NOTES: NO TIMELINE ACTIVITIES TABLE CREATION FOR EVERY CHALLS.

Sherlocks

No.	Cases	Lessons Learned
1.	Meerkat	Credential stuffing detection, Bonitasoft CVE exploitation, Packet filtering, Custom column value analysis
2.	Bumblebee	SQLite3 file analysis, Epoch timestamp conversion, NGINX access.log parsing
3.	Lockpick	Static malware analysis with Ghidra, Reverse engineering C-based malware, Python scripting for reversing encryption logic, JSON parsing automation
4.	Constellation	Discord URL forensic analysis, URL unfurling techniques
5.	OpTinselTrace-4	Threat hunting and attacker IP identification, Port scanning detection, Printer hacking network forensics
6.	Litter	PCAP network traffic analysis, DNS tunneling identification
7.	Logjammer	Windows Event Log analysis using Event Viewer
8.	Heartbreaker-Continuum	PEStudio and Ghidra for code size identification, VirusTotal for file metadata, Hex editor for obfuscated strings offsets, MITRE ATT&CK technique identification
9.	Hyperfiletable	Parsing raw MFT data with analyzeMFT, Using MFTExplorer for ZoneID and file size analysis
10.	Subatomic	File type identification with Detect It Easy (DIE), Unpacking Nullsoft Installer, Malware GUID identification, Debugging obfuscated JS in VSCode, Code review of Trojan Discord module
11.	Tracer	Windows Event Log analysis, Prefetch file parsing with PECmd, $MFT analysis using MFTECmd, USN Journal ($J) analysis, Sysmon log investigation
12.	Loggy	Using Ghidra, ANY.RUN, DIE for malware language identification, PEStudio and API Monitor for malicious function calls, FTP domain tracking, IDA graph analysis for disk writes
13.	RogueOne	Memory forensics with volatility3, Detection of process spoofing
14.	Recollection	Memory forensics with volatility3, Detection of alias IEX usage, Browser history dumping, Malicious filename identification
15.	Brutus	Reviewing UNIX auth.log, Hunting suspect IP addresses, WTMP log analysis
16.	Campfire-1	DC security logs analysis via EventViewer, Kerberoasting attack analysis, Prefetch file conversion and timeline exploration with PECmd and Timeline Explorer, Identifying common Kerberoasting tools
17.	SmartyPants	Windows RDP event log analysis, Event log explorer usage, Smart screen debug log review
18.	Unit42	Sysmon EventID definitions, Sysmon log analysis, UltraVNC infection investigation
19.	BFT	Parsing raw MFT files with MFT Explorer and MFTECmd, Malicious file download hunting
20.	Jingle Bell	Forensic analysis of Slack application SQLite database
21.	TickTock	TeamViewer log analysis for C2 agent and attacker sessions, Prefetch log review, Sysmon log review for network connections, Windows Defender and PowerShell log inspection, Drive mounting and C2 hash identification, Raw MFT parsing and timeline exploration, Timestamp event extraction with Get-WinEvent
22.	Jugglin	Forensic analysis of APMX64 files, API Monitor for function call interception, PowerShell module identification for data exfiltration
23.	Ore	Reviewing Grafana and catscale artifacts, XMRIG process analysis, Hunting threat actor IPs via UNIX logs, Shodan threat intelligence use, Cronjob timing analysis with crontab.guru
24.	Ultimatum	Catscale data acquisition review, Ultimate-member plugin CVE identification, Backdoor user and persistence activity detection
25.	Pikaptcha	Registry hive analysis with Registry Explorer, Malicious PowerShell downloader analysis, Threat actor C2 server hunting, Reverse shell session timing, Phishing JS function identification, Lumma Stealer malware investigation
26.	Operation Blackout 2025: Phantom Check	Hayabusa, Event viewer, Identification of virtualization detection activity, Timeline explorer, Identification of current machine temperature value, WMI class abused to retrieve model and manufacturer information
27.	Operation Blackout 2025: Smoke & Mirrors	Hayabusa, Timeline explorer, Identification of attempts to disable windef monitoring and LSA protection, Detect AMSI patch attempt, Detect system boot modification attempt
27.	Zenith	Business e-mail compromise, Hayabusa, Timeline Explorer, Process Injection, Ghidra, PE-Studio, Flare-VM, Persistence mechanism, Privilege escalation mechanism
28.	Payload	PEStudio, DIE, Ghidra, CFF Explorer, PE Bear, and radare2 for static Windows binary analysis and triage, x64dbg for dynamic binary analysis, identifying binary compilation timestamp, image base address, entrypoint address
29.	SalineBreeze-2	Demodex TTPs (associated with Salt Typhoon / Earth Estries & Ghost Emperor), PowerShell deobfuscation and reverse engineering, Dynamic malware analysis using FLARE-VM and Procmon, ,Static malware analysis using PEStudio and Ghidra
30.	Malevolent Modmaker	Golang-Based Ransomware,Dynamic binary analysis using x64dbg, Static binary analysis using ghidra, Detect-it-Easy.
31.	Secret Pictures	Dynamic binary analysis using IDA, Static binary analysis using IDA, Detect-it-Easy, pestudio, Capturing netflow using wireshark
32.	APTNightmare	Packet capture analysis with Wireshark, Nmap open port identification with Tshark, DNS zone transfer detection, Compromised subdomain and credential discovery, Memory analysis of web server with Volatility and Ubuntu profile, MITRE ATT&CK technique correlation, Debian package inspection with dpkg, Windows registry hive parsing with Regripper, Program execution artifact analysis, .lnk file examination, Registry hive cleaning, Disk image review with FTK Imager, Email phishing forensic analysis, Prefetch file analysis, Raw $MFT parsing, PowerShell and event log export, Timeline review, Encoded PowerShell command decoding, VirusTotal IOC identification, Cobalt Strike beacon analysis, Persistence task detection

Binary Exploitation (PWN)

No.	Challenges	Lessons Learned
1.	racecar	Exploiting format string vulnerabilities to leak stack values
2.	You know 0xDiablos	Buffer overflow exploitation, Return-to-win techniques
3.	Jeeves	Local variable modification techniques
4.	Space pirate: Entrypoint	Format string bugs, Local variable modification
5.	Reg	Buffer overflow, Redirecting program execution
6.	Space pirate: Going Deeper	Buffer overflow, Redirecting program execution
7.	Bat Computer	Buffer overflow, Return-to-shellcode techniques
8.	Blacksmith	Buffer overflow, Return-to-libc attacks
9.	Shooting star	Buffer overflow, Return-to-libc attacks
10.	HTB Console	Buffer overflow, Return-to-libc, Using .DATA section to write "/bin/sh\x00" strings
11.	Optimistic	Buffer overflow, Integer overflow, Return-to-shellcode with alphanumeric payloads
12.	Restaurant	Buffer overflow, Return-to-libc, Bypassing MOVAPS protection
13.	Entity	Union structure manipulation, Type confusion vulnerabilities
14.	Getting Started	Buffer overflow basics
15.	Questionnaire	Binary exploitation concepts and questions
16.	Nightmare	Format string bug exploitation, Global Offset Table (GOT) overwrite
17.	Void	Buffer overflow, Return-to-dl-resolve technique
18.	Fleet Management	Bypassing seccomp sandbox, Crafting custom shellcode
19.	Vault-breaker	Abusing misconfigurations, XOR cipher decoding
20.	Spooky Time	Format string bug exploitation, GOT overwrite
21.	Space pirate: Retribution	Buffer overflow, Return-to-libc, Bypassing PIE and ASLR
22.	Space	Buffer overflow, Small offset after EIP, Custom shellcode crafting
23.	Leet Test	Format string bug, Overwriting local and global variables
24.	Trick or Deal	Heap exploitation, Use-After-Free (UAF)
25.	PwnShop	Buffer overflow, Return-to-libc, Bypassing PIE and ASLR, Stack pivoting
26.	Finale	Open-Read-Write (ORW) ROP chain exploitation
27.	Hellhound	Heap exploitation, House of Spirit technique (glibc 2.23)
28.	Sacred Scrolls: Revenge	Buffer overflow, Return-to-libc, Base64 encoded payload, Bypassing MOVAPS (stack alignment)
29.	Sick ROP	Sigreturn Oriented Programming (SROP)
30.	What does the f say?	Format string bug, Bypassing PIE, Canary, and ASLR, Return-to-libc, Bypassing MOVAPS protection
31.	Bon-nie-appetit	Heap exploitation, maia_arena address leak, Off-by-one (OOB) exploit, Tcache poisoning
32.	Great Old Talisman	Buffer overflow, GOT overwrite
33.	Spellbook	Heap exploitation, Leaking main_arena address, Fastbin dup attack, Overwriting __malloc_hook with one_gadget
34.	Oxidized ROP	Rust buffer overflow, Local variable overwrite using Unicode characters
35.	Regularity	Buffer overflow, Return to register
36.	Writing on the Wall	Out-of-bounds write, read() vulnerability, Local variable overwrite
37.	Execute	Direct code execution bug, Return to shellcode, Crafting custom shellcode to bypass bad bytes, XOR encoding /bin/sh strings
38.	Rocket Blaster XXX	Buffer overflow, Return-to-win with 3 parameters
39.	Sound of Silence	Return address manipulation with gets(), Passing system() as argument, Using GDB to trace parent process
40.	r0bob1rd	Libc leak via array index clobbering, Format string bug to overwrite GOT entry for __stack_chk_fail(), OOB bug triggering __stack_chk_fail() call`
41.	Assemblers Avenge	Return to shellcode, Crafting custom shellcode, Using printed /bin/sh strings
42.	No Gadgets	Bypassing strlen() checks, Exploiting GLIBC 2.35 gadgets limitation, GOT overwrite using controlled RBP, Forging fake RBP with PLT stub
43.	Kernel Adventures: Part 1	Exploiting race condition vulnerabilities, Password hash cracking, Double fetch exploitation

Machines

No.	Machine Name	Lessons Learned
1	Blue	Metasploit, smbclient, EternalBlue, Meterpreter
2	Jerry	Tomcat exploitation, Msfvenom reverse shell, Metasploit usage
3	Lame	FTP, CVE exploitation, Backdoor, SMB, Remote Code Execution (RCE)
4	Netmon	FTP enumeration, Searchsploit usage
5	Photobomb	Command injection, Pwncat usage, PATH hijacking
6	Precious	Setting up simple Python server, PDFKit CVE exploitation, Pwncat, Ruby exploit, YAML exploit
7	Shoppy	Gobuster usage, NoSQL injection, MongoDB exploitation, Password hash cracking, Ffuf usage, Docker privesc via GTFOBins
8	Cap	Exploiting Python 3.8 cap_setuid, Wireshark usage, IDOR vulnerability
9	Busqueda	Server-side template injection (SSTI), Remote code execution (RCE), Gitea exploitation
10	Knife	PHP CVE exploitation, Knife binary GTFOBins
11	Bashed	Gobuster usage, Webshell deployment, Cronjob exploitation
12	Shocker	Gobuster usage, Shellshock attack, Perl binary exploitation
13	Beep	Dirbuster usage, Elastix webserver exploitation, FreePBX service exploitation
14	Blocky	Dirbuster usage, JADX-GUI for reverse engineering
15	Bank	Gobuster usage, Identifying failed hash or encryption methods, Msfvenom reverse shell
16	Nibbles	Gobuster usage, Nibble blog exploit, Techmint Linux monitoring script exploit
17	SteamCloud	Kubernetes exploitation, Pod forging
18	Keeper	WinDbg usage, KeePass key dumper (Keydumper), PuTTY key generation and usage (PuttyGen)
19	Optimum	Rejetto HTTP File Server exploit, Metasploit usage
20	Legacy	SMB CVE exploitation, Metasploit usage
21	Granny	Microsoft IIS 6.0 exploit, Metasploit usage
22	Grandpa	Microsoft IIS 6.0 exploit, Metasploit usage
23	Devel	ASPX reverse shell, Microsoft IIS 7.5 exploit, Metasploit usage
24	Horizontall	Generating SSH keygen, Port forwarding, Laravel 8.4.2 exploit
25	Validation	SQL injection (SQLi), PHP reverse shell
26	Nunchucks	Gobuster usage, Nunjucks template engine exploit, Perl binary exploitation, AppArmor Perl bugs
27	Late	Flask SSTI, SSH keygen, LinPEAS usage, Pspy64
28	BountyHunter	Dirbuster usage, XXE exploitation, Abusing Python script misconfiguration
29	Mirai	Raspberry Pi server setup, Linux file recovery with dcfldd, Volume mounting
30	Armageddon	Drupal 7 service exploit, Dirty Sock exploit
31	Paper	WordPress exploitation, Password reuse, LinPEAS usage, Sudo exploit
32	MonitorsTwo	Cacti login page exploit, Hash cracking with John the Ripper, Listing SUID binaries, capsh GTFOBins
33	Inject	Directory traversal, Searchsploit usage, Spring Framework exploit, Pspy64, YAML forging
34	Sau	Request Baskets v1.2.1 exploit, SSRF, Maltrail v0.53 exploit
35	Pilgrimage	ImageMagick LFI, Git dumper usage, Binwalk CVE RCE
36	CozyHosting	Dirsearch usage, Base64 encoded bash reverse shell, JD-GUI, PostgreSQL, Hash cracking with John and Hashcat, sudo GTFOBins
37	Topology	LaTeX injection, Ffuf usage, Hash cracking with John, Pspy64, Forging PLT files to exploit Gnuplot binary cronjobs
38	Explore	ADB, Metasploit usage, ES File Explorer exploit, oHostKeyAlgorithms, Port forwarding
39	Previse	Dirbuster usage, Command injection, Hash cracking with John, Forging bash gzip, PATH hijacking
40	Broker	Apache ActiveMQ exploitation, Remote code execution (RCE)
41	Delivery	Email impersonation, Hash cracking using Best64 and John the Ripper
42	Codify	Virtual Machine 2 (VM2) exploitation, Hash identification, Hash cracking with John, Python bruteforce script creation
43	Analytics	Metabase login page exploit, Metasploit usage, LinPEAS usage, Local privilege escalation on Ubuntu 22.10 / 22.04
44	Soccer	Dirsearch usage, H3K Tiny File Manager exploitation, WebSocket exploitation, SQLmap for blind SQLi, Privilege escalation using SUID doas, Forging dstat using Python
45	Timelapse	Enumerating public SMB shares with smbclient, Cracking Personal Information Exchange (PFX) files, OpenSSL, pfx2john, evil-winrm, Active Directory enumeration
46	Devvortex	Ffuf usage, Dirsearch usage, Joomla v4.2 CMS exploitation, Password hash cracking with John, apport-cli binary exploitation
47	Return	SMB service enumeration with smbclient and enum4linux, Abusing printer's network, evil-winrm, Group membership enumeration for svc-printer account, Msfvenom, Active Directory security group abuse, Metasploit usage
48	Irked	Unreal Engine 3.2.8.1 exploitation, Metasploit usage, LinPEAS usage
49	Perfection	WEBrick 1.7.0 exploitation, ERB and Ruby RCE, LinPEAS usage, Time-based password hash cracking with John
50	Headless	XSS, Cookie stealing, Command injection, Remote code execution (RCE), Abusing syscheck misconfiguration for root
51	Wifinetic	FTP anonymous login, WiFi network interface enumeration, WiFi network configuration dumping, WPS PIN brute forcing using Reaver
52	OpenAdmin	Dirsearch usage, OpenNetAdmin v18.1.1 exploit, Bash reverse shell, Abusing Apache2 internal misconfiguration, Password cracking with John, Port forwarding, Webshell deployment, SSH private key cracking, Privilege escalation in nano by resetting stdin/stdout/stderr
53	TraceBack	Gobuster usage, SSH key generation, Forging Lua scripts, SSH MOTD manipulation

