C exercises
734 exercises graded by a sandboxed harness. Write code in the browser, submit, get feedback.
basics
Hello, World!
— beginner
Sum two numbers
— beginner
Max of three
— beginner
Even or odd
— beginner
Factorial
— beginner
Nth Fibonacci
— beginner
FizzBuzz to N
— beginner
Is prime?
— intermediate
Sum of array
— beginner
Reverse array in place
— beginner
Count characters
— beginner
Reverse a string
— beginner
Swap via pointers
— beginner
Distance between points
— intermediate
Implement strlen
— intermediate
Absolute value
— beginner
Greatest common divisor
— beginner
Leap year check
— beginner
Integer power (iterative)
— beginner
Array mean
— beginner
Strict atoi: parse an int with full error reporting
— intermediate
Convert int to string in a fixed buffer
— intermediate
Set a single bit
— beginner
Clear a single bit
— beginner
Toggle a single bit
— beginner
Extract a byte from a 32-bit word
— beginner
Swap two integers using XOR (no temporary)
— beginner
Caesar cipher (educational toy)
— beginner
Case-insensitive alphanumeric palindrome check
— beginner
Count whitespace-separated words
— beginner
Lowercase an ASCII string in place
— beginner
Trim leading and trailing whitespace in place
— beginner
Print sizeof for the canonical C types
— beginner
Spot the signed/unsigned compare trap
— beginner
Three-way classify using ternary
— beginner
Day of week via Zeller's congruence
— intermediate
Sum of decimal digits
— beginner
Integer power by recursion
— beginner
Parse a single `--key=value` flag
— beginner
Implement my_strlen
— beginner
Count a character in a string
— beginner
Sum 1..n recursively
— beginner
Integer power recursively
— beginner
Isolate the lowest set bit
— beginner
Is a number a power of two?
— beginner
Sum an array
— beginner
Maximum of an array
— beginner
Add two integers
— beginner
Square a number
— beginner
Index a flattened matrix
— beginner
Diagonal sum
— beginner
Larger of two
— beginner
Smaller of two
— beginner
First character
— beginner
Last character
— beginner
Program status code
— beginner
Clamp an exit code
— beginner
Copy a string
— beginner
String equality
— beginner
Count format specifiers
— beginner
Validate a format string
— intermediate
Swap two integers
— beginner
Sum of three
— beginner
Bounded string copy
— intermediate
Bounded string length
— beginner
Fits in a byte?
— beginner
Sign of a number
— beginner
Strings equal
— beginner
Prefix check
— intermediate
Parse an integer
— intermediate
Parse two integers
— intermediate
Bounded concatenation
— intermediate
Has a terminator in range?
— beginner
Apply an operator
— beginner
Even number test
— beginner
Count flag arguments
— intermediate
Find a flag's value
— intermediate
Maximum of three
— beginner
FizzBuzz word
— beginner
Reverse an array in place
— beginner
Palindrome check
— beginner
Days in a month
— beginner
Letter grade
— beginner
Index of a substring
— intermediate
Count occurrences
— intermediate
Iterative factorial
— beginner
Count vowels
— beginner
Greatest common divisor
— intermediate
Clamp a value
— beginner
A counter with static state
— intermediate
Running total
— intermediate
Triple a value
— beginner
Negate a value
— beginner
Byte-swap a 32-bit value
— intermediate
Read a big-endian uint32
— intermediate
Count words
— intermediate
Validate a number string
— intermediate
Sum a range
— beginner
Product of a range
— beginner
Fix the array sum (off-by-one)
— intermediate
Fix the maximum (bad initial value)
— intermediate
pointers-memory
Sum via pointer walking
— intermediate
Implement strcpy
— intermediate
Implement strstr
— intermediate
Implement atoi
— intermediate
Allocate sequence 1..N
— intermediate
Deep-copy an int array
— intermediate
Concat three strings (no leaks)
— intermediate
Count set bits (Hamming weight)
— intermediate
Reverse bits of a uint32
— intermediate
Swap two pointers via a function
— beginner
Remove the n-th node from a linked list
— intermediate
Allocate and free a dynamic 2-D array
— intermediate
Grow a dynamic buffer with realloc
— intermediate
Bump-pointer arena allocator
— advanced
Detect a buffer overflow with a canary
— intermediate
Safe overlapping copy (memcpy vs memmove)
— intermediate
Grow a buffer and zero only the new region
— intermediate
Destroy a linked list without use-after-free
— intermediate
Set a value through a pointer
— beginner
Read through a pointer
— beginner
Nth element via pointer arithmetic
— beginner
Distance between pointers
— intermediate
Sum an array with a pointer
— beginner
Fill an array
— beginner
Find a character
— beginner
String length by pointer
— beginner
Dereference twice
— intermediate
Swap two pointers
— intermediate
Allocate a range
— intermediate
Duplicate an array
— intermediate
Zero-initialised allocation
— intermediate
All zero?
