A-Z Recent Duration
Client Python Server Setup cloudsecurity

3.2: Content Security Policy, CORS

Experiment with mechanisms to limit XSS vulnerabilities using HTTP protocol modifications.
70 min Updated Feb 14, 2020

3.5: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.
27 min Updated Feb 11, 2020

3.4: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.
44 min Updated Feb 13, 2020

3.3: CSRF, Clickjacking

Leverage command and code injection vulnerabilities to exploit web applications
30 min Updated Feb 11, 2020

3.1: XSS

Leverage XSS vulnerabilities to attack vulnerable client browsers.
145 min Updated Feb 3, 2020

Program 2: Timing Side-Channel

Write a Python program to perform a side-channel attack on a vulnerable authentication process
9 min Updated Jan 13, 2020

Program 1: Blind SQL Injection

Write a Python program to perform a Blind SQL injection attack using binary searches
138 min Updated Jan 23, 2020

1.1: Broken Access Control, Unvalidated Redirects

Leverage file path traversal and file upload vulnerabilities
120 min Updated Feb 11, 2020

2.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.
85 min Updated Feb 11, 2020

2.2: SQL Injection

Leverage SQL injection vulnerabilities to exploit web applications
220 min Updated Feb 3, 2020

2.1: Command and Code Injection

Leverage command and code injection vulnerabilities to exploit web applications
55 min Updated Feb 3, 2020

1.2: SSRF, XXE, Sensitive Data Exposure

Leverage SSRF, XXE and data exposure vulnerabilities
45 min Updated Feb 16, 2020

0: Setup

Setup the accounts and virtual machines for use in this course.
132 min Updated Feb 6, 2020

4.1: Thunder CTF

Explore scenarios that allow adversaries to gain unauthorized access to cloud resources on Google Cloud Platform
180 min Updated Feb 15, 2020
Loading Codelabs, please wait...