Introducing YesWeHack DOJO

Talent Development YesWeRHackers

Today we’re thrilled to announce the release of the YesWeHack DOJO, a visual exploitation environment and training platform geared toward learning bug exploitation the fun and visual way.

What is YesWeHack DOJO?

A learning tool

When it comes to Information Security and more especially Bug Bounty, the learning process can be very challenging, if not discouraging sometimes. It’s pretty easy to find learning material, but what about “real-life” bug hunting and exploitation? Even when participating in Bug Bounty programs, we’re often left with a partial view and no other option than blindly guessing how the remote system will behave if we feed him with a nasty payload. Resulting in a lot of researchers to drop-off and miss the juicy fruits that are hanging out, a string delimiter away… And that’s how your perspective of big bounty flies away :’)

Don’t give up yet, there’s hope : DOJO offers you a comprehensive and interactive learning platform on which you’ll find introduction courses on different “Themes”, supplemented by “Training” challenges to practice what you’ve learned and complemented with a “Playground” to further explore different configurations and scenarios.

A training platform

From seasoned injector to rookie copycats, we all need to practice – a lot. Skillz are like surgical knives that must be sharpened constantly and DOJO lets you practice while getting direct feedback on your parameters.

A playground

One learns through play and it was of upmost importance for us to bring fun to the mix, with a snappy and visual UI/UX as well as a wide range of possibilities. It’s not all about the skin, of course. In DOJO’s Playground you can create your own challenges and share it with the community through nothing else than a simple link – or just keep it for personal training, you stingy.

In case you worry about privacy and fear your l33t payload to be stolen, you’ll be pleased to know that nothing is stored server-side!

A CTF challenge testing and sharing platform

Would you want to create a short CTF Challenge but don’t need the hassle of setting up a server? DOJO can do it!

You can use any of our back-ends and add your own filters. You can even document your own set of hints and solutions.

A CTF collaborative tool

Stumbled upon a tricky bug during a Bug Bounty session and you want to test how your input will modify a query? Simply recreate this same query inside a new Playground and voilà – here goes your real-time exploit editor!

Welcome to the grid

Today we are opening the YesWeHack DOJO with the 4 first training fields (named themes):

  • SQL Injections
  • MongoDB Injections
  • XPATH Injections
  • XSS

And we plan on adding much more through time 🙂
For each Theme, you’ll find a classroom course where you can learn the core principles in a nutshell.

You can then test and practice your skills in the various challenges offered in the ‘Trainings’ section

No more hacking in the dark

Hacking is about logic, not magic. Thus, in YesWeHack DOJO, the focus is on the code and you can have a real-time feel of the impact a specific input has, and how filters could be bypassed!

See exactly how your parameters are parsed inside the back-end code in real time!

Create your own training challenges and share them privately!

It has never been that easy to create and share challenges, thanks to a wide list of supported back-ends on which you can build your own labs.

Document, simulate and share real-life setups

Are you stuck on tricky exploitation? With our simple interface, you can reproduce the filters in YesWeHack DOJO and get a better understanding of what you are doing, or even ask a fellow hunter for help without even disclosing on what scope you’re working while he’s not (too bad for him)!

Create DOJO playgrounds: document or recreate complex exploitation scenarios!

Share it with the world!

You can copy, modify and share any piece of training on Dojo. It’s as simple as sharing a private link!

Challenge your friends with the new challenges you made. Reproduce the context of a private Bug Bounty on YesWeHack DOJO so you can share it and ask for help without compromising the privacy of your target program..

Create and share visual CTF challenges

The YesWeHack DOJO is 100% free, however you need to sign in or register as a hunter on our platform to use it