Web and Cloud Security

A-Z

Recent

Duration

8.4: CloudGoat

Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.

73 min Updated Mar 17, 2023

8.3: Serverless Goat

Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.

68 min Updated Mar 28, 2023

8.2: flaws2.cloud

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.

73 min Updated Feb 17, 2023

8.1: flaws.cloud

Exploit several vulnerable cloud deployments to gain unauthorized access.

77 min Updated Mar 14, 2023

5.4: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.

55 min Updated Feb 21, 2023

5.5: Web Socket Vulnerabilities

Leverage vulnerabilities in web socket use

10 min Updated Feb 19, 2023

5.3: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.

43 min Updated Feb 17, 2023

5.2: Clickjacking, Web Cache Poisoning

Leverage unsolicited framing and web cache poisoning to exploit vulnerable web applications

50 min Updated Feb 20, 2023

5.1: CSRF

Leverage cross-site request forgery to exploit vulnerable web applications

53 min Updated Feb 17, 2023

4.1: XSS

Leverage cross-site scripting to attack vulnerable clients

174 min Updated Feb 17, 2023

4.2: CORS, Content Security Policy

Experiment with headers within HTTP that limit XSS vulnerabilities.

72 min Updated Feb 18, 2023

7.1: Cloud Setup

Setup accounts on a cloud provider for the course.

30 min Updated Feb 6, 2023

7.2: Thunder CTF

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.

371 min Updated Mar 15, 2023

7.3: Thunder CTF Defender

Play defender in the cloud using a compromised cloud deployment.

75 min Updated Mar 9, 2023

3.2: HW2 (time-delays-info-retrieval)

Write a program to perform Blind SQL injection using binary search

161 min Updated Feb 17, 2023

1.2: Web Programming

Use Python to efficiently access a collection of web sites

53 min Updated Feb 6, 2023

1.4: HW1 (2fa-bypass-using-a-brute-force-attack)

Write a program to brute-force a vulnerable 2FA process

137 min Updated Feb 6, 2023

2.3: XXE

Leverage XML eXternal Entities to exploit vulnerable web applications

35 min Updated Feb 17, 2023

2.1: Broken Access Control

Leverage access control vulnerabilities to exploit vulnerable web sites

123 min Updated Feb 17, 2023

3.1: Command and SQL injection

Leverage command and SQL injection to exploit web applications

55 min Updated Feb 17, 2023

1.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.

70 min Updated Feb 17, 2023

2.2: SSRF

Leverage server-side request forgery to exploit vulnerable web applications

23 min Updated Feb 7, 2023

1.1: Setup

Setup the accounts and virtual machines for use in this course.

81 min Updated Feb 27, 2023

6.5: Exploitation tools (Pt 2)

Exploit a target using Metasploit

27 min Updated Feb 24, 2023

6.3: Discovery tools (Pt 2)

Scan WordPress sites for vulnerabilities automatically with wpscan

42 min Updated Feb 26, 2023

6.2: Discovery tools (Pt 1)

Actively discover potential targets using wfuzz, nmap, bucket-stream, and Google dorking

39 min Updated Feb 26, 2023

6.1: Tools setup

Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.

55 min Updated Mar 17, 2023

6.4: Exploitation tools (Pt 1)

Exploit targets using hydra, sqlmap, xsstrike, commix

25 min Updated Feb 28, 2023

Loading Codelabs, please wait...