Second Side Quest started with exploiting an XML External Entity (XXE) vulnerability to perform a Server-Side Request Forgery (SSRF) attack on the machine associated with Advent of Cyber Day 5. Thi...

First Side Quest began by discovering the source code for a Flask web application on GitHub and finding this web application running on the machine associated with Advent of Cyber Day 1. By using t...

Umbrella had an exposed Docker registry that allowed us to find database credentials. Using these database credentials to connect to the database and dumping the hashes, we were able to crack them ...

U.A. High School began by discovering a PHP file on the web application and fuzzing to identify parameter names. Upon finding a parameter that allowed us to run commands, we utilized it to obtain a...

TryPwnMe Two was a continuation of the TryPwnMe One room, featuring four additional binary exploitation (pwn) challenges. These challenges included shellcode encoding, format string attacks, heap e...

TryPwnMe One was a room dedicated to binary exploitation (pwn), featuring seven challenges related to this subject. TryOverflowMe 1 We begin with TryOverflowMe 1, using the following reference ...

TriCipher Summit required us to solve three different challenges to complete it. First, performing a supply chain attack to discover a set of credentials. Second, reverse engineering custom cryptog...

The Sticker Shop was a very simple room about exploiting a Cross-Site Scripting (XSS) vulnerability to steal the contents of a page and retrieve the flag. Initial Enumeration Nmap Scan We star...

The London Bridge began with fuzzing a web application to discover an endpoint. By fuzzing this endpoint for parameters, we identified one vulnerable to SSRF. Using this vulnerability to enumerate ...

Soupedecode 01 was a very simple Active Directory room. We began by enumerating a list of usernames via RID bruteforce and subsequently found valid credentials through password spraying. After that...