A-Z Recent Duration
Client Cloud Python Server Setup Tools

3.1: XSS

Leverage XSS vulnerabilities to attack vulnerable client browsers.
145 min Updated Feb 3, 2020

3.2: Content Security Policy, CORS

Experiment with headers within HTTP that limit XSS vulnerabilities.
70 min Updated Feb 25, 2020

3.3: CSRF, Clickjacking

Leverage command and code injection vulnerabilities to exploit web applications
30 min Updated Feb 18, 2020

3.4: Insecure Deserialization (PHP)

Leverage a deserialization vulnerability to exploit a PHP web application.
44 min Updated Feb 13, 2020

3.5: Insecure Deserialization (JavaScript)

Leverage a deserialization vulnerability to exploit a NodeJS web application.
27 min Updated Feb 11, 2020

4.1: Thunder CTF

Explore scenarios that allow adversaries to gain unauthorized access to cloud resources on Google Cloud Platform
180 min Updated Feb 20, 2020

4.5: CloudGoat

Exploit vulnerable cloud deployments to gain unauthorized access to cloud resources.
68 min Updated Mar 3, 2020

4.4: flaws2.cloud

Play attacker and defender roles in the cloud using several vulnerable cloud deployments.
73 min Updated Mar 9, 2020

4.3: flaws.cloud

Exploit several vulnerable cloud deployments to gain unauthorized access.
82 min Updated Mar 6, 2020

4.2: Serverless Goat

Exploit a serverless application to gain unauthorized access to resources of the account that hosts it.
76 min Updated Mar 6, 2020

Program 1: Blind SQL Injection

Write a Python program to perform a Blind SQL injection attack using binary searches
138 min Updated Jan 23, 2020

Program 2: Timing Side-Channel

Write a Python program to perform a side-channel attack on a vulnerable authentication process
135 min Updated Feb 22, 2020

1.1: Broken Access Control, Unvalidated Redirects

Leverage file path traversal and file upload vulnerabilities
120 min Updated Feb 11, 2020

2.2: SQL Injection

Leverage SQL injection vulnerabilities to exploit web applications
220 min Updated Feb 3, 2020

2.1: Command and Code Injection

Leverage command and code injection vulnerabilities to exploit web applications
55 min Updated Feb 3, 2020

1.2: SSRF, XXE, Sensitive Data Exposure

Leverage SSRF, XXE and data exposure vulnerabilities
45 min Updated Feb 16, 2020

2.3: Broken Authentication

Leverage authentication vulnerabilities to gain unauthorized access to sites.
85 min Updated Feb 11, 2020

0: Setup

Setup the accounts and virtual machines for use in this course.
132 min Updated Feb 6, 2020

5.3: wpscan

Scan WordPress sites for vulnerabilities automatically.
42 min Updated Mar 11, 2020

5.4: hydra, sqlmap, xsstrike, w3af, commix

Identify vulnerabilities in web applications via automated tools.
45 min Updated Mar 12, 2020

5.5: metasploit

Exploit vulnerable web applications using an industry-standard tool.
27 min Updated Mar 3, 2020

5.1: Tools setup

Setup Kali VMs and web servers to practice using tools that automate reconnaissance, scanning, and exploitation.
63 min Updated Mar 13, 2020

5.2: wfuzz, nmap, bucket-stream

Perform reconnaissance attacks using automated tools.
37 min Updated Mar 12, 2020
Loading Codelabs, please wait...