Cipher Lantern Labs
Cover visual for Browser Exploit Lab: DOM and prototype edges

Web Exploitation

Browser Exploit Lab: DOM and prototype edges

Hands-on web exploitation workshop focused on modern DOM sinks, prototype pollution patterns, and safe reproduction inside isolated Chromium profiles.

3 days Live cohort + lab VPN Intermediate ¥98,000 JPY

Description

You will chain realistic misconfigurations found in internal portals, not toy puzzles. Each sprint ends with a short written brief template so defenders can reproduce findings without destabilizing production traffic. Labs rotate weekly to keep pace with upstream browser changes while staying inside ethics-first guardrails.

Features

  • Dedicated attacker VM with snapshot rollback after each module
  • Guided walkthrough of Content Security Policy bypass classes that still appear in enterprise markets
  • Custom scoring rubric for narrative quality standards in written findings
  • Peer review block where pairs trade drafts before mentor review
  • Optional extension on HTTP desync diagnostics when cohort pace allows

Outcomes

  • Produce a two-page brief with reproduction, impact, and fix guidance
  • Demonstrate safe triage of DOM XSS candidates using scripted assets references only
  • Explain escalation paths to platform owners without operational drama

FAQ

Do you provide legal advice about disclosure?

No. We teach operational coordination patterns and documentation hygiene; external counsel remains your responsibility.

Are overnight lab hours included?

Scheduled lab blocks end at 18:00 JST. Extended access is not included in the base fee and must be arranged separately if available.

What is not included?

Travel, hotel stays, and certification exam vouchers are excluded. Bring your own laptop that can run our hardened Linux image.

Participant notes

The DOM sink walkthrough referenced our own reporting template, which made the Cloud Attack Surface addendum feel relevant instead of abstract.

— Leo Hart , Application security engineer · Northwind Telemetry · 5/5 · survey

Mentor notes on my brief draft were blunt in a useful way—especially the section on quality standards for evidence screenshots.

— Ami Okada , IT administrator