Security Knowledge Framework



Available Labs

Lab Name
Difficulty
Write-up
Start
Auth Bypass
Easy
Auth Bypass 1
Easy
Auth Bypass 2
Easy
Auth Bypass 3
Easy
Auth Bypass Simple
Easy
Client Side Restriction Bypass
Easy
Client Side Restriction Bypass 2
Medium
Client Side Template Injection
Medium
CMD Injection 1
Medium
CMD Injection 2
Hard
Command Injection 3
Hard
Python Command Injection 4
Hard
Blind CMD Injection 1
Hard
Content Security Policy
Medium
CORS Exploitation
Medium
Credentials Guessing 1
Easy
Credentials Guessing 2
Medium
Cross Site Scripting
Easy
Cross Site Scripting Attribute
Medium
Cross Site Scripting Href
Medium
XSS DOM
Hard
XSS DOM 2
Hard
XSS Stored
Medium
CSRF
Easy
CSRF SameSite
Medium
CSRF Weak
Easy
CSS Injection
Medium
Deserialisation YAML
Hard
Des Pickle 1
Hard
Des Pickle 2
Hard
DoS Regex
Medium
File Upload
Medium
Formula Injection
Medium
GraphQL DoS
Hard
GraphQL IDOR
Medium
GraphQL Injections
Hard
GraphQL Introspection
Medium
GraphQL Mutations
Hard
Python HttpOnly Session Hijacking XSS
Hard
HttpOnly Session Hijacking XSS
Hard
Information Leakage Comments
Easy
Information Leakage Metadata
Medium
Insecure Direct Object References
Medium
JWT Null
Hard
JWT Secret
Medium
LDAP
Hard
LDAP Harder
Hard
LFI 1
Medium
LFI 2
Hard
LFI 3
Hard
Parameter Binding
Medium
Prototype Pollution
Hard
Race Condition
Hard
RaceCondition File Write
Hard
Ratelimiting
Easy
Remote File Inclusion
Hard
Right To Left Override
Medium
Server Side Request Forgery
Hard
Server Side Template Injection
Hard
Session Puzzling
Hard
Session Management 1
Medium
SQLi Union Select
Hard
SQLi Login Bypass
Medium
SQLi LIKE
Medium
SQLi Blind
Hard
TLS Downgrade
Hard
Include Files From Untrusted Sources JS
Hard
Open Redirect
Easy
Open Redirect Hard
Hard
Open Redirect Harder 2
Hard
Open Redirect Harder 2
Hard
WebSocket Message Manipulation
Hard
XXE
Hard