Security training platform

Patch vulnerabilities.
Write exploits.
Prove it works.

CVE-derived challenges. Locked editable regions. A live exploit suite that must pass on submit. Same code — patch it as a developer, exploit it as a researcher.

#TitleCategoryDifficultyXP

0247JWT Algorithm ConfusionA02Medium+250 0312Cloud Metadata SSRFA10Hard+500 0189DOM XSS via innerHTMLA03Medium+250 0421Permissive CORS HeadersA05Easy+100 0388Insecure DeserializationA08Hard+500

View all 247 challenges

How it works

Read the vulnerability

Get the full scenario, CVE reference, and constraints. Know what's broken before touching it.

Patch or exploit it

Defender: edit only the vulnerable function. Attacker: write the payload that hits the success criteria.

Submit and prove it

The exploit suite fires real CVE-based attack vectors. All tests green? Submit for XP.

The workspace

LeetCode-style. Editable region locked to the vulnerable function. Exploit suite always visible below.

auth.jsserver.js

Editable: lines 9–15

1// JWT verification — CVE-2022-21449

2function verifyToken(token, secret) {

3 const alg = JSON.parse(atob(header)).alg;

5 // alg=none bypasses verification

6 if (alg === 'none') return true;

7 // patch goes here

Exploit Suite3 pass1 fail

alg:none bypass blockedCVE-2022-21449

valid HS256 token acceptedunit

RS256 confusion attackCVE-2016-5431

tampered payload rejectedunit

Start training today.

Free. No card required. Open a challenge and start.