3.1: XSS

Leverage XSS vulnerabilities to attack vulnerable client browsers.
145 min Updated Apr 24, 2020

3.2: Content Security Policy, CORS

Experiment with headers within HTTP that limit XSS vulnerabilities.
70 min Updated Apr 24, 2020

3.3: CSRF, Clickjacking

Leverage command and code injection vulnerabilities to exploit web applications
30 min Updated Apr 24, 2020

3.4: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.
44 min Updated Apr 24, 2020

3.5: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.
27 min Updated Apr 24, 2020

4.1: Thunder CTF

Explore scenarios that allow adversaries to gain unauthorized access to cloud resources on Google Cloud Platform
180 min Updated Apr 24, 2020

4.2: Serverless Goat

Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.
76 min Updated May 2, 2020

4.3: flaws.cloud

Exploit several vulnerable cloud deployments to gain unauthorized access.
82 min Updated Apr 24, 2020

4.4: flaws2.cloud

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
73 min Updated May 1, 2020

4.5: CloudGoat

Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.
68 min Updated Apr 24, 2020

Program 1: Blind SQL Injection

Write a Python program to perform a Blind SQL injection attack using binary searches
138 min Updated Apr 24, 2020

Program 2: Timing Side-Channel

Write a Python program to perform a side-channel attack on a vulnerable authentication process
135 min Updated Apr 24, 2020

1.1: Broken Access Control, Unvalidated Redirects

Leverage file path traversal and file upload vulnerabilities
120 min Updated Apr 24, 2020

1.2: SSRF, XXE, Sensitive Data Exposure

Leverage SSRF, XXE and data exposure vulnerabilities
45 min Updated Apr 24, 2020

2.1: Command and Code Injection

Leverage command and code injection vulnerabilities to exploit web applications
55 min Updated Apr 24, 2020

2.2: SQL Injection

Leverage SQL injection vulnerabilities to exploit web applications
220 min Updated Apr 24, 2020

2.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.
85 min Updated Apr 24, 2020

0: Setup

Setup the accounts and virtual machines for use in this course.
126 min Updated May 1, 2020

5.1: Tools setup

Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.
63 min Updated Apr 24, 2020

5.2: wfuzz, nmap, bucket-stream

Perform reconnaissance attacks using automated tools.
37 min Updated Apr 24, 2020

5.3: wpscan

Scan WordPress sites for vulnerabilities automatically.
42 min Updated Apr 24, 2020

5.4: hydra, sqlmap, xsstrike, w3af, commix

Identify vulnerabilities in web applications via automated tools.
45 min Updated Apr 24, 2020

5.5: metasploit

Exploit vulnerable web applications using an industry-standard tool.
27 min Updated Apr 24, 2020
Loading Codelabs, please wait...