Security testing online tutorial thing

Around 6 months ago I put together an online exercise that was intended to help people learn a few basics in security testing and used it as part of a mini workshop as part of my work. Long story short, after much deliberation I have finally decided to share it.

https://www.r-adams.co.uk/securitytestactivity/

If you find it interesting then be sure to check out my workshop at TestBash UK 2023!

Disclaimers:

  • This is not intended as a capture the flag exercise.
  • This platform is not bullet proof. It was developed specifically to teach the exercises.
  • Please do not try anything beyond the exercises!
  • This platform is not pretty. Far from it. It was developed specifically to teach the exercises and is not a professional tool.

Please, please donโ€™t try and take it down. Iโ€™m not a skilled web developer.

13 Likes

Always fun to do it!

I actually solved Challenge 3 in a different way then the giving solution apparently XD.
Anyways lovely 9 challenges, very fun to do!

I say 9 because โ€ฆ

Spoiler

image

3 Likes

Wow that was quick - well done!

Iโ€™d be curious to know how you solved challenge 3.

2 Likes

Yup! Thatโ€™s how I did it, you should remove it, so future people donโ€™t see it :smiley:
I like to go for Stored XSS and not Reflected :smiley: They give higher bounties XD

Huge security enthusiast & bug bounty hunter so yea :slight_smile:

1 Like

Good call - Removed! IIRC I donโ€™t think I (intentionally) have any stored XSS vulnerabilities on those challenges - possibly on the CTF. My strength is more in finding vulnerabilities than preventing them and I was a bit nervous about someone doing something properly nasty!

1 Like

This is amazing!
I solved Challenge 3 in the same way I should have solved Challenge 4, so it was a surprise when I saw it :laughing:
Thank you for sharing!

1 Like

This is so cool!! Really enjoyed itโ€ฆ got a couple more to look at on the CTF. Kudos @oxygenaddict

1 Like

If you got a 403 alert. That was me :sweat_smile: