| Category | Name | Objective | Difficulty [⭐⭐⭐⭐⭐] |
|---|---|---|---|
| Web | CriticalOps | Secret Key Disclosure, JWT | ⭐ |
| Web | JinjaCare | Server Side Template Injection | ⭐ |
| Web | Neovault | IDOR and MongoDB id bruteforce | ⭐ |
| Web | CitiSmart | Directory Fuzzing, API, Information Disclosure | ⭐⭐ |
| Web | Speednet | Graphql Introspection, IDOR, Bypass 2FA, Graphql Batching Attack, Account Takeover | ⭐⭐ |
| Web | Novaenergy | Directory Fuzzing, API, Information Disclosure | ⭐⭐ |
| Web | sattrack | JS Analysis, Client Side Prototype Pollution, JSON Injection, CSP Bypass, XSS | ⭐⭐⭐ |