— beginner
Append with realloc
— intermediate
Resize via a pointer-to-pointer
— intermediate
Allocate, use, free
— intermediate
Concatenate two arrays
— intermediate
Are allocations balanced?
— intermediate
Count leaked allocations
— intermediate
Detect a use-after-free
— intermediate
Validate a resource lifecycle
— intermediate
Bounds-checked element pointer
— intermediate
Is an index in bounds?
— beginner
Capacity-checked copy
— intermediate
Overflow-checked addition
— intermediate
data-structures
Linked list length
— beginner
Insert at end
— intermediate
Reverse a linked list
— intermediate
Int stack (push/pop/peek)
— intermediate
Circular int queue
— intermediate
Int→int hash table (open addressing)
— advanced
BST insert
— intermediate
BST inorder to array
— intermediate
Binary search
— intermediate
Bubble sort
— intermediate
Quicksort
— advanced
Count distinct ints in a sorted array
— beginner
Merge two sorted arrays
— intermediate
Rotate array right by k
— intermediate
Merge sort
— intermediate
Heap sort
— advanced
Counting sort (small range)
— intermediate
3SUM: triples summing to zero
— advanced
Reverse words of a sentence in place
— intermediate
Longest substring without repeating characters
— intermediate
Detect a cycle in a linked list
— intermediate
LRU cache (int keys, fixed capacity)
— advanced
Dijkstra shortest paths (small graph)
— advanced
Trie: count words with a prefix
— advanced
Final Project: todo-list-cli — add/remove/list
— intermediate
Final Project: tiny key-value store
— intermediate
Final Project: CSV row parser (no quoting)
— intermediate
Final Project: tiny stack VM
— advanced
Fixed-capacity circular queue
— intermediate
Min-heap priority queue
— advanced
Merge overlapping intervals
— intermediate
LRU cache for string keys
— advanced
Binary search (recursive implementation)
— intermediate
Flatten a 2D array to 1D (row-major)
— intermediate
Tower of Hanoi: count moves
— intermediate
Are the brackets balanced?
— beginner
A FIFO queue implemented with two stacks
— intermediate
Find the middle node of a singly linked list
— intermediate
Are two strings anagrams of each other?
— beginner
Manhattan distance between points
— beginner
Rectangle area
— beginner
Compare fractions
— intermediate
Dot product of 3-vectors
— beginner
Name a colour
— beginner
Turn right
— beginner
Length of a linked list
— beginner
Sum of a linked list
— beginner
Balanced brackets
— intermediate
Maximum nesting depth
— beginner
Ring-buffer index
— beginner
Queue length in a ring
— intermediate
Find a free slot (linear probing)
— intermediate
Lookup with linear probing
— intermediate
Height of a binary tree
— intermediate
Sum of a binary tree
— intermediate
Bubble sort
— intermediate
Is it sorted?
— beginner
Linear search
— beginner
Binary search
— intermediate
djb2 string hash
— intermediate
Map a hash to a bucket
— beginner
file-handling
Write lines to file
— intermediate
Read a whole file as text
— intermediate
Count lines in a file
— intermediate
Count lines from a string buffer
— beginner
First line containing a substring
— intermediate
Final Project: mini-grep — substring match in lines
— intermediate
Final Project: mini-wc — line/word/byte counter
— beginner
Final Project: mini-cat — concatenate buffers
— beginner
Final Project: log-aggregator — count by level
— intermediate
Read a file into a bounded buffer
— beginner
Append a line to a file
— beginner
Copy a file in chunks
— intermediate
Count a byte's occurrences in a file
— beginner
Get a file's size
— beginner
Extract the Nth CSV field
— intermediate
Read a value from INI text
— intermediate
Take the last N lines
— intermediate
Convert CRLF to LF
— beginner
Detect a byte-order mark
— beginner
Extract the final path component
— beginner
Read a fixed-size record
— intermediate
Is a file readable?
— beginner
File size via fseek/ftell
— intermediate
Read the first N bytes
— intermediate
Read one binary int
— intermediate
Write bytes to a file
— intermediate
Write one binary int
— intermediate
Count lines in a file
— intermediate
Read the first line
— intermediate
File size via stat
— intermediate
Is it a regular file?
— intermediate
Save a record
— intermediate
Load a record
— intermediate
Count CSV fields
— beginner
Extract a CSV field
— intermediate
Count lines at a level
— intermediate
First error line number
— intermediate
linux-sysprog
Echo argv with indices
— intermediate
Env var with default
— intermediate
Spawn child and collect exit code
— intermediate
Fork+exec /bin/echo
— advanced
Pipe roundtrip
— advanced
Count SIGUSR1 deliveries
— advanced
Copy bytes between fds
— intermediate
Minimal cat: print file to fd
— intermediate
Substitute $VAR with environment value
— intermediate
Print a hex dump line
— intermediate
Count env vars with prefix
— intermediate
Final Project: mini-shell — argv tokenizer
— intermediate
Order of operations to daemonize a process
— advanced
Plan a pipe chain for N processes
— advanced
Compute a sigprocmask blocking SIGINT/SIGTERM
— intermediate
Map poll() events to per-fd readiness flags
— intermediate
Write a buffer to two outputs
— beginner
Return the last N bytes of a buffer (tail)
— beginner
Read an integer environment variable with bounds
— intermediate
Parse a `/etc/passwd`-style line
— intermediate
Join two path components safely
— intermediate
Atomic-write checklist
— intermediate
Translate an errno value into a friendly string
— beginner
Simulate an eventfd counter
— beginner
One-shot timer: 'is now past the fire time?'
— beginner
Classify a signal into an action
— beginner
Refuse a Unix-socket peer unless their UID is on the allow-list
— intermediate
Parse a /proc/self/maps line
— beginner
Extract VmRSS from /proc/self/status
— intermediate
Predict the result of a mutex-protected counter
— beginner
One-shot init: which call performs the work?
— beginner
Will this allocation fail under the rlimit?
— beginner
Order the daemonisation steps
— advanced
Compute a cgroup v2 cpu.max line
— intermediate
Resolve a plugin's required symbols
— intermediate
Check the mount-namespace flag
— advanced
Catch SIGINT and set a flag
— beginner
Time-out a blocking read with alarm()
— intermediate
Parent process signals a child
— intermediate
Translate legacy signal() into sigaction()
— beginner
Graceful SIGTERM — set a flag, cleanup in main
— intermediate
Create one thread that returns a value
— beginner
Spawn N threads, join all
— beginner
Pass an integer to each thread (by value)
— intermediate
Sum an array using multiple threads
— advanced
Demonstrate a race condition
— intermediate
Fix the race with a pthread_mutex_t
— intermediate
Build a tiny thread-safe counter type
— intermediate
Decode a syslog priority value
— beginner
Lowest free file descriptor
— intermediate
Count open descriptors
— beginner
Read with raw descriptors
— intermediate
Write with raw descriptors
— intermediate
errno after a failed open
— intermediate
Set errno in your own function
— intermediate
Interpret fork's return
— beginner
Processes after N forks
— beginner
Length of an argv vector
— beginner
Is it an absolute path?
