It’s the most wonderful time of the year again, and it’s also the most stressful day for Wareville’s Security Operations Center (SOC) team. Despite the overwhelming alerts generated by the new and ...

McSkidy’s fingers flew across the keyboard, her eyes narrowing at the suspicious website on her screen. She had seen dozens of malware campaigns like this. This time, the trail led straight to some...

The Sticker Shop was a very simple room about exploiting a Cross-Site Scripting (XSS) vulnerability to steal the contents of a page and retrieve the flag. Initial Enumeration Nmap Scan We star...

Lookup started with brute-forcing a login form to discover a set of credentials. Using these credentials to log in, we found a virtual host (vhost) with an elFinder installation. By exploiting a co...

Mouse Trap was another purple team room where we started on the attacker side and exploited a remote code execution (RCE) vulnerability to gain a foothold. After that, we exploited an unquoted serv...

Hack Back started with reverse-engineering an executable file to discover an email address and a password. After that, we used these credentials to send a phishing email and obtain a shell. Lastly,...

SeeTwo was a room about extracting a basic C2 client from a packet capture file and reverse engineering it to understand its functionality. Using the same packet capture file, we then extracted the...

Whiterose started with discovering a virtual host and logging in with the credentials provided in the room. After logging in, we accessed a chat and, by modifying a parameter to view old messages, ...

Rabbit Hole was a room about exploiting a second-order SQL injection vulnerability to extract the currently running queries from the database. The goal was to discover a password embedded in a SQL ...

Mountaineer started by discovering a WordPress instance and identifying a plugin vulnerable to authenticated RCE. By exploiting the nginx off-by-slash vulnerability to read files on the server, we ...