TryHackMe - Side Quest 4 Krampus Festival
AD enumeration with phishing and AV evasion
TryHackMe - mKingdom
CTF styled room involving enumeration, insecure passwords and insecure file permissions.
TryHackMe - Clocky
Time is an illusion. - Code review, Time based token exploitation, SSRF and privilege escalation.
TryHackMe - El Bandito
SSRF to Request smuggling, Request Smuggling via HTTP/2 Downgrades on a chat application to leak user requests.