Reversing |
FlagCasino |
Reversing a rand based flag checker |
⭐ |
Reversing |
SnappedShut |
Reversing a backdoored v8 snapshot |
⭐⭐ |
Reversing |
Don't Panic |
Reversing the use of Rust unwind catching |
⭐⭐ |
Reversing |
TunnelMadness |
Solving a 3D maze embedded in a binary |
⭐⭐⭐ |
Reversing |
SatelliteHijack |
Reversing a multi-layered ifunc based backdoor |
⭐⭐⭐⭐ |
Crypto |
eXciting Outpost Recon |
Recover XOR key given known plaintext |
⭐ |
Crypto |
Living with Elegance |
Solve decisional problem based on LWE outputs |
⭐⭐ |
Crypto |
Bloom Bloom |
Obtain the key derived from BBS outputs and then SSS |
⭐⭐ |
Crypto |
Not that random |
Identify fake outputs from a custom vulnerable HMAC |
⭐⭐⭐ |
Crypto |
Blessed |
Crack EC-PRNG with LLL + Cheat custom ZKP + Rogue Key Attack |
⭐⭐⭐⭐ |
Blockchain |
Recruitment |
Interact with the infrastructure and solve the challenge by satisfying transaction constraints. |
⭐ |
Blockchain |
NotADemocraticElection |
Common signature forgery attack. |
⭐⭐ |
Blockchain |
MetaVault |
Self verification of smart contracts and how "secrets" can sometimes be hidden in the metadata. |
⭐⭐ |
Blockchain |
Brokenswap |
Steal funds from a DEX |
⭐⭐⭐ |
Cloud |
Scurried |
|
⭐ |
Cloud |
MetaRooted |
|
⭐⭐ |
Cloud |
Protrude |
|
⭐⭐ |
Cloud |
CloudOfSmoke |
|
⭐⭐⭐ |
Cloud |
Asceticism |
|
⭐⭐⭐⭐⭐ |
Coding |
Computational Recruiting |
Sort based on parsed data computed with formulas |
⭐ |
Coding |
Bag Secured |
Implement an algorithm to solve the knapsack problem |
⭐⭐ |
Coding |
Dynamic Paths |
Implement a dynamic programming algorithm to solve the minimum path sum problem |
⭐⭐ |
Coding |
Branching Tactics |
Traverse a tree efficiently using binary lifting |
⭐⭐⭐ |
Coding |
Nothing Without A Cost |
DP with an optimized divide and conquer approach |
⭐⭐⭐⭐ |
Forensics |
Caving |
PowerShell event log analysis |
⭐ |
Forensics |
Silicon Data Sleuthing |
OpenWRT firmware analysis |
⭐⭐ |
Forensics |
Tangled Heist |
LDAP network traffic analysis |
⭐⭐ |
Forensics |
Mitigation |
XZ Backdoor detection and mitigation |
⭐⭐⭐ |
Forensics |
Counter Defensive |
Kovter based registry persistence analysis and Telegram evidence dump |
⭐⭐⭐⭐ |
Hardware |
It's Oops PM |
VHDL backdoor |
⭐ |
Hardware |
Say Cheese! |
Camera firmware backdoor |
⭐⭐ |
Hardware |
Six Five O Two |
Flashing 6502 CPU |
⭐⭐⭐ |
Misc |
Aptitude Test |
Connect to a socket via nc and send answers |
⭐ |
Misc |
Chrono Mind |
LM context injection with path-traversal, LM code completion RCE. |
⭐⭐ |
Misc |
Hidden Path |
Analyse a JavaScript file to find a backdoor using invisible characters and use the backdoor for RCE |
⭐⭐ |
Misc |
Locked Away |
Simple PyJail, clearing blacklist |
⭐⭐ |
Misc |
Super-Duper Pwn |
vm2 bypass js bot |
⭐⭐ |
Misc |
Prison Pipeline |
SSRF exfiltrate private NPM registry token, RCE via supply-chain attack |
⭐⭐⭐ |
Misc |
Zephyr |
git and sqlite recon |
⭐⭐⭐ |
Pwn |
Regularity |
ret2reg to run custom shellcode |
⭐ |
Pwn |
Abyss |
Abusing lack of null-byte termination |
⭐⭐ |
Pwn |
No Gadgets |
Buffer overflow with missing gadgets, complicating leaking and exploitation |
⭐⭐ |
Pwn |
Insidious |
Cache side-channel attack to leak flag location |
⭐⭐⭐ |
Pwn |
Pyrrhus |
V8 UAF |
⭐⭐⭐⭐ |
Web |
Jailbreak |
XXE |
⭐ |
Web |
Blueprint Heist |
wkhtmltopdf exploit -> LFI -> GraphQL SQLi -> regex bypass -> RCE |
⭐⭐⭐ |
Web |
HTB Proxy |
DNS re-binding => HTTP smuggling => command injection |
⭐⭐⭐ |
Web |
Magicom |
register_argc_argv manipulation -> DOMXPath PHAR deserialization -> config injection -> command injection |
⭐⭐⭐ |
Web |
OmniWatch |
CRLF injection -> header injection -> cache poisoning -> CSRF -> LFI + SQLi -> beat JWT protection |
⭐⭐⭐⭐ |
Web |
SOS or SSO? |
VueJS XSS -> OpenID IdP manipulation -> SQLi |
⭐⭐⭐⭐ |