2025 Cyber Apocalypse: Crypto Traces
Exploit AES-CTR mode vulnerability in a custom IRC-like server with reused counter initialization
2025 Cyber Apocalypse: Silent Trap
Analyze compromised system through network traffic and memory forensics to uncover malware deployment and credential theft
2025 Cyber Apocalypse: Stealth Invasion
Analyze memory dump of compromised Linux system to uncover malicious Chrome extension and credential theft
2025 Cyber Apocalypse: Arcane Auctions
Identify and exploit secure coding vulnerabilities in a web application
2025 Cyber Apocalypse: Web Cyber Attack
Exploit path traversal vulnerability in a PHP web application to extract the flag
2024 Hack The Boo: Ghostly Persistence
Analyze Windows event logs to uncover two-part flag hidden in PowerShell command execution and log artifacts
2024 Hack The Boo: TerrorFryer
Reverse engineer a binary that uses Fisher-Yates shuffling to find the original input string
2024 Hack The Boo: Practice
Reverse engineer encoded strings from JavaScript code to extract hidden data
2024 Hack The Boo: Cursed Stale Policy
Exploit stale cache policy vulnerabilities in a web application with Content Security Policy analysis
2024 Hack The Boo: Waywitch
Exploit JWT authentication bypass and token manipulation in a Node.js web application
2024 Business CTF - Vault of Hope: Recruitment
Smart contract challenge requiring multi-step validation including hacking skills, stealth, engineering, and demolition expertise
2024 Business CTF - Vault of Hope: Exciting Outpost Recon
Cryptography challenge using known plaintext attack to break XOR-based encryption with SHA-256 key derivation
2024 Business CTF - Vault of Hope: Protrude
AWS IAM and cloud security challenge involving credential enumeration and permission analysis
2024 Business CTF - Vault of Hope: Scurried
AWS IAM role ARN extraction challenge using role ID to construct proper ARN format
2024 Business CTF - Vault of Hope: Submerged
Full penetration test of web server with SPIP CMS exploitation, leading to initial access and system compromise
2024 Business CTF - Vault of Hope: Caving
Windows forensics challenge analyzing PowerShell logs and obfuscated scripts to detect intrusion attempts
2024 Business CTF - Vault of Hope: Survivor
Full penetration test of Ubuntu web server with SSH and HTTP services
2024 Business CTF - Vault of Hope: Swarm
Full penetration test with multi-service enumeration including SSH and HTTP on multiple ports
2024 Business CTF - Vault of Hope: Sneak Peak
ICS/SCADA challenge involving Modbus protocol communication with industrial control systems
2024 Business CTF - Vault of Hope: Rev FlagCasino
Binary reverse engineering challenge involving libc random number prediction and brute-force seed discovery
2024 Cyber Apocalypse: Dynasty
Reverse a custom Caesar cipher variant with position-dependent shift
2024 Cyber Apocalypse: Blunt
Exploit weak Diffie-Hellman with small parameters to recover shared secret and decrypt AES-CBC ciphertext
2024 Cyber Apocalypse: Russian Roulette
Exploit a weak Diffie-Hellman key exchange with small prime modulus
2024 Cyber Apocalypse: Iced Tea
Identify TEA cipher from DELTA constant and decrypt ECB-mode ciphertext with known key
2024 Cyber Apocalypse: Permuted
Break Diffie-Hellman over permutation groups using DLP algorithm on permutation cycles
2024 Cyber Apocalypse: Makeshift
Reverse a trivial string transformation: reverse flag then rearrange groups of three
2024 Cyber Apocalypse: Primary Knowledge
Exploit RSA implementation using prime modulus instead of semiprime
2024 Cyber Apocalypse: Data Siege
Exploit ActiveMQ vulnerability, extract .NET malware, decrypt C2 communications, and recover multi-part flag
2024 Cyber Apocalypse: Phreaky
Analyze PCAP to detect SMTP exfiltration and reconstruct PDF from parts
2024 Cyber Apocalypse: Confinement
Analyze disk image to extract and decrypt ransomware, then decrypt encrypted files
2024 Cyber Apocalypse: An Unusual Sighting
Extract flag from HTML content hidden in email file
2024 Cyber Apocalypse: Fake Boost
Extract obfuscated PowerShell from PCAP, deobfuscate, decrypt AES payload, and recover flag parts
2024 Cyber Apocalypse: Game Invitation
Analyze malicious DOCM file, extract XOR-encrypted payload, decrypt JavaScript layers, and recover C2 beacon
2024 Cyber Apocalypse: Oblique Final
