| Category | Name | Objective |
Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Crypto | Kewiri | Questionnaire about finite fields and elliptic curves | ⭐ |
| Crypto | Traces | AES-CTR key/nonce reuse | ⭐ |
| Crypto | Hourcle | AES-CBC-Decrypt Oracle | ⭐⭐ |
| Crypto | Prelim | Basic RSA in the symmetric group | ⭐⭐ |
| Crypto | Verilicious | Bleichenbacher attack with LLL | ⭐⭐⭐ |
| Crypto | Copperbox | Multivariate Coppersmith to recover LCG state | ⭐⭐⭐ |
| Crypto | Twin Oracles | Break a BBS PRNG to get access to an RSA location oracle and use it to perform binary search for the flag. | ⭐⭐⭐⭐ |
| Reversing | SealedRune | base64 and reversed password | ⭐ |
| Reversing | EncryptedScroll | Basic string encoding | ⭐ |
| Reversing | Impossimaze | Reversing a simple TUI | ⭐⭐ |
| Reversing | EndlessCycle | rand() obfsucated shellcode |
⭐⭐ |
| Reversing | Singlestep | Inplace self-decrypting code | ⭐⭐⭐ |
| Reversing | Gateway | 64/32 bit ELF polyglot | ⭐⭐⭐⭐ |
| Reversing | Heart Protector | Custom Nim VM reversing | ⭐⭐⭐⭐ |
| Pwn | Blessing | Abusing scanf to make malloc() fail |
⭐ |
| Pwn | Quack Quack | Leaking canary and ret2win | ⭐ |
| Pwn | Laconic | SROP | ⭐⭐ |
| Pwn | Crossbow | Stack pivot to call mprotect and read second shellcode stage | ⭐⭐ |
| Pwn | Strategist | Heap overflow and tcache poisoning | ⭐⭐⭐ |
| Pwn | Contractor | Using bad macros usage to leak PIE and bypass the canary, overwriting return address to reach shell function | ⭐⭐⭐ |
| Pwn | Vault | Misuse of snprintf for OOB write, and off by one in a parser. Canary bypass in order to reach a one_gadget |
⭐⭐⭐⭐ |
| Forensics | A New Hire | WebDav share analysis, based on https://cert.gov.ua/article/6276894 | ⭐ |
| Forensics | Thorins Amulet | Obfuscated Powershell | ⭐ |
| Forensics | Stealth Invasion | Chrome Keylogger analysis, volatility | ⭐⭐ |
| Forensics | Silent Trap | Malware Analysis of the OCEANMAP malware | ⭐⭐ |
| Forensics | ToolPie | Malware analysis and traffic decryption based on the malware MASEPIE | ⭐⭐⭐ |
| Forensics | Cave Expedition | Obfuscated Powershell | ⭐⭐⭐ |
| Forensics | Tales for the Brave | JavaScript analysis, Telegram Bot reversing, API Monitor on .NET AOT binary | ⭐⭐⭐⭐ |
| Web | Whispers of the Moonbeam | command injection | ⭐ |
| Web | Trial by Fire | SSTI | ⭐ |
| Web | Cyber Attack | Code injection through SSRF caused by handler confusion in outdated Apache | ⭐⭐ |
| Web | Eldoria Panel | CSRF on POST endpoint via PHP json bug => DOM purify bypass XSS => Account Takeover => RFI via FTP => RCE | ⭐⭐⭐ |
| Web | Eldoria Realms | Ruby class pollution => Curl gopher SSRF => GRPC protocol => Command injection | ⭐⭐⭐ |
| Web | Aurors Archive | Oauth CSRF -> self XSS via CSTI in vueJS -> Cookie overflow -> Postgres RCE with only SELECT query | ⭐⭐⭐⭐ |
| Prompt Injection | Cursed GateKeeper | Prompt injection to reveal sensitive information with conditional scenarios | ⭐⭐ |
| Prompt Injection | Elixir Emporium | Prompt injection to bypass sensitive information filtering | ⭐⭐ |
| Prompt Injection | Embassy | Prompt injection to manipulate AI response | ⭐⭐ |
| Prompt Injection | Mirror Witch | Prompt injection to exfiltrate sensitive list data | ⭐⭐ |
| Prompt Injection | Lunar Orb | Multi-step prompt injection to reveal sensitive information | ⭐⭐ |
| Coding | ClockWork Guardian | Computing the shortest safe path in a grid | ⭐ |
| Coding | Dragon Flight | Calculating the maximum subarray sum | ⭐ |
| Coding | Dragon Fury | Choosing the optimal set of elements in a list of arrays | ⭐ |
| Coding | Enchanted Cipher | Writing a shift-based string decoder | ⭐ |
| Coding | Summoners Incantation | Computing the maximum sum of non-adjacent numbers | ⭐ |
| Secure Coding | Lyra's Tavern | Securing against a Juniper CVE | ⭐⭐ |
| Secure Coding | Stoneforge's Domain | Securing against nginx alias path traversals | ⭐⭐ |
| Secure Coding | Arcane Auctions | Fix prisma ORM leak | ⭐⭐ |
| OSINT | The Stone That Whispers | Identifying a monument with reverse image search | ⭐ |
| OSINT | Echoes in Stone | Identifying a stone through reverse image search | ⭐ |
| OSINT | The Mechanical Bird's Nest | Locating a vehicle on Google Maps | ⭐⭐ |
| OSINT | The Hillside Haven | Locating the address of a pictured house | ⭐⭐ |
| OSINT | The Ancient Citadel | Locating a castle with reverse image search | ⭐⭐ |
| OSINT | The Shadowed Sigil | Use OSINT techniques to investigate a threat actor's IP | ⭐⭐⭐ |
| OSINT | The Poisoned Scroll | Identify a threat actor through used malware | ⭐⭐⭐ |
| Blockchain | Eldorion | - | ⭐ |
| Blockchain | Eldorion | - | ⭐⭐ |
| Blockchain | Eldorion | - | ⭐⭐⭐ |
| Machine Learning | Enchanted Weights | Extracting a message from a model's weights | ⭐⭐ |
| Machine Learning | Wasteland | Manipulating a dataset without triggering tamper detection | ⭐⭐⭐ |
| Machine Learning | Crystal Corruption | Analyzing malicious behaviour in a model file | ⭐⭐⭐ |
| Machine Learning | Reverse Prompt | Reverse engineering embeddings to a hidden passphrase | ⭐⭐⭐ |
| Machine Learning | Malakar's Deception | Identifying malicious functionality in a model | ⭐⭐⭐⭐ |