Blog
New posts
Intigriti July XSS Challenge (0722)
A Cross-Site Scripting challenge where you need to do 2 nested SQL Injections to finally place your payload, and bypass CSP using googleapis.com
Unlock Train Data
Reverse Engineer an APK to find the Java code that encrypts the flag. Find the vulnerability in the encryption algorithm to brute-force the key
Stop the Heist
A medium 3 part challenge, finding traces of an attack. Explore a Windows filesystem and network capture to find every step and flags along the way
Recover Pet Data
A medium web challenge with JSON Web Tokens for authentication. Upload your own public key to the server to verify tokens with your own keypair to forge JWTs