Upcoming new challenges

Have you ever felt the flush of success (a feeling of excitement or elation) on each challenge you have solved yourself without spoiler direct spoon-fed tips shared by others? This is the ultimate feeling no one can understand.

You agree not to share solutions in public by entering the site.

Bypasses in Cross Site Scripting (XSS)

We keep getting to learn tons of evasion techniques. But only a few of us have chances to get our hands dirty on such challenges in real world. Now this challenge series, this is no more dreamy imaginationy state. To be realistic, none of the challenges target outdated browsers' vulnerabilities.

XSS/HTMLi: Univeral Browser Edition

Well, it has been usual argument from developers that Chrome, IE, and Safari browsers protect XSS. While there are exortic bypass techniques every now and then, when you attempt to crack this series, any simple payload will always bypass browser XSS protection. Destroy the Myth.

Bypasses in Input Restriction

With this advanced world where security is embedded in most organisations, how many times have you faced input validation and have assumed this is safe to let go? Yes, only a ninja can go it through.

Data is Golden

We,pentesters, way too much focus on technical aspects of vulnerability. Advanced attackers are goal-driven and objective-based. They set goal and identify which attack vectors can bring them access to golden data that they're targeting. In this challenge series, you will do whatever you can to steal data in unauthorised or unintended way.

Think Beyond

With this complex world where applications are massively interconnected and cohesively making the best use of one another's data, attack can happen from every angle if you don't think beyond. In this challenge series, you will be focusing on benign attack vectors that can be launched by controlling remote hosts. Secure design plays an important role in mitigating such issues.

Easy Crypto

Nowadays developers are getting aware of the need to protect sensitive data. Unfortunately, improper implementation of crypto is often one of the weaknesses in the security chain. How many times have you let go of variables with overly long garbage characters, thinking it would be alright? Only ninjas never gave up.

State Machine

Modern applications have to maintain multiple states. How often do you consider messing up with states can trigger interesting findings?


Easy Reversing

Giving sample vulnerable mobile apps for ninja testing become quick outdated as mobile technology is yearly changing. In this challenge series, you will be challenged with missions with couple of hints to accomplish that mission.