| Atom | Redis Exploitation · SMB (139/445) · Remote Code Execution (RCE) | 4 |
| Bart | Subdomain Enumeration · Information Leakage · Fuzzing de directorios · Remote Code Execution (RCE) | 4 |
| Bastard | Remote Code Execution (RCE) · SQL Injection | 3 |
| Cascade | Active Directory · Port Forwarding / Pivoting · Kerberoasting · GetNPUsers (Impacket) · SQL Injection · SMB (139/445) | 3 |
| Chatterbox | Buffer Overflow (BoF / ROP) | 3 |
| Giddy | SQL Injection | 3 |
| Intelligence | Information Leakage · Active Directory · BloodHound · Remote Code Execution (RCE) | 3 |
| Jeeves | Jenkins Exploitation (Groovy Script Console) RottenPotato… | 4 |
| Json | Insecure Deserialization · Remote Code Execution (RCE) | 4 |
| Monteverde | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | 3 |
| Querier | Active Directory | 4 |
| Resolute | Information Leakage · SMB (139/445) | 3 |
| Scrambled | Information Leakage · Cracking Hashes (hashcat / John) · Insecure Deserialization · Kerberoasting · GetNPUsers (Impacket) · SMB (139/445) · Remote Code Execution (RCE) | 7 |
| SecNotes | CSRF (Cross-Site Request Forgery) · Information Leakage · SQL Injection · Fuzzing de directorios · IIS (Microsoft Web Server) · Cross-Site Scripting (XSS) | 4 |
| Silo | File Upload Vulnerabilities | 4 |
| Sniper | Remote File Inclusion (RFI) · Local File Inclusion (LFI) · Information Leakage · Port Forwarding / Pivoting · SMB (139/445) · Remote Code Execution (RCE) | 4 |
| StreamIO | Remote File Inclusion (RFI) · Local File Inclusion (LFI) · Information Leakage · Cracking Hashes (hashcat / John) · SQL Injection · BloodHound · AS-REP Roasting · SMB (139/445) · Remote Code Execution (RCE) | 4 |
| Worker | Information Leakage · Fuzzing de directorios · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 3 |