3.1: XSS

Leverage XSS vulnerabilities to attack vulnerable client browsers.
145 min Updated Apr 24, 2020
Start

3.2: Content Security Policy, CORS

Experiment with headers within HTTP that limit XSS vulnerabilities.
70 min Updated Apr 24, 2020
Start

3.3: CSRF, Clickjacking

Leverage client-side issues to exploit web applications
20 min Updated Jun 26, 2020
Start

3.4: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.
44 min Updated Apr 24, 2020
Start

3.5: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.
27 min Updated Apr 24, 2020
Start

4.1: Thunder CTF

Explore scenarios that allow adversaries to gain unauthorized access to cloud resources on Google Cloud Platform
180 min Updated Apr 24, 2020
Start

Grace C: Thunder CTF Defender

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
58 min Updated Aug 3, 2020
Start

4.2: Serverless Goat

Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.
76 min Updated May 2, 2020
Start

4.3: flaws.cloud

Exploit several vulnerable cloud deployments to gain unauthorized access.
82 min Updated Apr 24, 2020
Start

4.4: flaws2.cloud

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
73 min Updated May 1, 2020
Start

4.5: CloudGoat

Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.
68 min Updated Apr 24, 2020
Start

Program 1: Blind SQL Injection

Write a Python program to perform a Blind SQL injection attack using binary searches
138 min Updated Apr 24, 2020
Start

Program 2: Timing Side-Channel

Write a Python program to perform a side-channel attack on a vulnerable authentication process
147 min Updated Jun 7, 2020
Start

1.1: Broken Access Control, Unvalidated Redirects

Leverage file path traversal and file upload vulnerabilities
182 min Updated Jun 15, 2020
Start

1.2: SSRF, XXE, Sensitive Data Exposure

Leverage SSRF, XXE and data exposure vulnerabilities
45 min Updated Apr 24, 2020
Start

2.1: Command and Code Injection

Leverage command and code injection vulnerabilities to exploit web applications
55 min Updated Apr 24, 2020
Start

2.2: SQL Injection

Leverage SQL injection vulnerabilities to exploit web applications
220 min Updated Apr 24, 2020
Start

2.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.
90 min Updated Jun 5, 2020
Start

0: Setup

Setup the accounts and virtual machines for use in this course.
126 min Updated May 2, 2020
Start

5.1: Tools setup

Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.
63 min Updated Apr 24, 2020
Start

5.2: wfuzz, nmap, bucket-stream

Perform reconnaissance attacks using automated tools.
37 min Updated Apr 24, 2020
Start

5.3: wpscan

Scan WordPress sites for vulnerabilities automatically.
42 min Updated Apr 24, 2020
Start

5.4: hydra, sqlmap, xsstrike, w3af, commix

Identify vulnerabilities in web applications via automated tools.
45 min Updated Apr 24, 2020
Start

5.5: metasploit

Exploit vulnerable web applications using an industry-standard tool.
27 min Updated May 2, 2020
Start
Loading Codelabs, please wait...