Zero404 Online
Grandmaster
Ranking
#7
Melhor: #1
Total de Pontos
1357
Total Ganho
Labs Concluídos
101
104 User • 15 Root
Módulos
32
Validados
Primeiros Sangues
27
Primeiro a Concluir
Melhor Sequência
8
Dias
Habilidades Adquiridas
Habilidades técnicas praticadas através dos labs concluídos
GitVersion ControlSource Code AnalysisReconnaissanceWeb SecurityWeb EnumerationFile DiscoveryInformation GatheringPHPType JugglingAuthentication BypassHash AnalysisCryptographyHash CrackingPassword AnalysisSecurity ToolsJavaScriptDeobfuscationClient-Side SecurityBrowser DevToolsCode AnalysisSQL InjectionDatabase SecurityInput ValidationPenetration TestingWeb Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationPrivilege EscalationSteganographyClassical CiphersImage AnalysisPolyalphabetic CiphersDirectory TraversalPath InjectionFile System SecurityPath ManipulationFile AccessYAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing SecurityWebDAV ExploitationFile UploadRemote File AccessHTTP MethodsWeb Server SecurityFile System EnumerationPrototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web VulnerabilitiesRace ConditionsTiming AttacksConcurrent ExploitationIDORParameter ManipulationAuthorization BypassLocal File InclusionFilter BypassApache AuthenticationPassword CrackingHTTP HeadersSecurity BypassClient-Side ManipulationDirectory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity AssessmentJWTCookie ManipulationDOM ManipulationGraphQLSchema IntrospectionInjectionNetwork ForensicsDNS AnalysisData ExfiltrationTraffic AnalysisFrequency AnalysisPattern RecognitionDocker Registry APIContainer SecurityAPI ManipulationRegistry ExploitationSUID BinariesCommand InjectionLinux SecurityBinary ExploitationNoSQL InjectionMongoDBDocument DatabasesLDAP InjectionDirectory ServicesEnterprise SecurityJWT ManipulationSSH ExploitationLog InjectionServer-Side Template InjectionJinja2 ExploitationIP SpoofingAccess Control BypassWireless SecurityWEP CrackingRC4 AnalysisPacket AnalysisCryptographic AttacksLegacy Protocol ExploitationDigital ForensicsWindows RegistryPersistence AnalysisBase64 DecodingIncident ResponseMalware AnalysisWiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityHistorical CryptanalysisMD5 CrackingPassword AttacksGit ForensicsVersion Control SecurityRepository AnalysisSecret RecoveryOSINTPython PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksZIP Password CrackingJohn the RipperfcrackzipBrute ForceArchive SecurityKeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool LimitationsJinja2Web Application TestingCode InjectionPDF SecurityDocument SecurityBrute Force AttacksShell CommandsSystem AdministrationHTTP Parameter ManipulationUser-Agent Log PoisoningApache SecurityLog AnalysisVisibility ControlsSecurity TestingOperator ExploitationBypass TechniquesWeb ShellsSocial EngineeringPost ExploitationCSRFCross-Site Request ForgerySession SecurityForm SecurityHTTP SecurityState ManagementSSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsAWS EC2Logic FlawClaims ManipulationTime-Based AttacksSignature CrackingXSSCross-Site ScriptingStored XSSSession HijackingSSHLinux Privilege EscalationFile PermissionsBlind SQLiTime-based SQLiBoolean-based SQLiVulnerability AssessmentXXEXML SecurityFile DisclosureExternal EntityAlgorithm ConfusionRS256HS256Token ForgeryToken AuthenticationWeb ExploitationService DiscoveryCommand Line ToolsForensicsHTTP ProtocolAttack DetectionPath TraversalCGIFlaskDebug ModePythonMemory AnalysisTransposition CipherRail FenceAudio AnalysisLSBPDF ForensicsFile AnalysisMetadataHidden DataForensic ToolsLFIFile InclusionBlockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic AnalysisNetwork AnalysisDNSCryptanalysisClassical CryptoData EncodingJenkinsCI/CDDevOpsPentestAutomationSession