— beginner
Decode an exit status
— intermediate
Was the child signalled?
— intermediate
Bytes left in a pipe
— intermediate
Would the write block?
— beginner
Does the default action terminate?
— intermediate
Can the signal be caught?
— beginner
getenv with a default
— beginner
Boolean environment flag
— beginner
Count command arguments
— intermediate
Count pipeline stages
— beginner
eventfd counter
— beginner
timerfd expirations
— beginner
Parallel array sum
— advanced
Chunks needed for workers
— beginner
Clamp to a soft limit
— beginner
Over the hard limit?
— beginner
Parse VmRSS from /proc status
— intermediate
Parse thread count
— intermediate
Same namespace?
— beginner
cgroup memory remaining
— beginner
Signal name to number
— beginner
Signal number to name
— beginner
Is it a termination signal?
— beginner
Is it a stop signal?
— beginner
Does the handler auto-restart syscalls?
— intermediate
Does the handler get siginfo?
— intermediate
Async-signal-safe function?
— intermediate
Is the handler body safe?
— intermediate
Raise a signal to yourself
— intermediate
Count raised signals
— intermediate
Signal yourself with kill
— intermediate
Valid signal number?
— beginner
Seconds remaining on a timer
— beginner
Has the deadline passed?
— beginner
Catch Ctrl-C
— intermediate
Force-quit on second Ctrl-C
— beginner
Correct flag type for a handler
— beginner
Coalesced signals
— beginner
Useful thread count
— beginner
Ideal parallel runtime
— beginner
Spawn and join N threads
— advanced
Detached vs joinable
— beginner
Double a value in a thread
— advanced
Safe way to pass per-thread args
— beginner
Return a value from a thread
— advanced
Why not return a stack address?
— beginner
Detect a lost update
— intermediate
Is the operation atomic?
— beginner
Are lock/unlock balanced?
— intermediate
Critical section nesting
— beginner
Opposite lock ordering
— intermediate
Consistent lock order
— intermediate
Does this need synchronisation?
— beginner
Reentrant function variant
— beginner
Bounded buffer occupancy
— intermediate
Would the producer block?
— beginner
Forgotten joins
— beginner
Classify a threading bug
— beginner
networking
TCP echo client (localhost)
— advanced
One-shot TCP server
— advanced
UDP send and receive
— advanced
Parse an HTTP status line
— intermediate
TCP connect with timeout
— advanced
Find open ports on localhost
— advanced
Parse a port number string
— beginner
Compute network address from IP + prefix
— intermediate
Does CIDR contain IP?
— intermediate
Token-bucket rate limiter (single slot)
— intermediate
Final Project: HTTP status-line parser
— intermediate
Parse HTTP request line (method + path)
— intermediate
Build an HTTP GET request
— beginner
Parse an IPv4 dotted-quad to uint32
— intermediate
Does an IPv4 CIDR block contain an address?
— intermediate
fd_set–style bit tracker for multiplexed I/O
— advanced
Compute the IPv4/TCP one's-complement checksum
— advanced
Parse the fixed fields of a mock IPv4 header
— intermediate
Byte-swap a 32-bit integer
— beginner
Compute CRC-8 over a byte stream (poly 0x07)
— intermediate
Decode TCP flag byte into individual flags
— beginner
Filter the fds reported as readable by epoll_wait
— intermediate
Drain a non-blocking 'read' to EAGAIN
— intermediate
Parse an IP literal into a discriminated v4/v6 union
— beginner
Does an IPv4 address match a CIDR block?
