ProxyAsAService: identify the broken request handling, prove control, and use it to recover the flag.
web
Htb
373 postsforensics
Pursue the Tracks
Pursue the Tracks: isolate the relevant artifact, decode the evidence, and extract the flag.
pwn
Questionnaire
Questionnaire: use the format-string bug for a leak or write, then redirect execution to the flag path.
cryptolocked
Rhome
cryptolocked
Shamir's Secret
pwn
Space Pirate Going Deeper
Space Pirate Going Deeper: build the exploit primitive, stabilize the payload, and use it to read the flag.
rev
Terrorfryer
Terrorfryer: reverse the validation logic, model the transform, and recover the accepted input.
pwn
Wizard's Diary
Wizard's Diary: calculate the overflow offset, redirect control flow, and land a reliable flag read.
pwn
Writing on the Wall
Writing on the Wall: build the exploit primitive, stabilize the payload, and use it to read the flag.
cryptolocked
YALM
web
AbuseHumanDB
AbuseHumanDB: identify the broken request handling, prove control, and use it to recover the flag.
mobile
Ancored
Ancored: inspect the Android app, trace the validation path, and recover the flag.
misc
Computational Recruting
Computational Recruting: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
rev
Crushing
Crushing: reverse the validation logic, model the transform, and recover the accepted input.
osint
Easy Phish
Easy Phish: correlate the public clues, pivot through the evidence, and identify the final answer.
pwn
Entity
Entity: build the exploit primitive, stabilize the payload, and use it to read the flag.
forensics
Foggy Intrusion
Foggy Intrusion: isolate the relevant artifact, decode the evidence, and extract the flag.
ai
Fuel Crisis
Fuel Crisis: shape the prompt path, bypass the model guard, and recover the target output.
rev
Golfer
Golfer: trace the binary, isolate the validation routine, and invert it to recover the flag.
rev
Graverobber
Graverobber: trace the binary, isolate the validation routine, and invert it to recover the flag.
forensics
Illumination
Illumination: isolate the relevant artifact, decode the evidence, and extract the flag.
osint
Infiltration
Infiltration: correlate the public clues, pivot through the evidence, and identify the final answer.
hardware
Override
Override: decode the captured signal, map the bitstream, and recover the flag.
crypto
Perfect Synchronization
Perfect Synchronization: recover the Vigenere key from the ciphertext, decrypt the message, and verify the flag.
pwn
Pixel Audio
Pixel Audio: build the exploit primitive, stabilize the payload, and use it to read the flag.
rev
Potion Master
Potion Master: recover the XOR transform from the binary and invert it to reveal the flag.
misc
Prision Pipeline
Prision Pipeline: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
misc
Quantum Conundrum
Quantum Conundrum: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.