GamePwn

No.	Column 1	Column 2	Column 3
1.	CubeMadness1

Web

No.	Column 1	Column 2	Column 3
1.	Templated	LoveTok	Phonebook
2.	Spookifier	looking glass	sanitize
3.	baby auth	baby BonChewerCon	Full Stack Conf
4.	baby interdimensional internet	Juggling facts	baby nginxatsu
5.	baby todo or not todo	baby WAFfles order	BlinkerFluids
6.	Orbital	Trapped Source	Passman
7.	SpookTastic	CandyVault	HauntMart

Forensics

No.	Column 1	Column 2	Column 3
1.	Illumination	MarketDump	Wrong Spooky Seasaon
2.	Marshal in the Middle	Chase	Event Horizon
3.	Insider	Export	Persistence
4.	No Place To Hide	Lure	Logger
5.	Halloween Invitation	Peel Back The Layers	Reminiscent
6.	Intergalactic Recovery	Downgrade	Automation
7.	Perseverance	Deadly Arthropod	Keep Tryin'
8.	Strike Back	Diagnostic	Fake News
9.	POOF	Alien Cradle	Extraterrestrial Persistence
10.	Artifact Of Dangerous Sighting	oBfsC4t10n2	Packet Cyclone
11.	Scripts and Formulas

Cryptography

No.	Column 1	Column 2	Column 3
1.	BabyEncryption	xorxorxor	Android in the Middle
2.	Weak RSA	Classic, yet complicated!	Brainy's Cipher
3.	Gonna-Lift-Em-All	Ancient Encodings	Nuclear Sale

Reversing

No.	Column 1	Column 2	Column 3
1.	Impossible Password	Bypass	Behind the Scenes
2.	WIDE	Baby RE	You Cant C Me
3.	Find The Easy Pass	Baby Crypt	Ransom
4.	Anti Flag	Ouija	Tear Or Dear
5.	Rebuilding	Teleport	Hunting License
6.	Shattered Tablet

OSINT

No.	Column 1	Column 2	Column 3
1.	Easy Phish	Infiltration	Money Flowz
2.	Missing in Action	ID Exposed	0ld is g0ld

Mobile

No.	Column 1	Column 2	Column 3
1.	Cat	Don't Overreact	APKey
2.	Pinned	APKrypt	Manager
3.	Anchored

Hardware

No.	Column 1	Column 2	Column 3
1.	Debugging Interface	Gawk	Photon Lockdown

Misc

No.	Column 1	Column 2	Column 3
1.	Canvas	fs0ciety	Milkshake
2.	Hackerman	Da Vinci	Art
3.	misDIRection	Emdee five for life	The secret of a Queen
4.	Eternal Loop

Blockchain

No.	Column 1	Column 2	Column 3
1.	Survival of the Fittest