Fourth Side Quest (BreachBlocker Unlocker) started by discovering the key through reverse engineering an HTA file from the Advent of Cyber Day 21 room and using it to remove the firewall on the tar...

Second Side Quest (Scheme Catcher) started with discovering the key in the Advent of Cyber Day 9 room and using it to remove the firewall on the target machine. Afterwards, fuzzing a web applicati...

First Side Quest (The Great Disappearing Act) started with discovering the key in the Advent of Cyber Day 1 room and using it to remove the firewall on the target machine. Afterward, by creating a...

Padelify started by exploiting a Cross-Site Scripting (XSS) vulnerability and bypassing the WAF to capture a moderator user’s cookies, which we then used to log in to the application and obtain the...

Farewell started with bypassing rate-limiting enforced by the WAF to brute-force a user’s password and gain authenticated access to the web application. Afterwards, by exploiting a Cross-Site Scrip...

Sequence started with exploiting a Cross-Site Scripting (XSS) vulnerability on a contact form to capture session cookies, gaining access as a moderator user. Afterwards, using the chat functionalit...

Voyage started with exploiting a vulnerability in Joomla! CMS to leak its configuration and obtain a set of credentials, which we used with SSH to get a shell inside a container. Using our access ...

Extract started with discovering a Server-Side Request Forgery (SSRF) vulnerability and using it to discover an internal web application. By bypassing authentication on this internal application du...

Contrabando began with exploiting an HTTP Request Smuggling vulnerability via CRLF injection in Apache2 to smuggle a request to a backend server. This allowed us to leverage a command injection vul...

Soupedecode 01 was a very simple Active Directory room. We began by enumerating a list of usernames via RID bruteforce and subsequently found valid credentials through password spraying. After that...