Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
JS Sandbox: Prototype Chain Navigation
This exercise covers navigating __proto__, .constructor, and .prototype from a string literal to reach the Function constructor.
|
-- |  |
1 | PRO |
|
|
JS Sandbox: From Sandbox Escape to RCE
This exercise covers the standard Node.js RCE chain: process -> mainModule -> require('child_process') -> execSync.
|
-- | |
0 | PRO |
|
|
JS Sandbox: The Function Constructor
This exercise covers using Function(...)() as an eval alternative to execute arbitrary code in an app that blocks eval.
|
-- | |
0 | PRO |
|
|
JWT: Refresh Token Bypass
This exercise covers bypassing JWT refresh token validation to maintain unauthorized access.
|
-- | |
0 | PRO |
|
|
JWT: Signature Leak
This exercise covers exploiting a JWT signature leak to forge authentication tokens.
|
-- | |
0 | PRO |
|
|
JWT: Invalid Algorithm
This exercise covers exploiting JWT algorithm validation flaws to bypass signature verification.
|
< 1 Hr. | |
11 | PRO |
|
API JWT REVOCATION
JWT
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. | |
413 | PRO |
|
|
GraphQL Authorization 01
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
375 | PRO |
|
|
GraphQL Authorization 02
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
386 | PRO |
|
Golang Code Review #01
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
173 | PRO |
|
|
Golang Code Review #03
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
133 | PRO |
|
|
CVE-2023-X48X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
159 | PRO |
|
|
GHSA-95XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
124 | PRO |
|
|
CVE-2023-46XX2
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
152 | PRO |
|
|
CVE-2022-4x13x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
133 | PRO |
|
|
CVE-2023-289X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
124 | PRO |
|
|
CVE-2023-350XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
148 | PRO |
|
|
CVE-2023-XXX83
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
155 | PRO |
|
|
CVE-2022-342XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
130 | PRO |
|
|
Golang Code Review #09
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
117 | PRO |
|
|
Golang Code Review #02
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
146 | PRO |
|
|
Golang Code Review #05
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
125 | PRO |
|
|
CVE-2022-X50X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
136 | PRO |
|
|
CVE-202X-2561X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
142 | PRO |
|
|
CVE-2023-25X4X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
127 | PRO |
|
|
CVE-2022-X51X3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
194 | PRO |
|
|
CVE-2022-x0x08
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
159 | PRO |
|
|
CVE-2022-4504x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
198 | PRO |
|
|
CVE-2011-XX61
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
148 | PRO |
|
|
CVE-2007-546X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
156 | PRO |
Showing 1–30 of 270 exercises
Free Labs of the Month
