Monthly Cross-Site Scripting (XSS) challenge involving DOM Clobbering, Prototype Pollution in Axios, and finding your own gadgets by reverse engineering minified code using Sourcemaps
Fullpwn machine on a Linux environment with Android APK to reverse engineer and exploit the API through XSS and PDF generation. Then escalate privileges with a SSTI and a NodeJS CVE
One of my favorite hard web challenges I've done, combining many different small vulnerabilities into a chain that leads to Remote Code Execution by stealing tokens from a bot and using SSTI
Part 2 of the LiveOverflow Minecraft Server series. Search for the new server, crack base coordinates from bedrock formations, and teleport through walls!