— beginner
Decode an HTTP/1.1 chunked body
— intermediate
Parse a Cookie header into name/value pairs
— intermediate
Choose the right keep-alive interval
— intermediate
Decode IGMP membership-query bytes
— advanced
Decode a DNS-wire label sequence (no pointer compression)
— advanced
Parse the 5-byte TLS record header
— advanced
Open a listening TCP socket on localhost
— beginner
Connect from a TCP client to a listener
— beginner
Send a message client → server (length-prefixed)
— intermediate
One-shot echo server
— intermediate
Multi-client server with threads (3 connections)
— advanced
Localhost port checker (open/closed)
— intermediate
Hand-build a minimal HTTP/1.0 GET request
— intermediate
Decode a DNS question name
— intermediate
Extract the SNI host from a TLS extension
— intermediate
Classify an ARP frame
— beginner
Parse a TLS record header
— intermediate
Valid port number?
— beginner
Well-known port?
— beginner
Build a host:port string
— beginner
Parse a host:port string
— intermediate
Clamp the listen backlog
— beginner
Allocate a connection id
— beginner
Datagrams needed
— beginner
Does the datagram fit?
— beginner
Port from network bytes
— beginner
Port to network bytes
— beginner
Build an HTTP GET request
— intermediate
Parse the status code
— intermediate
Build an HTTP response
— intermediate
Parse the request method
— intermediate
Count ready descriptors
— beginner
Any readable fd?
— beginner
Milliseconds to timeval seconds
— beginner
Milliseconds to timeval microseconds
— beginner
Is it a loopback address?
— beginner
Port within scan range?
— beginner
Valid HTTP method?
— beginner
HTTP status class
— beginner
Internet checksum (16-bit ones-complement)
— advanced
XOR checksum
— beginner
Count epoll events of interest
— beginner
Cap the maxevents argument
— beginner
Would the call have blocked?
— intermediate
Set the non-blocking flag
— beginner
Valid hostname character?
— beginner
Is the hostname well-formed?
— intermediate
Does the path fit in sun_path?
— beginner
Abstract socket address?
— beginner
Count hextet groups
— beginner
IPv6 loopback?
— beginner
Parse a chunk size
— intermediate
Is this the last chunk?
— beginner
Is the TLS version acceptable?
— beginner
Is it the HTTPS port?
— beginner
Is it a stream socket?
— beginner
Is it an internet family?
— beginner
Reliable transport?
— beginner
Connectionless transport?
— beginner
Valid socket fd?
— beginner
Did socket() fail?
— beginner
Pack a dotted quad into a 32-bit address
— intermediate
Unpack a 32-bit address
— intermediate
htons via bytes
— intermediate
ntohs via bytes
— intermediate
Did bind succeed?
— beginner
Does binding need privilege?
— beginner
Valid backlog value?
— beginner
Did accept return a connection?
— beginner
Did connect succeed?
— beginner
Non-blocking connect in progress?
— intermediate
Did we receive everything?
— beginner
Bytes left to send
— beginner
Active connections
— beginner
Peak connections
— intermediate
Reads needed for a response
— beginner
Did we receive the whole message?
— beginner
Is this a localhost name?
— beginner
Is it a safe test target?
— beginner
Name a socket error
— intermediate
Is the error retriable?
— beginner
Parse the request line
— intermediate
Find a header value
— intermediate
SIP request method
— intermediate
SIP status code
— intermediate
Count IQ samples
— beginner
Read a little-endian 16-bit sample
— intermediate
DNS question count
— intermediate
Is it a DNS response?