ManagementAuthenticationNetwork ReconnaissanceDatabase ForensicsCLI UsageData RecoveryBase64Hex EncodingRedisMemory ForensicsBinary AnalysisTool UsageROT13 EncodingWeb HackingLogic FlawsToken ManipulationBase64 EncodingQR Code AnalysisWeb InspectionHTML AnalysisHex EditorsData StructuresReverse EngineeringMD5Rainbow TablesWeb DevelopmentPacket CaptureWiresharkProtocol AnalysisWebCTF BasicsHexadecimalFile Upload BypassPHP SecurityWeb Shell ExploitationWEBIDOR ExploitationZip Slip VulnerabilityInternal Service DiscoveryBackup Service ExploitationSudo Vim ExploitationLearning PathTELNETLinux CapabilitiesReverse ShellSystem EnumerationWPAdvanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationCVE ExploitationMYSQLIRCENetworkingCommand LineWeb ServicesGITLinuxSudoIP SPOOFINGFTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem ExploitationFTPApache TomcatWAR DeploymentDefault CredentialsHTML
Módulos Concluídos
Módulos educacionais validados com sucesso
Nmap Mastery: Dominate Network Scanning
4 módulosInstalling Nmap
Advanced Techniques
Introduction to Nmap
Essential Nmap Scanning
HTTP Header Manipulation: IP Spoofing
3 módulosRemediate
Techniques for IP Spoofing in HTTP Headers
Manipulating Headers
Quebra de Senhas
5 módulosRainbow tables
Quebra de PDF
Ataques de força bruta
Fundamentos de senhas
Ataques de dicionário
HDNA Ethical Hacking Course
5 módulos1. Legal & Compliance
2. Network Protocols and Security
4. Network Scanning
3. Reconnaissance
Course Summary
Ataques Web
12 módulosAtaques CSRF
Injeção XXE
SSRF
Inclusão de Arquivos
Intro Segurança Web
SSTI
Desserialização
Ataques File Upload
Ataques XSS
Bypass de Auth
Injeção SQL
Injeção de Comandos
Remote Code Execution (RCE)
3 módulosShellshock (CVE-2014-6271)
RCE: Introduction
RCE in PHP
Labs & Desafios Concluídos
Desafios práticos de cibersegurança concluídos com sucesso
Git Exposed
Desafio
GitVersion ControlSource Code AnalysisReconnaissanceWeb Security
Backup Hunter
Desafio
Web EnumerationFile DiscoveryReconnaissanceInformation Gathering
Type Juggling Bypass
Desafio
Web SecurityPHPType JugglingAuthentication BypassHash Analysis
Crack SHA1 Hash
Desafio
CryptographyHash CrackingPassword AnalysisSecurity Tools
Hack This Site
Desafio
JavaScriptDeobfuscationClient-Side SecurityBrowser DevToolsCode AnalysisAuthentication Bypass
SQL Injection Test
Desafio
SQL InjectionWeb SecurityDatabase SecurityAuthentication BypassInput ValidationPenetration Testing
FortiPy
Difícil
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
Vigenere Stego Hunt
Desafio
CryptographySteganographyClassical CiphersImage AnalysisPolyalphabetic Ciphers
Simple Directory Traversal
Desafio
Directory TraversalPath InjectionFile System SecurityWeb SecurityInput ValidationPath ManipulationFile Access
YAML Bomb
Desafio
YAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing Security
WebDAV Explorer
Desafio
WebDAV ExploitationFile UploadDirectory TraversalRemote File AccessHTTP MethodsWeb Server SecurityFile System Enumeration
Prototype Pollution Hunter
Desafio
Prototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web Vulnerabilities
Race Condition Hunter
Desafio
Race ConditionsTiming AttacksConcurrent ExploitationWeb Application Security
IDOR Explorer
Desafio
IDORParameter ManipulationWeb Application SecurityAuthorization Bypass
File Include Bypass
Desafio
Local File InclusionFilter BypassApache AuthenticationPassword Cracking
Header Hijacker
Desafio
HTTP HeadersSecurity BypassWeb Application SecurityClient-Side Manipulation
Corporate Directory Hunt
Desafio
Directory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity Assessment
Cookie Forge
Desafio
JWTCookie ManipulationAuthentication BypassPrivilege Escalation
Button Activator
Desafio
