Recent Challenges



Domains:
   

   

  • Retrieving Credit Card Data | Level 2
    Mission: Through ongoing phishing attacks, you have got another customer's username and password. Username: b.smith  Password: 01jan1990bluecolor You then attempted to retrieve 16-digit credit card number and 3-digit CCV number as usual. But you have found you cannot use the previous gap to retrieve data since a security researcher reported the gap to the vendor who has since fixed it, saying it was due to a technical error.  For the challenge flag, provide your discovered 16-digit credit card number and 3-digit CCV number separated by a comma. (eg. 1234-1234-1234-1234,123).
    Category: EASY CRYPTO
    Domain: The Web War


  • Retrieving Credit Card Data | Level 1
    Mission: Through a phishing attack, you have got a customer's username and password. Username: j.mary  Password: sup3rStr0ngPwd42! Your next mission is to retrieve 16-digit credit card number and 3-digit CCV number from the customer account panel. You have prepared in your mind that it may involve a tedious serious cracking process since the application boasts itself of having industry certification. For the challenge flag, provide your discovered 16-digit credit card number and 3-digit CCV number separated by a comma. (eg. 1234-1234-1234-1234,123).
    Category: EASY CRYPTO
    Domain: The Web War


  • Internal Servers Are Completely Safe
    Mission: Back up with real-world incidents why this assumption is flawed
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Same Subnet Design
    Mission: Review network diagram for insecurity
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Notification: Account Information Changes
    Mission: Identify whether further gaps still exist.
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Polluting Product Suggestion Engine
    Mission: Identify and mitigate abuse case regarding product suggestion feature.
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Generation Of Voucher Codes
    Mission: Identify and mitigate abuse case regarding voucher code generation feature.
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Verified Purchase And Fraudulent Merchants
    Mission: Identify whether fraudulent merchants can still bypass your rule
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Absolute Security - No Rooted Phones Ever Allowed
    Mission: Back up why this assumption is flawed
    Category: Under the Sun
    Domain: Cybersecurity Drills


  • Cloud - The Absolute Data Safety
    Mission: Research real-world incidents on cloud related data leakage
    Category: Under the Sun
    Domain: Cybersecurity Drills