1.

Your task is to manually perform a Vulnerability Assessment and Penetration

Testing (VAPT) on any Hack The Box (HTB) machine, using the OWASP TOP 10:2021
methods. Additionally, conduct a Web Application Audit compliance check following
the ASVS standard 4.0.3. You must create both a Compliance Report and a VAPT
Report, ensuring they meet industrial standards. The reports should include the
audit checklist, identify compliant and non-compliant policies, and list both
system and web application vulnerabilities. You are not allowed to use automation
tools or existing write-ups, and any such usage will result in disqualification.
All vulnerabilities found must be included in the final report. For reference, use
the ASVS Checklist and the sample VAPT report from Offensive Security. Make sure
you choose any suitable web-based HTB machine. Reference: 1. ASVS Checklist Link:
https://github.com/shenril/owasp-asvs- checklist/blob/master/ASVS-checklist-en.xlsx
VAPT Report - Offensive Security Standard Link:
https://www.offsec.com/reports/sample-penetration-testing-report.pdf Ensure to
thoroughly review the guidelines PDF provided in the introduction lesson as
attachment. This document is essential for understanding the core principles of
cybersecurity. It serves as a foundational resource for effectively cracking the
complexities of cybersecurity.

2. Your task is to choose an active, medium-difficulty HackTheBox machine and write

a detailed report on Medium.com about how you captured the flag. In your report,
show both your successful and failed attempts, and explain why you used specific
tools, such as Nmap or Burp Suite, and the penetration testing methods you
followed. Ensure that your NullClass username and timestamp are visible in the
screenshots of your HackTheBox session. Focus on uncommon attack methods, create
custom scripts or payloads if possible, and include network diagrams—the more
detailed, the better. Reflect on what you learned throughout the process. Please
note that if any write-ups or materials about the machine you chose have already
been published online before your Medium.com post, your submission will not be
accepted. Reports on retired machines are not allowed.

3. Your task is to manually perform a Vulnerability Assessment and Penetration

Testing (VAPT) on any Hack The Box (HTB) machine, using the OWASP TOP 10:2021
methods. Additionally, conduct a Web Application Audit compliance check following
the ASVS standard 4.0.3. You must create both a Compliance Report and a VAPT
Report, ensuring they meet industrial standards. The reports should include the
audit checklist, identify compliant and non-compliant policies, and list both
system and web application vulnerabilities. You are not allowed to use automation
tools or existing write-ups, and any such usage will result in disqualification.
All vulnerabilities found must be included in the final report. For reference, use
the ASVS Checklist and the sample VAPT report from Offensive Security. Make sure
you choose any suitable web-based HTB machine. Reference: 1. ASVS Checklist Link:
https://github.com/shenril/owasp-asvs- checklist/blob/master/ASVS-checklist-en.xlsx
VAPT Report - Offensive Security Standard Link:
https://www.offsec.com/reports/sample-penetration-testing-report.pdf Ensure to
thoroughly review the guidelines PDF provided in the introduction lesson as
attachment. This document is essential for understanding the core principles of
cybersecurity. It serves as a foundational resource for effectively cracking the
complexities of cybersecurity.

4. Your task is to select an upcoming CTF event from the CTFtime calendar and take
a screenshot of the event page with a timestamp to confirm your participation.
Ensure your CTFtime username matches your NullClass username. During the
competition, solve challenges independently (no teams) and document both your
successful and failed attempts. In your Medium report, explain why you used
specific tools or methods, such as Nmap or Burp Suite, and include problem
statements, your solution approach, code snippets, and screenshots of your
progress. Make sure to capture completed challenges and leaderboard position. Note:
If any write-ups or materials about the challenges are published online before your
Medium post, your submission will not be accepted.

5. Your task is to develop a basic Honey Pot that intentionally includes

vulnerabilities from the OWASP Top 10, ensuring the flaws are diverse and
strategically placed to challenge learners. The vulnerabilities should cover a wide
range of issues such as SQL injection, cross-site scripting (XSS), insecure
authentication, and more. Along with the Honey Pot, create a comprehensive solution
guide that explains each flaw in detail, provides remediation steps, and offers
best practices to prevent similar issues in real-world applications. Host the
application on Vercel or Netlify if possible, and share the link. Ensure the Honey
Pot is designed to simulate a real-world environment, making it challenging but
educational for learners.

