Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2024-6X3X
This challenge covers the review of a CVE (original vulnerable code and diff) of a real go codebase
|
< 1 Hr. |  |
57 | PRO |
|
SAML: CVE-2025-29775
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto)
|
1-2 Hr. | |
16 | PRO |
|
|
CVE-2022-37X1
This challenge covers the review of a CVE in a go codebase and its patch
|
< 1 Hr. | |
77 | PRO |
|
UUIDv1 IDOR | 1-2 Hr. |  |
170 | PRO |
|
|
Golang Code Review #04
This challenge covers the review of a snippet of code written in Golang.
|
-- | |
108 | PRO |
|
|
CVE-2023-XX463
This challenge covers the review of a CVE in a Go codebase and its patch
|
-- | |
80 | PRO |
|
API Mass-Assignment 03 | < 1 Hr. | |
368 | PRO |
|
|
API Mass-Assignment 01 | < 1 Hr. | |
425 | PRO |
|
|
API Mass-Assignment 02 | < 1 Hr. | |
400 | PRO |
|
|
Mongo IDOR III | < 1 Hr. | |
200 | PRO |
|
|
Mongo IDOR IV | 2-4 Hr. | |
88 | PRO |
|
|
CVE-2024-X5X87
This challenge covers the review of a CVE in a go codebase and its patch
|
-- | |
82 | PRO |
|
|
API JWT REVOCATION
JWT
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. |  |
413 | PRO |
|
|
CVE-2022-XX975
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
87 | PRO |
|
|
Puzzle 07
Leverage a weak implementation of lowercase to access arbitrary files
|
1-2 Hr. | |
20 | PRO |
|
|
Puzzle 06
Leverage a weak implementation of lowercase to access arbitrary files
|
< 1 Hr. | |
20 | PRO |
|
|
API 19
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
486 | PRO |
|
|
API 18
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
497 | PRO |
|
|
API 20
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
466 | PRO |
|
|
API 16
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
438 | PRO |
|
|
API 17
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
408 | PRO |
|
|
GraphQL Authorization 02
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
386 | PRO |
|
|
GraphQL Authorization 01
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
375 | PRO |
|
|
Golang Code Review #01
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
173 | PRO |
|
|
Golang Code Review #03
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
133 | PRO |
|
|
CVE-2022-2X8XX
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
144 | PRO |
|
|
CVE-2022-X10X8
This challenge covers the review of a CVE in a Golang codebase and its patch
|
1-2 Hr. | |
131 | PRO |
|
|
CVE-2024-X90X6
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
110 | PRO |
|
|
ORM LEAK: SQLite
This exercise covers how to exploit an ORM leak vulnerability
|
1-2 Hr. | |
121 | PRO |
|
|
CVE-2023-51XX2
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
112 | PRO |
Showing 61–90 of 692 exercises
Free Labs of the Month
