00 — Overview

FirstBank — Brute Force

No lockout. No rate limiting. A 4-digit PIN. Learn how brute force attacks work against real login systems and build the mindset for testing authentication.

Beginner·30 min·4 tasks

// By the end of this module

→Brute force a banking login without triggering account lockout

→Enumerate valid usernames via subtle response differences

→Apply Hydra against a realistic rate-limited login form

// Prerequisites

Foundation · Beginner

How Authentication Works

35 min

→

Authentication · Intermediate

Broken Authentication

50 min

→