Web Sec Challenges
I've been hiding flags in each set of notes so far, here they are collected:
(Server-Side Template Injection) https://general-immediate-fish.glitch.me/stuffhere ALSO SOURCE HERE
(MISC coding) https://glorious-tungsten-almanac.glitch.me/
(MISC coding pt 2) https://stormy-helix-vegetable.glitch.me/
(SQLi 2) https://terriblechat.herokuapp.com/
Even the Least Among Us can make a difference 
(AWS Bots) FLAG BOT
(AWS Lambda):
(XSS) https://xssflag.web.app/ You can only get your
flag when the admin logs in. I'm the admin, ping me in Discord if you think you're ready to get the flag.
(Network Analysis) Sniffer101.pcapng
(Stretchers): gist follows
(Transforms): gist follows
(ECB Oracle): gist follows
(DHKE Mechanics): gist follows
(Pohlig-Hellman): gist follows
(TLS Handshakes): My malware found the following file on the target's computer:
sslkey.log and of course we were capturing packets too:
tls.pcapng
(PHP Sessions): (the admin is zero indexed) https://php1.fsg.opalstacked.com/
(File Upload Exploit): https://fuecakes.herokuapp.com/
(WASM REV): https://websec.prof.ninja/ctf/wasmrev/
(NODE LFI): https://dour-standing-smash.glitch.me/
(REACT REV): https://websec.prof.ninja/ctf/reactflag/
(JWT Mismanagement): https://heliotrope-auspicious-sparrow.glitch.me/
(MISC: Just a game) To win today's flag be voted top 3 in Mona Lisa Smile: https://louis-projects-878b4.web.app/
(deserialization) https://pickledrick.herokuapp.com/
(socket.io) https://aback-bead-catsup.glitch.me/
(prototype pollution) https://knotty-conscious-firewall.glitch.me/
(PHP Jail 1) https://jailcell1.herokuapp.com/
(Authentic Experiences) Source follows: