All labs
Mystery lab challenge
Try solving a random lab with the title and description hidden. As you'll have no prior knowledge of the type of vulnerability that you need to find and exploit, this is great for practicing recon and analysis.
Take me to the mystery lab challenge
XML external entity (XXE) injection
Server-side request forgery (SSRF)
HTTP request smuggling
OS command injection
Server-side template injection
Directory traversal
Access control vulnerabilities
Authentication
WebSockets
Web cache poisoning
Insecure deserialization
Business logic vulnerabilities
OAuth authentication
File upload vulnerabilities
JWT
Essential skills
Prototype pollution