Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
API 09
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. |  |
1007 | PRO |
|
Java Serialize 05
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
78 | PRO |
|
|
Java Serialize 04
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
117 | PRO |
|
|
Cache Poisoning 01
This exercise details how to exploit an application vulnerable to cache poisoning
|
< 1 Hr. | |
140 | PRO |
|
|
Cache Deception 02
This exercise details how to exploit an application vulnerable to cache deception
|
< 1 Hr. | |
132 | PRO |
|
CVE-2022-XX910
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
155 | PRO |
|
|
Cache Deception 01
This exercise details how to exploit an application vulnerable to cache deception
|
< 1 Hr. | |
156 | PRO |
|
|
Java Serialize 02
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
184 | PRO |
|
|
Java Serialize 03
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
152 | PRO |
|
|
CVE-2012-5XX3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
180 | PRO |
|
|
CVE-2022-X41X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
165 | PRO |
|
|
CVE-2023-30XX1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
215 | PRO |
|
|
CVE-2023-2X8X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
208 | PRO |
|
SAML: PySAML2 SSRF
This exercise covers the exploitation of a SSRF in PySAML2
|
< 1 Hr. | |
277 | PRO |
|
|
CVE-2018-8x14
This challenge covers the review of a CVE in a Java codebase and its patch
|
2-4 Hr. | |
158 | PRO |
|
|
CVE-2014-X80X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
198 | PRO |
|
SAML: CVE-2021-21239
This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
|
1-2 Hr. | |
128 | PRO |
|
|
SAML: Malicious IDP
This exercise covers the creation of a malicious IDP to forge an assertion
|
2-4 Hr. | |
80 | PRO |
|
|
SAML: Signature Wrapping III
This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)
|
1-2 Hr. | |
184 | PRO |
|
|
XSL Java
This exercise covers the exploitation of a Java application using XSL
|
< 1 Hr. | |
129 | PRO |
|
|
DOMPDF RCE III
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
60 | PRO |
|
|
API Payments 07
This exercise covers a way to manipulate a shopping cart to lower the total amount
|
< 1 Hr. | |
986 | PRO |
|
|
CVE-2021-22204: Exiftool RCE II
This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
|
< 1 Hr. | |
84 | PRO |
|
|
XSL PHP IV
This exercise covers the exploitation of a PHP application using XSL
|
2-4 Hr. | |
153 | PRO |
|
|
API Payments 06
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1019 | PRO |
|
|
CVE-2022-39224
This exercise covers the exploitation of CVE-2022-39224
|
1-2 Hr. | |
106 | PRO |
|
|
XSL PHP III
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
177 | PRO |
|
|
DOMPDF RCE II
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
76 | PRO |
|
|
DOMPDF RCE
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
< 1 Hr. | |
158 | PRO |
|
|
XSL PHP II
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
241 | PRO |
Showing 31–60 of 260 exercises
Free Labs of the Month
