| Category | Name | Objective | Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Reversing | FlagCasino | Reversing a rand based flag checker |
⭐ |
| Reversing | SnappedShut | Reversing a backdoored v8 snapshot | ⭐⭐ |
| Reversing | Don't Panic | Reversing the use of Rust unwind catching | ⭐⭐ |
| Reversing | TunnelMadness | Solving a 3D maze embedded in a binary | ⭐⭐⭐ |
| Reversing | SatelliteHijack | Reversing a multi-layered ifunc based backdoor | ⭐⭐⭐⭐ |
| Crypto | eXciting Outpost Recon | Recover XOR key given known plaintext | ⭐ |
| Crypto | Living with Elegance | Solve decisional problem based on LWE outputs | ⭐⭐ |
| Crypto | Bloom Bloom | Obtain the key derived from BBS outputs and then SSS | ⭐⭐ |
| Crypto | Not that random | Identify fake outputs from a custom vulnerable HMAC | ⭐⭐⭐ |
| Crypto | Blessed | Crack EC-PRNG with LLL + Cheat custom ZKP + Rogue Key Attack | ⭐⭐⭐⭐ |
| Blockchain | Recruitment | Interact with the infrastructure and solve the challenge by satisfying transaction constraints. | ⭐ |
| Blockchain | NotADemocraticElection | Common signature forgery attack. | ⭐⭐ |
| Blockchain | MetaVault | Self verification of smart contracts and how "secrets" can sometimes be hidden in the metadata. | ⭐⭐ |
| Blockchain | Brokenswap | Steal funds from a DEX | ⭐⭐⭐ |
| Cloud | Scurried | ⭐ | |
| Cloud | MetaRooted | ⭐⭐ | |
| Cloud | Protrude | ⭐⭐ | |
| Cloud | CloudOfSmoke | ⭐⭐⭐ | |
| Cloud | Asceticism | ⭐⭐⭐⭐⭐ | |
| Coding | Computational Recruiting | Sort based on parsed data computed with formulas | ⭐ |
| Coding | Bag Secured | Implement an algorithm to solve the knapsack problem | ⭐⭐ |
| Coding | Dynamic Paths | Implement a dynamic programming algorithm to solve the minimum path sum problem | ⭐⭐ |
| Coding | Branching Tactics | Traverse a tree efficiently using binary lifting | ⭐⭐⭐ |
| Coding | Nothing Without A Cost | DP with an optimized divide and conquer approach | ⭐⭐⭐⭐ |
| Forensics | Caving | PowerShell event log analysis | ⭐ |
| Forensics | Silicon Data Sleuthing | OpenWRT firmware analysis | ⭐⭐ |
| Forensics | Tangled Heist | LDAP network traffic analysis | ⭐⭐ |
| Forensics | Mitigation | XZ Backdoor detection and mitigation | ⭐⭐⭐ |
| Forensics | Counter Defensive | Kovter based registry persistence analysis and Telegram evidence dump | ⭐⭐⭐⭐ |
| Hardware | It's Oops PM | VHDL backdoor | ⭐ |
| Hardware | Say Cheese! | Camera firmware backdoor | ⭐⭐ |
| Hardware | Six Five O Two | Flashing 6502 CPU | ⭐⭐⭐ |
| Misc | Aptitude Test | Connect to a socket via nc and send answers | ⭐ |
| Misc | Chrono Mind | LM context injection with path-traversal, LM code completion RCE. | ⭐⭐ |
| Misc | Hidden Path | Analyse a JavaScript file to find a backdoor using invisible characters and use the backdoor for RCE | ⭐⭐ |
| Misc | Locked Away | Simple PyJail, clearing blacklist | ⭐⭐ |
| Misc | Super-Duper Pwn | vm2 bypass js bot | ⭐⭐ |
| Misc | Prison Pipeline | SSRF exfiltrate private NPM registry token, RCE via supply-chain attack | ⭐⭐⭐ |
| Misc | Zephyr | git and sqlite recon | ⭐⭐⭐ |
| Pwn | Regularity | ret2reg to run custom shellcode | ⭐ |
| Pwn | Abyss | Abusing lack of null-byte termination | ⭐⭐ |
| Pwn | No Gadgets | Buffer overflow with missing gadgets, complicating leaking and exploitation | ⭐⭐ |
| Pwn | Insidious | Cache side-channel attack to leak flag location | ⭐⭐⭐ |
| Pwn | Pyrrhus | V8 UAF | ⭐⭐⭐⭐ |
| Web | Jailbreak | XXE | ⭐ |
| Web | Blueprint Heist | wkhtmltopdf exploit -> LFI -> GraphQL SQLi -> regex bypass -> RCE |
⭐⭐⭐ |
| Web | HTB Proxy | DNS re-binding => HTTP smuggling => command injection | ⭐⭐⭐ |
| Web | Magicom | register_argc_argv manipulation -> DOMXPath PHAR deserialization -> config injection -> command injection |
⭐⭐⭐ |
| Web | OmniWatch | CRLF injection -> header injection -> cache poisoning -> CSRF -> LFI + SQLi -> beat JWT protection | ⭐⭐⭐⭐ |
| Web | SOS or SSO? | VueJS XSS -> OpenID IdP manipulation -> SQLi | ⭐⭐⭐⭐ |