| Category | Name | Objective |
Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Blockchain | CryoPod | TBD | ⭐ |
| Blockchain | ForgottenArtifact | TBD | ⭐⭐ |
| Blockchain | FrontierMArketplace | TBD | ⭐⭐⭐ |
| Blockchain | Stargazer | TBD | ⭐⭐⭐⭐ |
| Coding | Conflict Cruncher | Merging two dicts and resolving duplicates | ⭐ |
| Coding | Exclusivity | Deduplicating an unordered list | ⭐ |
| Coding | Word Wrangler | Finding the most common word | ⭐⭐ |
| Coding | Energy Crystals | Finding all combinations of addition of a set of numbers | ⭐⭐ |
| Coding | Weighted Starfield | Find maximum product of array slices | ⭐⭐⭐ |
| Crypto | MulTLock | Decrypt a polyalphabetic cipher combined wit a XOR operation with timestamp-based generated keys | ⭐ |
| Crypto | alphascii clashing | Find an alphanumeric collision in MD5 | ⭐ |
| Crypto | exfiltrated entropy | Recover the LCG seed given an LCG output and decrypt the C2 traffic | ⭐⭐ |
| Crypto | cryptospiracy theory | AES Decryption + Affine Cipher Decryption | ⭐⭐⭐ |
| Crypto | Clutch | Break a novel Frame-based Quantum Key Distribution (QKD) protocol using simple cryptanalysis techniques related to the quantum state pairs reused in the frames computation. | ⭐⭐⭐⭐ |
| Forensics | Frontier Exposed | Investigate an open directory vulnerability identified on an APT group's server and conduct analysis of their bash history. | ⭐ |
| Forensics | Wanted Alive | Conduct an in-depth analysis of heavily obfuscated malware, featuring two layers of obfuscation utilizing JScript and VBScript, inspired by real-world samples. | ⭐⭐ |
| Forensics | Binary Badresources | Conduct an analysis of the recently disclosed GrimResource technique (CVE-2024-43572), which exploits the Microsoft Windows Management Console (MSC) vulnerability in MSC files, including decompiling the dropper and decrypting the final shellcode. | ⭐⭐⭐ |
| Forensics | Signaling Victorious | Recover an archive password from LSA Secrets and then use the pypykatz volatility plugin to dump the DPAPI master keys. Then, decrypt the SQL key and dump the messages. Finally, connect to the Starkiller instance and retreive the flag in the leaked credentials. | ⭐⭐⭐⭐ |
| Pwn | Reconstruction | Writing assembly to set bytes to specific values | ⭐ |
| Pwn | Recruitment | Uninitialized buffer address leak then one_gadget ret2libc | ⭐⭐ |
| Pwn | Prison Break | Heap UAF for arb write to gain RCE | ⭐⭐⭐ |
| Pwn | Dead or Alive | Bypassing modern Glibc heap mitigations to gain RCE via exit_funcs | ⭐⭐⭐ |
| Reversing | CryoWarmup | Introductory Reverse Engineering quiz | ⭐ |
| Reversing | SecurityInTheFront | Obfuscated JS password checker | ⭐⭐ |
| Reversing | ColossalBreach | Kernel backdoor keylogger | ⭐⭐⭐ |
| Reversing | GravitometerGambit | Arm Thumb instruction reversing and Z3 solving a game | ⭐⭐⭐⭐ |
| Web | Armaxis | IDOR in LFI into LFI in markdown parser | ⭐ |
| Web | Breaking Bank | JKU claim misuse and OTP validation bypass | ⭐ |
| Web | EncoDecept | Self-XSS with cache deception, Django ORM leak, Ruby universal deserialization gadget chain | ⭐⭐⭐ |
| Web | Intergalactic Bounty | Email parser inconsistency, HTML sanitization bypass, RCE through prototype pollution | ⭐⭐⭐⭐ |
| Fullpwn | Apolo | Exploit XXE in Lambda function to retreive the AWS creds. Leverage them to find a S3 bucket which has a backup DB file that contains employee creds. Crack the hashes and brute force SSH login for foothold. Exploit a cronjob running as root to make it execute a malicious ansible playbook to escalate privs to root. | ⭐ |
| Fullpwn | Clouded | Exploit XXE in Lambda function to retreive the AWS creds. Leverage them to find a S3 bucket which has a backup DB file that contains employee creds. Crack the hashes and brute force SSH login for foothold. Exploit a cronjob running as root to make it execute a malicious ansible playbook to escalate privs to root. | ⭐⭐ |
| Fullpwn | Freedom | Exploit a recent SQLi CVE in MasaCMS to dump possible usernames. Use the uncrackable ticket for a non-preauth user to get a crackable service ticket for a Kerberoastable user. Exploit Leaked handles to get Administrator privileges. | ⭐⭐⭐ |