It's that time again! Check out our best deals and go PRO today >>

Blue Badge

1420 Completed
24 Videos
11 Exercises

This badge is an extension of the yellow badge and covers complex attacks

Exercises

Easy
S2-052
  • This exercise covers the exploitation of the Struts S2-052 vulnerability
  • 1 video
  • Completed by 2382 students
  • Takes < 1 Hr. on average
  • Java/Struts

 

Easy
JWT VII
  • This exercise covers the exploitation of a website using JWT for session without verifying the signature
  • 2 videos
  • Completed by 3088 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Easy
Git Information Leak
  • This exercise details how to retrieve information from an exposed .git directory on a web server
  • 1 video
  • Completed by 3172 students
  • Takes < 1 Hr. on average

 

Medium
JWT V
  • This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
  • 4 videos
  • Completed by 2814 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
Git Information Leak II
  • This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled
  • 1 video
  • Completed by 2404 students
  • Takes < 1 Hr. on average

 

Medium
JWT III
  • This exercise covers the exploitation of an issue in the usage of JWT token
  • 3 videos
  • Completed by 2692 students
  • Takes 1-2 Hrs. on average
  • jwt
  • cwe-310

 

Medium
JWT IV
  • This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
  • 3 videos
  • Completed by 2502 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
JWT VI
  • This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
  • 3 videos
  • Completed by 2362 students
  • Takes < 1 Hr. on average
  • jwt
  • cwe-310

 

Medium
CBC-MAC II
  • This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
  • 1 video
  • Completed by 1608 students
  • Takes 1-2 Hrs. on average
  • crypto

 

Hard
CBC-MAC
  • This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
  • 2 videos
  • Completed by 1571 students
  • Takes 1-2 Hrs. on average
  • crypto

 

Hard
CVE-2018-0114
  • This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
  • 3 videos
  • Completed by 1716 students
  • Takes 2-4 Hrs. on average
  • jwt
  • CWE-347