Investigate “Digital Bank” and uncover what happened.

Work through the flow. Form a hypothesis about the attacker’s initial access, then prove compromise by submitting the correct flag as evidence.

Target: https://digitalbank.jubilian.io

Tip: Explore public flows (login, password reset, account recovery). Observe responses and state changes closely.

Part 1 — Initial Access (Multi-Select)

Based on what you can gather, which technique(s) best explain how the attacker initially got in?

Valid Accounts — T1078

The hacker compromised a valid account of the bank!

Wi-Fi Networks — T1669

The hacker compromised the bank's WiFi Network and attacked them internally.

Phishing — T1566

The hacker compromised the bank systems through phishing campaigns like a malicious email or something.

Exploiting Public-Facing Applications — T1190

The hacker exploited the public website of Digital Bank

Identify the exact vulnerability and submit the flag as concrete evidence.

Submit Your Flag Here...

Work through the steps above. Once you prove compromise, a summary will appear here.

Back to Part 1 Go to Part 2