new
Capture The Flag
Offensive
SaaS Integration - Essentials CTF Pack now available
The SaaS Integration - Essentials pack immerses players in hands-on exploitation of real-world SaaS and government web applications, exposing practical vulnerabilities across OAuth flows, token management, webhook validation, access controls, and server-side template injection.
Included in this pack are 10 challenges that progress from quick wins (client-side cookie forgery, hardcoded service key extraction) through intermediate challenges (OAuth redirect abuse, webhook signature bypass, IDOR-based password reset, mass assignment privilege escalation) to advanced scenarios (token chaining across diagnostics and logs, VBA macro phishing document analysis, and server-side template injection via file upload).
Each challenge is self-contained yet narratively connected, simulating a real red team operation, Operation Grantfall, across ten Norland government portals, each representing a distinct SaaS integration failure. The scenarios mirror the analytical workflow of penetration testers and AppSec engineers assessing government and enterprise SaaS deployments.
By completing this pack, you will exploit OAuth and token vulnerabilities, bypass webhook and payment controls, master access control and privilege escalation attacks, and chain advanced server-side vulnerabilities across interconnected SaaS portals.
