| Name | Type | Difficulty | Keywords |
|---|---|---|---|
| The Woven Web | Web | ★★★☆☆ | Cross-Site Script Inclusion, XSSI, Selenium crawler, same-origin policy |
| Windows XP Media Player | Web, Misc | ★★★☆☆ | Command injection, command line argument injection |
| Name | Type | Difficulty | Keywords |
|---|---|---|---|
| Images and Words | Web, Misc | ★★★★☆ | Python import RCE, gunicorn pre-fork worker model, regular expression DoS |
| Silhouettes | Web | ★★★☆☆ | Windows command injection, python library, 0-day |
| RCE Auditor | Web | ★★★★★ | JavaScript, WebRTC STUN, protocol smuggling, unsafe port restriction bypass |
A domestic CTF
| CTF | Name | Type | Difficulty | Keywords |
|---|---|---|---|---|
| 2020 Quals | Zero Storage | Web | ★☆☆☆☆ | XSS, forge cookie-based session |
| 2019 Quals | Ponzi Scheme | Misc | ★☆☆☆☆ | Ponzi Scheme, interaction, investing, finance |
| 2019 Finals | Babyfirst Revenge: Remastered | Web | ★★☆☆☆ | Windows command injection, remote code execution |
| 2019 Finals | Imagination | Web | ★★☆☆☆ | python cache, pycache hijacking, gunicorn pre-fork worker model |