3.1: XSS
Leverage XSS vulnerabilities to attack vulnerable client browsers.
125 min
Updated Mar 19, 2021
3.2: CORS, Content Security Policy
Experiment with headers within HTTP that limit XSS vulnerabilities.
70 min
Updated Mar 19, 2021
3.3: CSRF
Leverage client-side issues to exploit vulnerable web applications
53 min
Updated Mar 12, 2021
3.4: Clickjacking
Leverage client-side issues to exploit vulnerable web applications
40 min
Updated Mar 18, 2021
3.5: Insecure Deserialization (PHP)
Leverage a deserialization vulnerability to exploit a PHP web application.
44 min
Updated Mar 12, 2021
3.6: Insecure Deserialization (JavaScript)
Leverage a deserialization vulnerability to exploit a NodeJS web application.
27 min
Updated Mar 12, 2021
4.1: Thunder CTF
Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
286 min
Updated Apr 9, 2021
4.2: Serverless Goat
Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.
86 min
Updated Apr 14, 2021
4.3: flaws.cloud
Exploit several vulnerable cloud deployments to gain unauthorized access.
82 min
Updated Mar 23, 2021
4.4: flaws2.cloud
Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
73 min
Updated Mar 23, 2021
4.5: CloudGoat
Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.
68 min
Updated Apr 13, 2021
1.2: Web Programming
Use Python to efficiently access a collection of web sites
48 min
Updated Apr 6, 2021
1.4: HW1 (2fa-bypass-using-a-brute-force-attack)
Write a program to brute-force a vulnerable 2FA process
137 min
Updated Apr 14, 2021
2.2: HW2 (conditional-responses)
Write a program to perform Blind SQL injection using binary search
156 min
Updated Mar 5, 2021
1.3: Broken Authentication
Leverage authentication vulnerabilities to gain unauthorized access to sites.
35 min
Updated Apr 7, 2021
1.5: Broken Access Control
Leverage access control vulnerabilities to exploit vulnerable web sites
110 min
Updated Apr 11, 2021
1.6: SSRF
Leverage SSRF vulnerabilities to exploit vulnerable web applications
23 min
Updated Apr 11, 2021
1.7: XXE
Leverage XXE vulnerabilities to exploit vulnerable web applications
35 min
Updated Apr 11, 2021
2.1: Command and SQL injection
Leverage command and code injection vulnerabilities to exploit web applications
55 min
Updated Mar 2, 2021
1.1: Setup
Setup the accounts and virtual machines for use in this course.
76 min
Updated Apr 14, 2021
5.1: Tools setup
Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.
63 min
Updated Mar 11, 2021
5.2: wfuzz, nmap, bucket-stream
Perform reconnaissance attacks using automated tools.
37 min
Updated Mar 11, 2021
5.3: wpscan
Scan WordPress sites for vulnerabilities automatically.
42 min
Updated Mar 11, 2021
5.4: hydra, sqlmap, xsstrike, w3af, commix
Identify vulnerabilities in web applications via automated tools.
45 min
Updated Mar 11, 2021
5.5: metasploit
Exploit vulnerable web applications using an industry-standard tool.
27 min
Updated Mar 11, 2021
Loading Codelabs, please wait...