Challenge: Isn’t 2fa fun? Especially when you forget to backup you code and can’t login anywhere anymore. Well, not even Santa is immune to mistakes like this. Fortunately his app creates a recovery token. The developers hoped that Santa would never need it, so they kinda slacked off when implementing the app. It’s up to us to find Santa’s recovery token.

Challenge: Santa made available a service that accepts only the best of jokes. Try it out, binary is available and service is listening at elfs.owasp.si:40003.

Challenge: It’s nearly Christmas and Santa’s very busy getting everything ready. He’s preparing his list of who’s been good. Write a letter to Santa, to let him know that you have been nice.

Challenge: Santa’s elves have found the following image with a secret message. Can you find it?

Challenge: Santa’s elves created a brand new API for naughty and nice list at http://elfs.owasp.si:8000/ with advanced protections. But did they get the protections right? Be nice.

Challenge: Someone was monitoring weird transmissions on Santa’s network, fortunately their systems are outdated so you might have some luck decoding the message.