JavaScriptBrowser DevToolsDOM ManipulationClient-Side Security
GraphQL Gateway
Desafio
GraphQLAPI SecuritySchema IntrospectionAuthorization BypassInjection
DNS Tunneling Detective
Desafio
Network ForensicsDNS AnalysisData ExfiltrationTraffic Analysis
Caesar Shift Decoder
Desafio
CryptographyClassical CiphersFrequency AnalysisPattern Recognition
Registry Hijacker
Desafio
Docker Registry APIAuthentication BypassContainer SecurityAPI ManipulationRegistry Exploitation
SUID Privilege Hunter
Desafio
SUID BinariesPrivilege EscalationCommand InjectionLinux SecurityBinary Exploitation
MongoDB Injector
Desafio
NoSQL InjectionMongoDBAuthentication BypassDocument DatabasesWeb Security
LDAP Injector
Desafio
LDAP InjectionAuthentication BypassDirectory ServicesEnterprise SecurityWeb Security
Infiltrator
Fácil
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
Template Injector
Desafio
Server-Side Template InjectionFlask SecurityJinja2 ExploitationRemote Code ExecutionWeb Security
IP Spoofing Admin
Desafio
Web SecurityHTTP HeadersIP SpoofingAccess Control BypassInformation Gathering
WEP Cracker
Desafio
Wireless SecurityWEP CrackingRC4 AnalysisPacket AnalysisCryptographic AttacksLegacy Protocol Exploitation
Registry Hunter
Desafio
Digital ForensicsWindows RegistryPersistence AnalysisBase64 DecodingIncident ResponseMalware Analysis
WiFi Password Cracker
Desafio
WiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityPacket Analysis
Book Cipher Challenge
Desafio
CryptographyClassical CiphersPattern RecognitionHistorical Cryptanalysis
Admin Portal Breach
Desafio
Client-Side SecurityMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksAuthentication Bypass
Git Secrets Hunter
Desafio
Git ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINT
Corporate Backup Deserializer
Desafio
Python PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise Security
ZIP Cracker
Desafio
ZIP Password CrackingJohn the RipperfcrackzipDictionary AttacksBrute ForceArchive Security
KeePass Breaker
Desafio
KeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool Limitations
Template Injection
Desafio
Server-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionPrivilege Escalation
PDF Password Cracker
Desafio
PDF SecurityPassword CrackingDictionary AttacksDigital ForensicsDocument SecurityBrute Force Attacks
Shell Command Scanner
Desafio
Command InjectionWeb SecurityShell CommandsSystem AdministrationHTTP Parameter ManipulationSecurity Assessment
LFI Log Poison
Desafio
Local File InclusionUser-Agent Log PoisoningRemote Code ExecutionDirectory TraversalWeb SecurityApache SecuritySystem AdministrationLog Analysis
NoSQL Injection
Desafio
NoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator Exploitation
File Upload Bypass
Desafio
File UploadWeb SecurityBypass TechniquesPHPWeb ShellsInput ValidationSocial EngineeringPost Exploitation
CSRF Bank Transfer
Desafio
CSRFCross-Site Request ForgerySession SecurityWeb SecuritySocial EngineeringForm SecurityHTTP SecurityState Management
URL Scanner
Desafio
SSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsNetwork SecurityWeb SecurityAWS EC2
API Logic Flaw
Desafio
API SecurityLogic FlawAuthentication BypassParameter ManipulationPHPWeb Security
JWT Claims Manipulation
Desafio
JWTClaims ManipulationPrivilege EscalationAuthentication BypassTime-Based AttacksSignature Cracking
XSS Playground
Desafio
XSSCross-Site ScriptingStored XSSSession HijackingJavaScriptWeb SecurityClient-Side SecurityDOM Manipulation
Alpwned
Médio
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
SQL Injection
Desafio
SQL InjectionDatabase SecurityWeb SecurityBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationVulnerability Assessment
XXE Exposed
Desafio
XXEXML SecurityFile DisclosureExternal EntityWeb SecurityVulnerability Assessment
