delvin

Russia

2nd place

10100 points


Awards


Solves

Challenge Category Value Time
Sanity Check Flag Sanity Check 0
Device ID based detection Emulator detection 100
Predictable Initialization Vector Symmetric Encryption 100
JSON to XXE (Blind) Web Application 100
OTP Bruteforce Web Application 100
SSTI Web Application 100
S3 bucket misconfiguration Web Application 100
Old Backup Files Web Application 100
RIA Cross Domain Policy Web Application 100
XPATH Injection Web Application 100
XXE Web Application 100
Check Package Name Emulator detection 100
QEmu Detection Emulator detection 100
Network Operator Name Emulator detection 100
Debug Flag Emulator detection 100
Emulator Default IP Check Emulator detection 100
Emulator Files Check Emulator detection 100
Hardware Specifications Emulator detection 100
Virtual Phone Number Emulator detection 100
SSRF Web Application 100
RFI Web Application 100
Review comment and Metadata Web Application 100
REST API HTTP Methods Web Application 100
Unrestricted File Upload Web Application 100
RC4 Symmetric Encryption 100
Blowfish Symmetric Encryption 100
3DES Symmetric Encryption 100
DES Symmetric Encryption 100
AES Symmetric Encryption 100
QR Code Miscellaneous 100
Backdoor7 Miscellaneous 100
Backdoor6 Miscellaneous 100
Backdoor5 Miscellaneous 100
Backdoor4 Miscellaneous 100
Backdoor3 Miscellaneous 100
Backdoor2 Miscellaneous 100
Backdoor1 Miscellaneous 100
SHA1 Hashing 100
MD5 Hashing 100
MD4 Hashing 100
Test Keys Root Detection 100
Dangerous Props Root Detection 100
Potentially Dangerous Apps Root Detection 100
Su Exists Root Detection 100
Su Binary Root Detection 100
RW System Root Detection 100
Web Socket Secure (WSS) WebSocket Traffic 100
Metafiles - Info Leakage Web Application 100
JWT Misconfiguration Web Application 100
Insecure Direct Object Reference Web Application 100
Guessable Session ID Web Application 100
Default Credentials Web Application 100
User Password Enumeration Web Application 100
Client Side Validation Bypass Web Application 100
Server Fingerprint Web Application 100
JavaScript - Info leak Web Application 100
Encoding - Hashing Web Application 100
Login bypass Web Application 100
Bruteforce Web Application 100
HTML5 Controls Web Application 100
2FA - Integrity Validation Authentication 100
2FA - OTP Brute-Force 2 Authentication 100
2FA - OTP Brute-Force Authentication 100
2FA - Status Code Manipulation Authentication 100
2FA - Response Manipulation Authentication 100
2FA - OTP Leakage Authentication 100
International mobile subscriber identity (IMSI) Device ID 100
IMEI/ESN Device ID 100
GPS Location Device ID 100
Device Wi-Fi MAC Device ID 100
SSAID/ANDROID_ID Device ID 100
isDebugger Connected Anti-Debugging 100
File System Expose Content Providers 100
SQL Injection Content Providers 100
RPATH Binary Protection 100
Native Function Call Binary Protection 100
Hardcoded Secret Binary Protection 100
RSA Asymmetric Encryption 100
SQLite Databases (Encrypted) Insecure Data Storage 100
KeyStore Insecure Data Storage 100
Activity data Insecure Data Storage 100
Memory Insecure Data Storage 100
External Storage Insecure Data Storage 100
Internal Storage Insecure Data Storage 100
Shared Preferences Insecure Data Storage 100
Clipboard Insecure Data Storage 100
SQLite Databases (Unencrypted) Insecure Data Storage 100
Caesar Cipher Encryption 100
WTF Logs Logs 100
Verbose Logs Logs 100
Debug Logs Logs 100
Warnings Logs Logs 100
Error Logs Logs 100
Informational Logs Logs 100
BusyBox Binary Root Detection 100
Root Cloaking Apps Root Detection 100
Root Management Apps Root Detection 100
Web Socket (WS) WebSocket Traffic 100
UDP Traffic Non-HTTP Traffic 100
TCP Traffic Non-HTTP Traffic 100
HTTPS Traffic HTTP Traffic 100
HTTP Traffic HTTP Traffic 100