v1.11.0 #27
kOaDT
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
What's New
New Brute Force Vulnerability Challenge: Added a new authentication challenge featuring a user account (
vis.bruta@example.com) vulnerable to brute force attacks due to the absence of rate limiting. Players must use password cracking techniques against a weak password from common wordlists to retrieve the flagOSS{brut3_f0rc3_n0_r4t3_l1m1t}.Enhanced CSRF Exploit Interface: The CSRF exploit demonstration now features a realistic Mail mode interface with a convincing PayPal security alert phishing scenario, providing a more authentic learning experience for understanding cross-site request forgery attacks.
Improvements
News Page Data Leak Enhancement: Updated the leaked data section to display email addresses alongside password hashes, with some entries showing redacted hashes to simulate realistic breach scenarios.
Flag Toast Notification System: Implemented a persistent flag notification system that displays on the home page after successful challenge completion
CSRF Documentation Updates: Clarified the distinction between localStorage-based and cookie-based CSRF scenarios, with improved explanations about same-origin versus cross-site attack vectors. (See: Migrate authentication from localStorage to cookies for realistic CSRF demonstration #25)
Maintenance / Chore
This discussion was created from the release v1.11.0.
Beta Was this translation helpful? Give feedback.
All reactions