Analyze memory dump with Volatility and extract artifacts from system state
2024 Cyber Apocalypse: Pursue The Tracks
Analyze MFT records to answer forensic questions about file activity
2024 Cyber Apocalypse: Urgent
Decode base64 email attachments and URL-decode payloads to uncover phishing attack details
2024 Cyber Apocalypse: Character
Automate character-by-character flag extraction from server using socket programming
2024 Cyber Apocalypse: Hardware Rids
Interface with W25Q128 flash memory via SPI to read flag from device
2024 Cyber Apocalypse: Cubicle Riddle
Construct Python bytecode to find min/max values and answer the cube's riddle
2024 Cyber Apocalypse: Stop Drop and Roll
Script game responses to survive The Fray video game challenge
2024 Cyber Apocalypse: Unbreakable
Bypass blacklist filters in Python eval() to read the flag
2024 Cyber Apocalypse: Delulu
Exploit format string vulnerability to overwrite target variable
2024 Cyber Apocalypse: Pwn Tutorial
Answer integer overflow questions to retrieve the flag
2024 Cyber Apocalypse: Writing on the Wall
Exploit off-by-one vulnerability and strcmp null byte behavior
2024 Cyber Apocalypse: BoxCutter
Use strace to identify file access attempts and retrieve the flag
2024 Cyber Apocalypse: Crushing
Reverse engineer a compression algorithm and decode serialized data
2024 Cyber Apocalypse: Testimonial
Exploit gRPC path traversal to overwrite application files
2024 Cyber Apocalypse: TimeKORP
Exploit command injection in time-based functionality
2024 Cyber Apocalypse: KorpTerminal
Exploit SQL injection to retrieve credentials and login
2024 Cyber Apocalypse: PackedAway
Unpack UPX-compressed executable to reveal hidden strings and flag
2024 Cyber Apocalypse: Labyrinth Linguist
Exploit Apache Velocity Server-Side Template Injection (SSTI)
2024 Cyber Apocalypse: LockTalk
Exploit JWT vulnerabilities in python-jwt version 3.3.3
2024 Cyber Apocalypse: SerialFlow
Exploit memcached injection and Python pickle deserialization for RCE
2024 Cyber Apocalypse: Web SerialFlow
Exploit serialization vulnerabilities to achieve RCE through pickle deserialization
HTB Hack The Boo Practice: Hexoding64
Decode a flag split between hex and base64 encoding
HTB Hack The Boo Practice: SPG
Reverse engineer a password generator to decrypt an encrypted flag
HTB Hack The Boo Practice: yesnce
Exploit AES-CTR mode with predictable counter and key recovery
HTB Hack The Boo Practice: Candyvault
NoSQL injection in login form to bypass authentication
HTB Hack The Boo Practice: Web Pumpkinspice
Command injection vulnerability in localhost-restricted endpoint
HTB Hack The Boo Practice: Web Spellbound Servants
Pickle deserialization exploitation for remote code execution
HTB Hack The Boo Practice: Web Spooktastic
XSS via filter bypass using noembed tag
HTB Hack The Boo Practice: Web Candyvault
NoSQL injection in authentication bypass with MongoDB
HTB Hack The Boo 2023: Rev Spellbrewery
.NET binary reverse engineering challenge
HTB Hack The Boo 2023: Web HauntMart
SSRF vulnerability leading to admin account creation
2023 Business CTF: 2244 Elections
Exploit a backdoored e-voting smart contract to manipulate election results
2023 Business CTF: Confidentiality
Forge NFT signatures to gain access to confidential Board of Arodor documents
2023 Business CTF: Contempt - Revenge
Full system compromise requiring exploitation chain through multiple vulnerabilities
2023 Business CTF: Funds Secured
Exploit a multi-signature wallet to steal crowdfunding campaign funds
2023 Business CTF: Initialization
Break AES-CTR encryption with nonce reuse vulnerability
2023 Business CTF: Unveiled
Enumerate and exploit misconfigured AWS S3 buckets to access confidential information
2023 Business CTF: Interception
Exploit weak PRNG in RSA system to decrypt enemy communications
2023 Business CTF: Vitrium Stash
Forge DSA signatures to access vitalium resource coordinates
2023 Business CTF: Paid Contr-actor
Sign a contract with a simple condition to complete military enrollment paperwork
2023 Business CTF: I'm gRoot
Forge Merkle tree signatures to detect a blockchain backdoor
2023 Business CTF: Lagmon
Exploit WordPress plugin vulnerabilities and LLM prompt injection for RCE
2023 Business CTF: Vanguard
Full exploitation of a web application with file upload vulnerability, command injection, and privilege escalation.
