Exploiting Websites Hands-On

B-Sides SF
Mon, Feb. 13, 2017

Participants will do a series of challenges, as shown below.

You will need a computer with any OS. All you need is a Web browser, Java, and Burp.

Easy

Command Injection Projects

1. Ping Form Winners

2. Buffer Overflow Winners

3. ImageMagick Winners

Intermediate

4. SQL Injection Winners 1
Winners 2

5. PHP Vulnerabilities (Only Examples)

6. Logic Flaws

Hard

7. Exploiting ECB-Encrypted Tokens with Burp

8. Challenge: Exploiting ECB Encryption

9. Exploit Hackazon

10. Entire "Securing Web Applications" Course

Last modified 2-13-17 7:30 am

Exploiting Websites Hands-On

B-Sides SF Mon, Feb. 13, 2017

B-Sides SF
Mon, Feb. 13, 2017