— intermediate
TLS record content type
— intermediate
TLS record length
— intermediate
cybersecurity
Strict integer parsing
— intermediate
Fix the strcpy overflow
— intermediate
Fix the sprintf overflow
— intermediate
Detect weak passwords
— intermediate
Parse an access log status code
— intermediate
Constant-time byte compare
— intermediate
Run a program without a shell
— intermediate
Detect risky SQL chars
— intermediate
Parse an http/https URL safely
— intermediate
Detect world-writable files
— intermediate
Parse an IPv4 header from bytes
— advanced
Count suspicious IPs in a sample log
— intermediate
Detect repeated failed logins
— intermediate
Parse an HTTP request line
— intermediate
Parse HTTP response headers
— intermediate
Find dangerous C functions in toy source
— intermediate
Replace unsafe strcpy with bounded copy
— intermediate
Fix a toy buffer overflow
— intermediate
Validate input length
— intermediate
Detect command-injection characters in input
— intermediate
Write a safe allowlist validator
— intermediate
Check local file permissions
— intermediate
Compare two files by content hash
— intermediate
Build a 32-bit checksum tool
— intermediate
Compare tokens in constant time
— intermediate
Detect format string misuse in toy code
— intermediate
Parse a sample Nmap-style report
— intermediate
Localhost-only TCP connection checker
— intermediate
Read a banner from a local service
— intermediate
Password strength check (local)
— intermediate
Redact secrets from a log line
— intermediate
Why you don't scan public targets
— beginner
HTML-escape user-provided text
— intermediate
Detect weak crypto algorithm names
— beginner
Validate a password against a policy
— beginner
Prevent CSV injection by prefixing risky cells
— intermediate
Pattern-match log file rotation candidates
— beginner
Detect a malformed username (defensive check)
— intermediate
Detect path-traversal patterns in a string
— intermediate
Sanitize a user-supplied filename
— intermediate
Extract the host from a URL safely
— intermediate
Redact email addresses in a log line
— intermediate
Redact credit-card-like number runs
— intermediate
Bounded string concatenation (drop-in safer strncat)
— intermediate
Validate a token against a fixed character allowlist
— beginner
Detect format-string injection in user input
— intermediate
Unfold an HTTP/1.1 continuation header
— intermediate
Validate an HTTP method against an allowlist
— beginner
Add two ints with overflow detection
— intermediate
Multiply two ints with overflow detection
— advanced
Validate a filename against an extension allowlist
— beginner
Subtract two ints with overflow detection
— intermediate
Refuse a DNS result that resolves to an internal range (SSRF defence)
— intermediate
Bidirectional %XX URL encoding with an allow-list
— beginner
Identify the file format from the first 8 bytes
— beginner
Parse a mock ELF64 header — extract version, machine, entry
— intermediate
Parse a /proc/net/tcp line and detect a public LISTEN
— intermediate
Decide whether an fd-target string is suspicious
— beginner
Strip dangerous environment variables before exec
— intermediate
Detect a NUL byte hidden inside argv (within the allocated extent)
— beginner
Flag a $PATH entry that is writable by anyone but root
— intermediate
Validate that a mkstemp template ends with at least 6 X's
— beginner
Reject when O_NOFOLLOW would have refused
— intermediate
Identify file type from the first bytes
— beginner
Reject a Host header with CR / LF / NUL / space
— beginner
Is this syscall on the allow-list?