6. Your task is to create a 15-minute educational video on cybersecurity awareness,

covering a topic like phishing, social engineering, password security, or security
policies. You must narrate the video yourself—AI-generated voices, videos and of
any materials are not allowed. Conduct thorough research and structure your video
with a clear introduction, key concepts, real-life examples, and actionable
security tips. Use engaging visuals like live demonstrations, infographics, or
custom diagrams, and think creatively by adding interactive elements like quizzes
or challenges. Show how cybersecurity works in real-life scenarios, such as a
phishing attack demonstration or password cracking. Record your video with high-
quality audio, then upload it to Google Drive and share the link. Provide an
informative title, description, and tags.

7. Your task is to design a TryHackMe lesson or lab focused on an advanced

cybersecurity skill. Research the topic deeply and create unique, hands-on
challenges that simulate real-world scenarios, with an emphasis on critical
thinking and problem-solving. To make your lesson stand out, incorporate multi-step
attack chains or real-world vulnerabilities that require learners to think like
professional hackers. Develop a comprehensive guide that not only outlines setup
steps and solutions but also provides hints that mirror real-world debugging and
exploration processes. Rigorously test the lab yourself to ensure it pushes
boundaries, and remember, if the lesson isn’t challenging, it won’t be accepted.
Finally, submit a detailed report describing the lesson's objectives, design
process, and how it encourages collaboration and out-of-the-box thinking.

8. Your task is to choose an active, high-difficulty HackTheBox machine and write a

detailed report on Medium.com about how you captured the flag. In your report, show
both your successful and failed attempts, and explain why you used specific tools,
such as Nmap or Burp Suite, and the penetration testing methods you followed.
Ensure that your NullClass username and timestamp are visible in the screenshots of
your HackTheBox session. Focus on uncommon attack methods, create custom scripts or
payloads if possible, and include network diagrams—the more detailed, the better.
Reflect on what you learned throughout the process. Please note that if any write-
ups or materials about the machine you chose have already been published online
before your Medium.com post, your submission will not be accepted. Reports on
retired machines are not allowed.

9. Your task is to research and analyze a major cybersecurity breach of your

choice, without relying on existing reports or summaries. Investigate the
background of the affected organization, how the breach occurred, the
vulnerabilities exploited, and the methods used. Examine the impact on the
organization, customers, and stakeholders, considering financial, legal, and
reputational damage. Analyze how the breach was discovered and the steps taken to
mitigate it. Reflect on lessons learned, and introduce a new section: "If I were in
charge", where you provide your own analysis of how you would have handled the
breach differently. Focus on prevention strategies, response methods, and any
innovative approaches you would have taken to minimize the damage or prevent the
breach altogether. Your report should be structured with a clear introduction,
detailed analysis, and a conclusion that reflects on the key takeaways. Proper
citations are required, and remember: copied reports will be dismissed immediately.
Your work must be original, insightful, and demonstrate critical thinking.

10. Your task is to discover and report vulnerabilities from the bug bounty
platforms Bugcrowd or YesWeHack, or any responsible vulnerability disclosure
program. The report must be acknowledged by the company and follow their policies.
Duplicates will not be accepted, and you must submit at least one valid
vulnerability with a minimum P4 severity rating—P5 or lower will not be accepted.
Focus on lesser-known targets, document your process for choosing and testing the
target, and include a post-mortem analysis reflecting on what you learned, the
challenges you faced, and how you can improve in future bug hunts.

11. Your task is to choose an active, insane-difficulty HackTheBox machine and

write a detailed report on Medium.com about how you captured the flag. In your
report, show both your successful and failed attempts, and explain why you used
specific tools, such as Nmap or Burp Suite, and the penetration testing methods you
followed. Ensure that your NullClass username and timestamp are visible in the
screenshots of your HackTheBox session. Focus on uncommon attack methods, create
custom scripts or payloads if possible, and include network diagrams—the more
detailed, the better. Reflect on what you learned throughout the process. Please
note that if any write-ups or materials about the machine you chose have already
been published online before your Medium.com post, your submission will not be
accepted. Reports on retired machines are not allowed.

12. Your task is to analyze a data privacy policy from a major company of your
choice, such as Google, Facebook, or Amazon. Engage deeply with the policy—evaluate
how well it protects user data, its level of transparency, and its alignment with
major privacy laws like GDPR or CCPA. Identify both strengths and weaknesses, and
suggest practical improvements that could enhance the policy’s effectiveness and
user protection. Focus on providing unique insights that reflect your own critical
thinking, rather than common critiques. Your final report should offer a
comprehensive and thoughtful perspective on how privacy policies could evolve to
meet modern data protection needs