| Category | Name | Objective | Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Web | GateCrash | SQL injection via CRLF injection | ⭐ |
| Web | Nexus Void | Dotnet deserialisaiton via SQL injection | ⭐⭐ |
| Web | PhantomFeed | Race condition via reDos, open-redirect in Nuxt.js to perofrm CSRF and leak OAuth 2 access token, RCE in Reportlab | ⭐⭐⭐ |
| Pwn | Great Old Talisman | Overwrite exit@GOT with the address of the function that reads the flag |
⭐ |
| Pwn | Zombienator | Make 9 allocations and 8 frees to leak a libc address, abuse scanf("ld") to bypass the canary check, use pwntools struct to pack doubles, and perform a ret2libc attack with one gadget | ⭐⭐ |
| Pwn | Zombiedote | Leverage a single malloc call, an out of bounds read and two out of bounds writes in order into code execution in glibc 2.34 | ⭐⭐⭐ |
| Reversing | WindowOfOpportunity | Reversing simple flag checker algorithm | ⭐ |
| Reversing | BioBundle | Reversing a flag checker embedded in a library encrypted and loaded with memfd_create | ⭐⭐ |
| Reversing | RiseFromTheDead | Reversing a flag encoder then recovering a core dump to retrieve the flagg | ⭐⭐⭐ |
| Forensics | One Step Closer | Windows JScript deobfuscation - Malware delivery - VBS debugging | ⭐ |
| Forensics | ZombieNet | OpenWrt firwmare analysis - MIPS binary emulation using QEMU | ⭐⭐ |
| Forensics | Shadow of the Undead | Meterpreter parsing/decryption - custom windows shellcode emulation | ⭐⭐⭐ |
| Crypto | MSS | Use CRT to get the entire secret on a Mignotte Secret Sharing scheme | ⭐ |
| Crypto | Mayday Mayday | Factor N by exploiting the partial leakage of the CRT components | ⭐⭐ |
| Crypto | Zombie Rolled | Solve a diophantine equation to get the private key and apply LLL to recover the flag from the signature | ⭐⭐⭐ |