— advanced
Pick the right entropy source for the use case
— beginner
Score a setuid program against the 5-item checklist
— intermediate
Compose the libFuzzer entry point
— beginner
Build one line of an xxd-style hex dump
— beginner
Count open ports in a saved nmap XML dump
— intermediate
Detect brute-force IPs in auth.log
— intermediate
Score a password against a policy struct
— beginner
Flag SQL-injection metacharacters in input
— intermediate
Render a finding struct as Markdown
— beginner
Parse an HTTP request line into method/path/version
— intermediate
Read the 24-byte pcap global header
— intermediate
Extract the method from a SIP request
— intermediate
Classify an 802.11 frame as mgmt/ctrl/data
— intermediate
Extract the BLE Complete Local Name from an advertisement
— intermediate
Count global symbols in an ELF .symtab buffer
— intermediate
Detect a firmware blob's type from its magic bytes
— beginner
Read a filename from a mock MFT record
— intermediate
Recover an 8.3 filename from a FAT directory entry
— intermediate
Parse the 20-byte header of an IQ-samples capture
— intermediate
Count unique non-empty subdomains in a wordlist
— beginner
Count HIGH-severity entries in a mock CVE JSON feed
— intermediate
Score a URL for phishing structural smells
— intermediate
Format a contactless-card UID as colon-hex
— beginner
Detect a glibc-style stack canary pattern
— intermediate
A libFuzzer-shape target that never crashes
— intermediate
Constant-time byte equality
— intermediate
Write a USTAR tar header for one file
— intermediate
Bounded base64 decoder
— intermediate
Classify a TCP scan from its flag byte
— intermediate
Detect port scanners in a connection log
— intermediate
Validate JWT structure
— beginner
Flag a Log4Shell JNDI marker
— beginner
Compute a CRC-32 checksum
— intermediate
Audit a file mode for risky bits
— beginner
Read the machine type from a PE header
— intermediate
Base64 encode
— intermediate
Dictionary attack against a hash
— beginner
Validate PKCS#7 padding
— intermediate
Would this write overflow?
— beginner
Safe write length
— beginner
Index in bounds?
— beginner
Is a sub-range valid?
— intermediate
strlcpy-style copy
— intermediate
strlcat-style append
— intermediate
Validate a username
— intermediate
Validate an integer in range
— intermediate
Overflow-checked multiply
— intermediate
Overflow-checked size addition
— intermediate
Detect format specifiers in input
— intermediate
Count percent signs
— beginner
Detect shell metacharacters
— intermediate
Allowlist a safe argument
— intermediate
Check a return code
— beginner
Did every step succeed?
— beginner
Ensure NUL termination
— intermediate
Safe append position
— beginner
Parse a bounded unsigned int
— intermediate
Parse a hex byte
— intermediate
Is the file-access approach TOCTOU-safe?
— intermediate
Does it create atomically?
— intermediate
Does it refuse to follow symlinks?
— intermediate
Does the path contain ..?
— intermediate
Is the password strong enough?
— intermediate
Does it contain a special character?
— beginner
Detect SQL metacharacters
— intermediate
Escape single quotes
— intermediate
Bounds-safe byte read for a fuzzer
— intermediate
Enough input to parse?
— beginner
Constant-time equality
— intermediate
Which compare is timing-safe?
— beginner
Base64 encoded length
— beginner
Valid base64 character?
— beginner
Are you authorized to test?
— beginner
Is the action ethical?
— beginner
Is the target in scope?
— beginner
Should you stop?
— beginner
Is it a private (RFC1918) address?
— intermediate
Is it a safe lab target?
— beginner
Extract the request path
— intermediate
Suspicious request path?
— intermediate
Count 404 responses
— intermediate
Count distinct client IPs
— advanced
Count failed logins
— intermediate
Brute-force threshold reached?
— beginner
Does the code call strcpy?
— beginner
Count unsafe calls
— intermediate
Does the code call system()?
— beginner
Safer alternative to system()?
— beginner
Does the query use a placeholder?
— beginner
Is the query built by concatenation?
— beginner
Is the scan target allowed?
— beginner
Number of ports to scan
— beginner
Is it an ELF file?
— intermediate
Is the ELF 64-bit?
— intermediate
Parse a labelled /proc field
— intermediate
Parent PID from status
— beginner
Is the setuid bit set?
— intermediate
Is the file world-writable?
— intermediate
Is the syscall on the allowlist?
— intermediate
Default-deny action
— beginner
Minimum-size guard
— beginner
Read stays within input?
— intermediate
Count open ports in nmap XML
— intermediate
Count scanned hosts
— beginner
Count accepted logins
— beginner
Count invalid-user attempts
— beginner
Build a finding block
— intermediate
Severity rank
— beginner
pcap captured length
— intermediate
Read a little-endian uint32
— intermediate
802.11 frame type
— intermediate
802.11 frame subtype
— intermediate
BLE AD structure length
— beginner
BLE AD type
— beginner
ELF symbol binding
— intermediate
ELF symbol type
— intermediate
Is it gzip-compressed?
