| Acute | Information Leakage · Cracking Hashes (hashcat / John) · Port Forwarding / Pivoting | 3 |
| Blackfield | Active Directory · BloodHound · GetNPUsers (Impacket) · SMB (139/445) · Remote Code Execution (RCE) | 3 |
| Breadcrumbs | Local File Inclusion (LFI) · SQL Injection · JSON Web Tokens (JWT) | 3 |
| Conceal | SNMP Enumeration · File Upload Vulnerabilities · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 4 |
| Control | SQL Injection · winPEAS · Remote Code Execution (RCE) | 4 |
| Hancliffe | SSTI (Server-Side Template Injection) · Buffer Overflow (BoF / ROP) · Remote Code Execution (RCE) | 3 |
| Helpline | Remote Code Execution (RCE) · Authentication Vulnerabilities | 6 |
| Mantis | Active Directory · BloodHound | 3 |
| Object | Active Directory · BloodHound · Remote Code Execution (RCE) | 3 |
| RE | XML External Entity · Cracking Hashes (hashcat / John) · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 4 |
| Reel | Information Leakage · Active Directory · Remote Code Execution (RCE) | 3 |
| Reel2 | Information Leakage · Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | 3 |
| Search | Information Leakage · Active Directory · Kerberoasting · BloodHound · SMB (139/445) | 4 |
| Tally | Information Leakage · Remote Code Execution (RCE) | 3 |