JWT Algo Confusion
Desafio
JWTAlgorithm ConfusionRS256HS256Token ForgeryWeb Security
JWT Bypass
Desafio
JWTWeb SecurityToken AuthenticationCryptography
Auth Bypass
Desafio
SQL InjectionAuthentication BypassWeb SecurityDatabase Security
Ping Pwn
Desafio
Command InjectionWeb ExploitationService DiscoveryNetwork Security
Log Hunter
Desafio
Log AnalysisWeb SecurityIncident ResponsePattern RecognitionFile DiscoveryCommand Line ToolsForensicsHTTP ProtocolAttack DetectionSecurity Assessment
Path Traversal
Desafio
Path TraversalCGIWeb SecurityFile AccessDirectory TraversalInput Validation
Flask Error
Desafio
FlaskDebug ModePythonWeb SecurityMemory Analysis
Rail Fence
Desafio
CryptographyTransposition CipherRail FencePattern RecognitionPython
Sonic Cipher
Desafio
SteganographyAudio AnalysisLSBForensicsPython
Pixel Puzzler
Desafio
SteganographyImage AnalysisLSBForensicsPython
PDF Trap
Desafio
PDF ForensicsFile AnalysisMetadataHidden DataForensic Tools
Corporate Breach 2
Desafio
Web SecurityPHPLFIPath ManipulationFile Inclusion
Blockchain Secrets
Desafio
Blockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic Analysis
Corporate Breach
Desafio
Web SecurityPHPLFIPassword CrackingAuthentication BypassDirectory Traversal
DNS Exfil
Desafio
Network AnalysisDNSPacket AnalysisData ExfiltrationBase64 Decoding
Crypto Cipher
Desafio
CryptanalysisClassical CryptoPattern RecognitionData Encoding
Snapchat Exposed
Desafio
JenkinsCI/CDDevOpsWeb SecurityPentestAutomation
Session Switch
Desafio
Web SecuritySession ManagementAuthenticationPrivilege EscalationPHP
Red is Dead
Desafio
Network ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageData RecoveryIncident ResponseBase64Hex EncodingRedis
Memory Forensics
Desafio
Memory ForensicsBinary AnalysisDigital ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 Encoding
API Breaker
Desafio
API SecurityWeb HackingLogic FlawsPrivilege EscalationToken ManipulationBase64 EncodingAuthorization Bypass
QR Code Quest
Desafio
QR Code AnalysisImage AnalysisData ExtractionSteganographyDigital Forensics
Base64 Detective
Desafio
Base64Web InspectionBrowser DevToolsData EncodingHTML Analysis
Binary Secrets
Desafio
Binary AnalysisHex EditorsData StructuresReverse EngineeringFile Analysis
Get the Password
Desafio
JavaScriptMD5Rainbow TablesWeb DevelopmentBrowser DevTools
Packet Pursuit
Desafio
Network AnalysisPacket CaptureWiresharkProtocol Analysis
Stego Hunt
Desafio
SteganographyImage AnalysisWebCTF Basics
Hex Hunt
Desafio
JavaScriptWeb DevelopmentHexadecimalBrowser DevTools
FiPloit
Fácil
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
AlVault
Médio
WEB
Broken Chain
Difícil
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
Hack the Cookie
Muito Fácil
WEBLearning Path
Hack the Login
Muito Fácil
WebAuthenticationClient-Side SecurityLearning Path
Nmap Lab 102
Muito Fácil
TELNETLearning Path
Cronpocalypse
Fácil
SSH
Internal
Difícil
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
WP Ultimate
Difícil
WP
Compromised 2
Difícil
Advanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationCVE ExploitationAuthentication BypassPrivilege Escalation
Query Quake
Médio
MYSQLIRCE
Onboarding Lab: Access and Flags
Muito Fácil
NetworkingReconnaissanceCommand LineWeb ServicesLearning Path
Traversed
Médio
GIT
Matsudo
Médio
SSHBrute ForcePrivilege EscalationLinuxSudoNetwork ReconnaissancePenetration Testing
Beyond Echo
Médio
PHPRCE
Include me
Fácil
PHPLFI
Spoof!
Fácil
IP SPOOFING
Anonymous 2
Fácil
FTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem Exploitation
Anonymous
Fácil
FTP
Compromised 1
Médio
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
Secrets in Source
Muito Fácil
HTMLLearning Path
Progresso dos Cursos
Seus caminhos de aprendizado e módulos