Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
JWT VIII JWT This exercise covers how to use the jku header to bypass an authentication based on JWT.	1-2 Hr.	987	PRO
SAML: Signature Stripping This exercise covers the exploitation of a signature stripping vulnerability in SAML	< 1 Hr.	2056	PRO
GraphQL Introspection This exercise covers how to use introspection to get access to additional information in GraphQL.	< 1 Hr.	2419	PRO
Gogs RCE This exercise covers how to get code execution against the Git self hosted tool: Gogs.	1-2 Hr.	681	PRO
Android 07 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	1-2 Hr.	1468	PRO
Android 06 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	< 1 Hr.	1711	PRO
Android 08 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	1-2 Hr.	1392	PRO
Android 05 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	1-2 Hr.	2010	PRO
PCAP 26 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6141	PRO
PCAP 27 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6086	PRO
PCAP 28 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6058	PRO
PCAP 29 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6041	PRO
PCAP 30 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6008	PRO
PCAP 31 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5984	PRO
PCAP 32 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5905	PRO
PCAP 33 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5796	PRO
PCAP 34 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5864	PRO
PCAP 35 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5949	PRO
Ruby 2.x Universal RCE Deserialization Gadget Chain This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()	< 1 Hr.	1425	PRO
CVE-2018-10933: LibSSH auth bypass This exercise covers how to bypass authentication on an SSH server based on libssh to gain a shell on the affected system	--	0	FREE
Android 04 This exercise will guide you through the process of reversing a simple Android code	< 1 Hr.	2548	PRO
Android 03 This exercise will guide you through the process of extracting simple information from an APK	< 1 Hr.	3378	PRO
From SQL injection to Shell III SQL Injection This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick	1-2 Hr.	1138	PRO
PCAP 21 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6181	PRO
PCAP 22 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6174	PRO
PCAP 23 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6160	PRO
PCAP 24 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6148	PRO
PCAP 25 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6148	PRO
Android 02 This exercise will guide you through the process of extracting data from a simple database used by an Android app	< 1 Hr.	3674	PRO
IDOR to Shell This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application	1-2 Hr.	1074	PRO

‹ 1 … 14 15 16 17 18 19 20 … 24 ›

Showing 481–510 of 692 exercises