— beginner
Identify firmware container
— intermediate
Is it an MFT record?
— beginner
MFT first-attribute offset
— intermediate
Is the directory entry deleted?
— beginner
Recover the first character
— beginner
Count subdomains
— intermediate
Count subdomains of a domain
— intermediate
Valid CVE id?
— intermediate
Extract the CVE year
— intermediate
URL contains an @ ?
— beginner
Phishiness score
— intermediate
UID bytes to hex
— intermediate
Single-size UID?
— beginner
Is the canary intact?
— beginner
Is it a terminator canary?
— intermediate
Total evidence size
— beginner
Does the bundle fit?
— beginner
Is it a known Kali tool?
— beginner
Tool category
— beginner
Distinct ports touched
— intermediate
Is this a port scan?
— beginner
Owner permission bits
— intermediate
World-writable file?
— intermediate
Object-level authorization: stop IDOR / BOLA
— intermediate
Bounds-Safe HTTP Request-Line Parser
— intermediate
Flag Sensitive API Endpoints
— beginner
BOLA Guard: Allowed-Object Set Check
— intermediate
BFLA: Rank-Based Function Authorization
— intermediate
BFLA: Role-Action Allowlist Check
— intermediate
Mass Assignment: Field Allowlist Guard
— beginner
Mass Assignment: Allowlist the Fields a Client May Set
— intermediate
JWT Structure Splitter
— intermediate
Validate a JWT Segment Charset (base64url)
— beginner
Fixed-Window Rate Limiter
— intermediate
Token-Bucket Rate Limiter
— advanced
Count Unique API Endpoint Paths
— intermediate
Normalize an API Request Path Safely
— intermediate
Constant-Time CSRF Token Comparison
— intermediate
Validate CSRF Token Format
— beginner
Detect Missing Security Response Headers
— intermediate
Bounds-Safe HTTP Header Line Parser
— intermediate
Path Traversal Detector
— intermediate
Path Traversal: Stay Within Base
— advanced
Audit File Modes for Privilege-Escalation Bits
— beginner
Flag Over-Privileged Container Capabilities
— intermediate
Zip Slip: Reject Unsafe Archive Entries
— intermediate
Zip-Slip Safe Path Join
— intermediate
Parse a Dotted-Quad IPv4 Address Safely
— intermediate
SSRF Defence: Reject Private IPv4 Ranges
— intermediate
CIDR Membership Check: ip_in_cidr
— intermediate
Usable Hosts in a CIDR Subnet
— beginner
Parse a MAC Address Safely
— intermediate
Detect the Broadcast MAC Address
— beginner
Classify a TCP/UDP Port Number
— beginner
Flag High-Risk Exposed Ports
— intermediate
Validate a DNS Hostname Safely
— intermediate
Count DNS Labels Safely
— beginner
Detect Plaintext Password Storage
— intermediate
Validate a bcrypt Hash Structure
— intermediate
Defensive Password Strength Meter
— intermediate
Banned-Password Denylist Check
— beginner
Validate a Canonical SHA-256 Hex Digest
— beginner
Constant-Time Digest Comparison
— intermediate
Spot the ECB Fingerprint
— advanced
Flag Weak Cryptographic Algorithms
— beginner
Detect Parameterized vs Concatenated SQL
— intermediate
Count SQL Parameter Placeholders
— intermediate
Set-Cookie Security-Attribute Auditor
— intermediate
Audit a Hardened Session Cookie
— beginner
Allowlist Validation for SQL Identifiers
— beginner
ORDER BY Column Allowlist
— beginner
SSRF Guard: Block Internal IPv4 Ranges
— intermediate
SSRF Defense: URL Scheme Allow-List
— beginner
Server-Side Access Control: Stop the IDOR
— intermediate
Count Owned Objects (IDOR-Safe Access Check)
— intermediate