Compromise Developer Pipeline
Learn the pitfalls of curl-bashing and perform an attack on Developer pipelines
35 min
Updated Sep 24, 2021
Abandoned Dependency
This exercise teaches the dangers of abandoned dependencies. In it, the player will be guided through injecting malicious code into an abandoned package in order to steal information from developers who use that package.
28 min
Updated Sep 23, 2021
Bitcoin Stealer
There is a bitcoin stealer present in one of the repositories downloaded onto this project. Your goal is to identify which of the repositories is suspicious and then identify the bitcoin stealer. You find a flag by interacting with these files which you must provide to the system
20 min
Updated Sep 23, 2021
Compromise Developer
Many people use Python's flask package as their website's backbone. Usually, this is accompanied with ways to access the database through environment variables. Compromise "pallets", a flask developer account, to inject malicious code into the public repository and steal people's environment variables.
38 min
Updated Sep 23, 2021
Dependency Confusion
Use dependency confusion to compromise a private package
18 min
Updated Sep 23, 2021
Frozen Dependencies
A level based around the vulnerability in a frozen version of Security-Flask-Too which allows a 3rd party site to obtain the auth token of a user without being authenticated yourself.
253 min
Updated Sep 23, 2021
Internal Dependencies
The player hacks into the private repository server and compromises a package
36 min
Updated Sep 23, 2021
Malicious Developer
The player finds the malicious code from the installed package in the system and investigates who injected the malicious code to that package.
36 min
Updated Sep 23, 2021
SBOM
Learn how to investigate a software supply chain, what is an sbom, how an SBOM can be generated, what a CVE is, finding a CVE, and how to perform a scan for CVEs
31 min
Updated Sep 23, 2021
Typosquatting
Use typosquatting to inject malicious code into a victim's application
11 min
Updated Sep 24, 2021
Loading Codelabs, please wait...