Droid-Warden

This CTF immerses participants in a highly realistic mobile application penetration testing environment. The application is intentionally riddled with classic Android security flaws, such as weak code obfuscation, reliance on client-side security checks, and vulnerable implementations. Participants must employ a red-team methodology, leveraging tools for traffic interception, and runtime manipulation to uncover the hidden administrative endpoints and exfiltrate confidential employee records. The challenge emphasizes the creative chaining of multiple low-severity issues to achieve a critical business impact.