Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
JS Sandbox: Prototype Chain Navigation
This exercise covers navigating __proto__, .constructor, and .prototype from a string literal to reach the Function constructor.
|
< 1 Hr. |  |
28 | PRO |
|
|
JS Sandbox: From Sandbox Escape to RCE
This exercise covers the standard Node.js RCE chain: process -> mainModule -> require('child_process') -> execSync.
|
< 1 Hr. | |
24 | PRO |
|
|
JS Sandbox: The Function Constructor
This exercise covers using Function(...)() as an eval alternative to execute arbitrary code in an app that blocks eval.
|
< 1 Hr. | |
23 | PRO |
|
|
JWT: Refresh Token Bypass
This exercise covers bypassing JWT refresh token validation to maintain unauthorized access.
|
< 1 Hr. | |
45 | PRO |
|
|
JWT: Signature Leak
This exercise covers exploiting a JWT signature leak to forge authentication tokens.
|
< 1 Hr. | |
53 | PRO |
|
|
JWT: Invalid Algorithm
This exercise covers exploiting JWT algorithm validation flaws to bypass signature verification.
|
< 1 Hr. | |
52 | PRO |
|
API JWT REVOCATION
JWT
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. | |
476 | PRO |
|
|
GraphQL Authorization 01
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
433 | PRO |
|
|
GraphQL Authorization 02
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
442 | PRO |
|
Golang Code Review #01
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
212 | PRO |
|
|
Golang Code Review #03
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
167 | PRO |
|
|
CVE-2023-X48X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
195 | PRO |
|
|
GHSA-95XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
151 | PRO |
|
|
CVE-2023-46XX2
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
172 | PRO |
|
|
CVE-2022-4x13x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
167 | PRO |
|
|
CVE-2023-289X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
152 | PRO |
|
|
CVE-2023-350XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
170 | PRO |
|
|
CVE-2023-XXX83
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
168 | PRO |
|
|
CVE-2022-342XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
158 | PRO |
|
|
Golang Code Review #09
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
150 | PRO |
|
|
Golang Code Review #02
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
182 | PRO |
|
|
Golang Code Review #05
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
161 | PRO |
|
|
CVE-2022-X50X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
160 | PRO |
|
|
CVE-202X-2561X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
172 | PRO |
|
|
CVE-2023-25X4X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
157 | PRO |
|
|
CVE-2022-X51X3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
224 | PRO |
|
|
CVE-2022-x0x08
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
187 | PRO |
|
|
CVE-2022-4504x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
237 | PRO |
|
|
CVE-2011-XX61
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
176 | PRO |
|
|
CVE-2007-546X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
187 | PRO |
Showing 1–30 of 270 exercises
Free Labs of the Month
