New posts

Post thumbnail

WebSQL InjectionXSSEncoding

Intigriti July XSS Challenge (0722)

A Cross-Site Scripting challenge where you need to do 2 nested SQL Injections to finally place your payload, and bypass CSP using

Post thumbnail


Unlock Train Data

Reverse Engineer an APK to find the Java code that encrypts the flag. Find the vulnerability in the encryption algorithm to brute-force the key

Post thumbnail


Stop the Heist

A medium 3 part challenge, finding traces of an attack. Explore a Windows filesystem and network capture to find every step and flags along the way

Post thumbnail


Recover Pet Data

A medium web challenge with JSON Web Tokens for authentication. Upload your own public key to the server to verify tokens with your own keypair to forge JWTs