2023 Business CTF: Device Control
Exploit a device control server to manipulate devices or gain system access.
2023 Business CTF: PAC Breaker
Exploit a surveillance system tracking application by bypassing file restrictions and causing heap corruption.
2023 Business CTF: Hackback
Exploit a Command and Control (C2) service by exploiting vulnerabilities in its bot management system.
2023 Business CTF: Snow Scan
Bypass a bitmap scanning application by crafting a malicious BMP file to trigger code execution.
2023 Business CTF: Cobalt COBOL
Reverse engineer an ancient COBOL punch card program representing a facility update.
2023 Business CTF: Breach
Exploit a Modbus-based SCADA door control system by manipulating sensors and coils.
2023 Business CTF: ICS Intrusion
Analyze captured Modbus network traffic to extract sensitive data from industrial control registers.
2023 Business CTF: ICS Watch Tower
Analyze network captures to identify intruder reconnaissance and data tampering on industrial systems.
2023 Business CTF: Web Watersnake
Exploit a Java deserialization vulnerability in a water level monitoring application.
2023 Cyber Apocalypse: Small sTeps
Exploit RSA with small public exponent e=3 using Coppersmith's attack
2023 Cyber Apocalypse: Multipage Recyclings
Exploit custom AES ECB implementation with block recycling vulnerability
2023 Cyber Apocalypse: Extraterrestrial Persistence
Analyze and decode malicious script with systemd persistence mechanism
2023 Cyber Apocalypse: Perfect Synchronization
Exploit AES ECB mode encryption with known plaintext and partial key recovery
2023 Cyber Apocalypse: Ancient Encodings
Reverse engineer a multi-layer encoding scheme involving hex conversion and base64
2023 Cyber Apocalypse: HW Debug
Hardware debugging and analysis of timing/electrical signals
2023 Cyber Apocalypse: Hijack
Exploit Python deserialization vulnerabilities in YAML and Pickle
2023 Cyber Apocalypse: Janken
Win 100 rounds of Janken by exploiting logic in string matching
2023 Cyber Apocalypse: Persistence
Automate repeated HTTP requests to extract flag from endpoint
2023 Cyber Apocalypse: Nehebkaus Trap
Exploit Python exec() filter bypass using character encoding
2023 Cyber Apocalypse: Remote Computation
Automate mathematical expression evaluation over TCP socket
2023 Cyber Apocalypse: Restricted
Escape restricted SSH environment using bash profile bypass
2023 Cyber Apocalypse: The Chasm Crossing Conundrum
Solve bridge crossing puzzle using optimal algorithm
2023 Cyber Apocalypse: Questionnaire
Buffer overflow via fgets() vulnerability in vulnerable C binary
2023 Cyber Apocalypse: Getting Started
Buffer overflow exploitation using controlled payload delivery
2023 Cyber Apocalypse: CSHells
Reverse engineer custom shell binary and crack XOR-encrypted password
2023 Cyber Apocalypse: Cave System
Solve complex multi-condition logic puzzle in binary
2023 Cyber Apocalypse: Shattered Tablet
Reconstruct input string by analyzing multi-byte field access patterns
2023 Cyber Apocalypse: Orbital
Exploit SQL injection vulnerability and use path traversal to extract flag
2023 Cyber Apocalypse: Didactic Octo Paddle
Exploit IDOR and JWT vulnerabilities in shopping application
2023 Cyber Apocalypse: Hunting License
Crack three-stage password validation in binary using string reversal and XOR
2023 Cyber Apocalypse: Passman
Exploit IDOR vulnerability in GraphQL API to access admin data
2022 Hack The Boo: Gonna Lift Em All
Discrete log problem with extremely small prime - trivial brute force attack
2022 Hack The Boo: Whole Lotta Candy
AES encryption challenge with multiple block cipher modes - exploit ECB mode weakness
2022 Hack The Boo: Cursed Party
JWT authentication bypass through XSS to steal admin session and access flag
2022 Hack The Boo: Evaluation Deck
Code injection via unsafe use of Python compile() and exec() in arithmetic evaluation
2022 Hack The Boo: Horror Feeds
SQL injection in user registration leading to authentication bypass and flag theft
2022 Hack The Boo: Juggling Facts
IP spoofing via X-Forwarded-For header to bypass localhost-only admin access
2022 Hack The Boo: Spookifier
Server-Side Template Injection (SSTI) in Mako template engine leading to RCE