| Category | Name | Objective | Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Web | CandyVault | MongoDB noSQL authentication bypass | ⭐ |
| Web | Spellbound Servants | cPickle deserialisation | ⭐ |
| Web | SpookTastic | script tag ommited XSS | ⭐ |
| Web | HauntMArt | SSRF filter bypass | ⭐⭐ |
| Web | PumpkinSpice | XSS to blind command injection | ⭐⭐ |
| Web | GhostlyTemplates | Golang templates SSTI to LFI. | ⭐⭐⭐ |
| Pwn | Lemonade Stand v1 | ret2win | ⭐ |
| Pwn | Lesson | pwn 101 lesson | ⭐ |
| Pwn | Magic Trick | ret2shellcode | ⭐ |
| Pwn | Pinata | buffer overflow and jmp rax to execute shellcode |
⭐⭐ |
| Pwn | Claw Machine | ret2libc attack with one_gadget due to limited payload size |
⭐⭐⭐ |
| Reversing | CandyBowl | strings | ⭐ |
| Reversing | Dynamic Secrets | dynamic Analysis, XOR, runtime decryption | ⭐ |
| Reversing | GhostInTheMachine | binary patching | ⭐ |
| Reversing | SpellBrewery | decompile a .NET application to recover the logic of a flag checker | ⭐⭐ |
| Reversing | SpookyCheck | disassemble or decompile Python 3.11 bytecode in order to reverse the operations used by a flag checker. | ⭐⭐⭐ |
| Forensics | Bat Problems | obfuscated .bat malware | ⭐ |
| Forensics | Spooky phising | malware delivery via phishing | ⭐ |
| Forensics | Vulnerable Season | webserver log analysis | ⭐ |
| Forensics | Trick or Treat | Malware delivery via malicious lnk and payload decode on executio | ⭐⭐ |
| Forensics | Valhalloween | Event and sysmon log analysis generated by the Loki ransomware | ⭐⭐⭐ |
| Crypto | Hexoding64 | encodings | ⭐ |
| Crypto | SPG | deterministing password generator | ⭐ |
| Crypto | yesnce | AES CTR nonce reuse | ⭐ |
| Crypto | Symbols | Determine the bits based on legendre symbol | ⭐⭐ |
| Crypto | Leaking Park | Math trick and GCD | ⭐⭐⭐ |