Introducing YesWeHack DOJO
Today we’re thrilled to announce the release of the YesWeHack DOJO, a visual exploitation environment and training platform geared toward learning bug exploitation the fun and visual way.
What is YesWeHack DOJO?
A learning tool
When it comes to Information Security and more especially Bug Bounty, the learning process can be very challenging, if not discouraging sometimes. It’s pretty easy to find learning material, but what about “real-life” bug hunting and exploitation? Even when participating in Bug Bounty programs, we’re often left with a partial view and no other option than blindly guessing how the remote system will behave if we feed him with a nasty payload. Resulting in a lot of researchers to drop-off and miss the juicy fruits that are hanging out, a string delimiter away… And that’s how your perspective of big bounty flies away :’)
Don’t give up yet, there’s hope : DOJO offers you a comprehensive and interactive learning platform on which you’ll find introduction courses on different “Themes”, supplemented by “Training” challenges to practice what you’ve learned and complemented with a “Playground” to further explore different configurations and scenarios.
A training platform
From seasoned injector to rookie copycats, we all need to practice – a lot. Skillz are like surgical knives that must be sharpened constantly and DOJO lets you practice while getting direct feedback on your parameters.
A playground
One learns through play and it was of upmost importance for us to bring fun to the mix, with a snappy and visual UI/UX as well as a wide range of possibilities. It’s not all about the skin, of course. In DOJO’s Playground you can create your own challenges and share it with the community through nothing else than a simple link – or just keep it for personal training, you stingy.
In case you worry about privacy and fear your l33t payload to be stolen, you’ll be pleased to know that nothing is stored server-side!
A CTF challenge testing and sharing platform
Would you want to create a short CTF Challenge but don’t need the hassle of setting up a server? DOJO can do it!
You can use any of our back-ends and add your own filters. You can even document your own set of hints and solutions.
A CTF collaborative tool
Stumbled upon a tricky bug during a Bug Bounty session and you want to test how your input will modify a query? Simply recreate this same query inside a new Playground and voilà – here goes your real-time exploit editor!
Welcome to the grid
Today we are opening the YesWeHack DOJO with the 4 first training fields (named themes):
- SQL Injections
- MongoDB Injections
- XPATH Injections
- XSS
And we plan on adding much more through time 🙂
For each Theme, you’ll find a classroom course where you can learn the core principles in a nutshell.
You can then test and practice your skills in the various challenges offered in the ‘Trainings’ section
No more hacking in the dark
Hacking is about logic, not magic. Thus, in YesWeHack DOJO, the focus is on the code and you can have a real-time feel of the impact a specific input has, and how filters could be bypassed!
Create your own training challenges and share them privately!
It has never been that easy to create and share challenges, thanks to a wide list of supported back-ends on which you can build your own labs.
Document, simulate and share real-life setups
Are you stuck on tricky exploitation? With our simple interface, you can reproduce the filters in YesWeHack DOJO and get a better understanding of what you are doing, or even ask a fellow hunter for help without even disclosing on what scope you’re working while he’s not (too bad for him)!
Share it with the world!
You can copy, modify and share any piece of training on Dojo. It’s as simple as sharing a private link!
Challenge your friends with the new challenges you made. Reproduce the context of a private Bug Bounty on YesWeHack DOJO so you can share it and ask for help without compromising the privacy of your target program..
The YesWeHack DOJO is 100% free, however you need to sign in or register as a hunter on our platform to use it