3.2: CORS, Content Security Policy
Experiment with headers within HTTP that limit XSS vulnerabilities.
72 min
Updated Feb 16, 2022
3.5: Insecure Deserialization (PHP)
Leverage a deserialization vulnerability to exploit a PHP web application.
44 min
Updated Jun 9, 2021
3.7: Web Socket Vulnerabilities
Leverage vulnerabilities in web socket use
10 min
Updated Feb 23, 2022
3.6: Insecure Deserialization (JavaScript)
Leverage a deserialization vulnerability to exploit a NodeJS web application.
53 min
Updated Feb 23, 2022
3.4: Clickjacking
Leverage unsolicited framing to exploit vulnerable web applications
50 min
Updated Feb 15, 2022
3.3: CSRF
Leverage cross-site request forgery to exploit vulnerable web applications
53 min
Updated Feb 13, 2022
3.1: XSS
Leverage cross-site scripting to attack vulnerable clients
125 min
Updated Jan 31, 2022
4.7: CloudGoat
Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.
73 min
Updated Feb 23, 2022
4.3: Thunder CTF Defender
Play defender in the cloud using a compromised cloud deployment.
75 min
Updated Mar 9, 2022
4.4: flaws.cloud
Exploit several vulnerable cloud deployments to gain unauthorized access.
77 min
Updated Mar 10, 2022
4.2: Thunder CTF
Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
286 min
Updated Mar 9, 2022
4.5: flaws2.cloud
Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
73 min
Updated Mar 9, 2022
4.6: Serverless Goat
Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.
68 min
Updated Feb 28, 2022
4.1: Cloud Setup
Setup accounts on a cloud provider for the course.
30 min
Updated Jan 20, 2022
Final project
Exploit additional classes of vulnerabilities and create a screencast walkthrough showing how.
422 min
Updated Mar 19, 2022
1.4: HW1 (2fa-bypass-using-a-brute-force-attack)
Write a program to brute-force a vulnerable 2FA process
137 min
Updated Jan 21, 2022
1.2: Web Programming
Use Python to efficiently access a collection of web sites
48 min
Updated Jan 12, 2022
2.2: HW2 (conditional-responses)
Write a program to perform Blind SQL injection using binary search
161 min
Updated Apr 26, 2021
1.3: Broken Authentication
Leverage authentication vulnerabilities to gain unauthorized access to sites.
70 min
Updated Mar 11, 2022
1.7: XXE
Leverage XML eXternal Entities to exploit vulnerable web applications
35 min
Updated Mar 9, 2022
1.6: SSRF
Leverage server-side request forgery to exploit vulnerable web applications
23 min
Updated Jun 21, 2021
1.5: Broken Access Control
Leverage access control vulnerabilities to exploit vulnerable web sites
123 min
Updated Mar 11, 2022
2.1: Command and SQL injection
Leverage command and SQL injection to exploit web applications
55 min
Updated Sep 1, 2021
1.1: Setup
Setup the accounts and virtual machines for use in this course.
76 min
Updated Jan 20, 2022
5.1: Tools setup
Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.
63 min
Updated Apr 11, 2022
5.2: Discovery tools (Pt 1)
Actively discover potential targets using wfuzz, nmap, and bucket-stream
47 min
Updated May 16, 2022
5.3: Discovery tools (Pt 2)
Scan WordPress sites for vulnerabilities automatically with wpscan
42 min
Updated May 16, 2022
5.4: Exploitation tools (Pt 1)
Exploit targets using hydra, sqlmap, xsstrike, commix
25 min
Updated May 16, 2022
5.5: Exploitation tools (Pt 2)
Exploit a target using Metasploit
27 min
Updated May 16, 2022
Loading Codelabs, please wait...