Challenges

GCP SSRF labs

Introduction This lab is a simulated vulnerable Uptime Checks feature from Google Cloud Monitoring. Here's the video that covers the theory of $31k blind SSRF that was found there: $31,000 Google Cloud blind SSRF + HANDS-ON labs The lab is only a simulation and it...

Homebrew RCE

I created some GitHub actions that will only allow simple version and checksum changes, just like in this video: Injecting code into any Homebrew Cask by attacking GitHub Actions script Can you trick my scripts into thinking that you are only changing the version or...

Shopify token leakage in Electron application

Download the application from https://drive.google.com/file/d/1ap1_jqFoOjxv909fWJCc6l-wVxJlbgla/view?usp=sharing and extract the flag from the .env file. Running the application is not useful in terms of solving this challenge but if you want to,...