Your friendly neighborhood malware analyst.
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
This blog serves to be an updated guide on how to install Bootloader/Fastboot drivers for your Android device. I will be using the Google drivers in this tutorial, so no suspicious downloads will be used at all in this blog!
This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.
This app contains some unique keys. Can you get one?
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
Cosmo Whales is an infostealer campaign masquerading as a Web3 videogame. Threat actors have been observed in the wild distributing malware via job advertisements for a Web3 game called Cosmo Whales.
We will investigate host-centric logs in this challenge room to find suspicious process execution. To learn more about Splunk and how to investigate the logs, look at the rooms splunk101 and splunk201.
You won't find the admin's secret password in this binary. We even encrypted it with a secure one-time-pad. Can you still recover the password?
