix 04	< 1 Hr.	16398
	Unix 05	< 1 Hr.	15626
	Unix 06	< 1 Hr.	15032
	Unix 07	< 1 Hr.	14800
	Unix 08	< 1 Hr.	14582
	Unix 09	< 1 Hr.	14158
	Unix 10	< 1 Hr.	13811
	PCAP 01	< 1 Hr.	5359
	PCAP 02	< 1 Hr.	5237
	PCAP 03	< 1 Hr.	5164
	PCAP 04	< 1 Hr.	4956
	PCAP 05	< 1 Hr.	4879
	PCAP 06	< 1 Hr.	4805
	PCAP 07	< 1 Hr.	4756
	PCAP 08	< 1 Hr.	4721
	PCAP 09	< 1 Hr.	4699
	PCAP 10	< 1 Hr.	4430
	PCAP 11	< 1 Hr.	4417
	PCAP 12	< 1 Hr.	4407
	PCAP 13	< 1 Hr.	4460
	Java Snippet #01	< 1 Hr.	110
	PCAP 14	< 1 Hr.	4446
	Java Snippet #02	< 1 Hr.	108
	PCAP 15	< 1 Hr.	4436
	Java Snippet #03	< 1 Hr.	99
	PCAP 16	< 1 Hr.	4416
	PCAP 17	< 1 Hr.	4366
	PCAP 18	< 1 Hr.	4360
	PCAP 19	< 1 Hr.	4336
	PCAP 20	< 1 Hr.	4258
	PCAP 21	< 1 Hr.	4211
	PCAP 22	< 1 Hr.	4190
	PCAP 23	< 1 Hr.	4185
	PCAP 24	< 1 Hr.	4176
	PCAP 25	< 1 Hr.	4180
	PCAP 26	< 1 Hr.	4179
	PCAP 27	< 1 Hr.	4129
	PCAP 28	< 1 Hr.	4117
	PCAP 29	< 1 Hr.	4109
	PCAP 30	< 1 Hr.	4085
	PCAP 31	< 1 Hr.	4073
	PCAP 32	< 1 Hr.	4019
	CVE-2021-4xx50	< 1 Hr.	68
	PCAP 33	< 1 Hr.	3957
	PCAP 34	< 1 Hr.	3998
	PCAP 35	< 1 Hr.	4058
	Android 08	1-2 Hr.	819
No search results found...