Karthikeyan Nagaraj2.14 Lab: 2FA bypass using a brute-force attackThis lab’s two-factor authentication is vulnerable to brute-forcing. You have already obtained a valid username and password, but do not…9h ago9h ago
Karthikeyan Nagaraj2.13 Lab: Broken brute-force protection, multiple credentials per requestThis lab is vulnerable due to a logic flaw in its brute-force protection. To solve the lab, brute-force Carlos’s password, then access his…1d ago1d ago
Karthikeyan Nagaraj26.1 Lab: Exploiting LLM APIs with excessive agencyTo solve the lab, use the LLM to delete the user carlos. For that, you’ll need to know: How LLM APIs work. How to map LLM API attack…2d ago2d ago
Karthikeyan Nagaraj18.4 Lab: Arbitrary object injection in PHPThis lab uses a serialization-based session mechanism and is vulnerable to arbitrary object injection as a result. To solve the lab, create…3d ago3d ago
Karthikeyan Nagaraj18.3 Using application functionality to exploit insecure deserializationThis lab uses a serialization-based session mechanism. A certain feature invokes a dangerous method on data provided in a serialized…4d ago4d ago
Karthikeyan Nagaraj18.2 Modifying Serialized Data TypesThis lab uses a serialization-based session mechanism and is vulnerable to authentication bypass as a result. To solve the lab, edit the…5d ago5d ago
Karthikeyan Nagaraj14.9 Lab: CSRF where token is tied to non-session cookieThis lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t fully…6d ago6d ago
Karthikeyan Nagaraj14.8 Lab: CSRF where token is duplicated in cookieThis lab’s email change functionality is vulnerable to CSRF. It attempts to use the insecure “double submit” CSRF prevention technique. To…Jun 28Jun 28
Karthikeyan Nagaraj14.7 Lab: CSRF where token is not tied to user sessionThis lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t integrated into…Jun 27Jun 27
Karthikeyan Nagaraj14.6 Lab: CSRF Vulnerability where token validation depends on request methodThis lab’s email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types…Jun 26Jun 26