Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
JS Sandbox: Prototype Chain Navigation
This exercise covers navigating __proto__, .constructor, and .prototype from a string literal to reach the Function constructor.
|
< 1 Hr. |  |
24 | PRO |
|
|
JS Sandbox: From Sandbox Escape to RCE
This exercise covers the standard Node.js RCE chain: process -> mainModule -> require('child_process') -> execSync.
|
< 1 Hr. | |
19 | PRO |
|
|
JS Sandbox: The Function Constructor
This exercise covers using Function(...)() as an eval alternative to execute arbitrary code in an app that blocks eval.
|
< 1 Hr. | |
19 | PRO |
|
|
JWT: Refresh Token Bypass
This exercise covers bypassing JWT refresh token validation to maintain unauthorized access.
|
< 1 Hr. | |
40 | PRO |
|
|
JWT: Signature Leak
This exercise covers exploiting a JWT signature leak to forge authentication tokens.
|
< 1 Hr. | |
49 | PRO |
|
|
JWT: Invalid Algorithm
This exercise covers exploiting JWT algorithm validation flaws to bypass signature verification.
|
< 1 Hr. | |
48 | PRO |
|
API JWT REVOCATION
JWT
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. | |
467 | PRO |
|
|
GraphQL Authorization 01
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
429 | PRO |
|
|
GraphQL Authorization 02
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
439 | PRO |
|
Golang Code Review #01
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
211 | PRO |
|
|
Golang Code Review #03
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
166 | PRO |
|
|
CVE-2023-X48X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
192 | PRO |
|
|
GHSA-95XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
149 | PRO |
|
|
CVE-2023-46XX2
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
169 | PRO |
|
|
CVE-2022-4x13x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
165 | PRO |
|
|
CVE-2023-289X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
150 | PRO |
|
|
CVE-2023-350XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
168 | PRO |
|
|
CVE-2023-XXX83
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
166 | PRO |
|
|
CVE-2022-342XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
156 | PRO |
|
|
Golang Code Review #09
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
149 | PRO |
|
|
Golang Code Review #02
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
182 | PRO |
|
|
Golang Code Review #05
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
161 | PRO |
|
|
CVE-2022-X50X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
159 | PRO |
|
|
CVE-202X-2561X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
170 | PRO |
|
|
CVE-2023-25X4X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
155 | PRO |
|
|
CVE-2022-X51X3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
222 | PRO |
|
|
CVE-2022-x0x08
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
185 | PRO |
|
|
CVE-2022-4504x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
233 | PRO |
|
|
CVE-2011-XX61
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
173 | PRO |
|
|
CVE-2007-546X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
186 | PRO |
Showing 1–30 of 270 exercises
Free Labs of the Month
