Operation Summit Breach

Challenge Resources

// Challenge Resources

Some challenges require downloadable resources or have specific entry points. Find them below. Not all challenges have resources listed here — some you'll need to discover yourself.

Hint: Your target dossiers contain clues to find challenge entry points.
Challenge 05

You've Got Mail

Email Security
Medium

A suspicious email was sent to a Cloudflare customer. It passed when it shouldn't have. Analyse the email to understand why — and find the hidden flag.

Download suspicious-email.eml
Challenge 01

Side Door

Zero Trust / Access
Medium

An internal portal protected by Cloudflare Access. Or is it fully protected? Check your dossier for clues on where to look.

Entry point in dossier
Challenge 02

Rule Breaker

WAF / DDoS / App Security
Hard

A search endpoint protected by WAF rules. The rules block obvious attacks — but there's always a gap. Find it.

Entry point in dossier
Challenge 03

Jailbird

AI Gateway / Workers AI
Hard

An AI assistant that's been instructed to keep a secret. It's very protective — but everyone has a weakness.

Entry point in dossier
Challenge 04

Dead Drop

Workers / Pages / D1
Very Hard

A data lookup service. The developer shipped fast and planned to clean up later. They didn't clean up.

Entry point in dossier
Challenge 06

Ghost Signal

OSINT + Social Engineering
Hard

Someone version-controls everything. Even things they shouldn't. Find the trail, follow the commits.

Start with OSINT clues
Challenge 07

Prompt Trojan

AI Security / Agentic AI
Very Hard

An AI agent with tool access. It trusts what users tell it. Completely. Make it do something it shouldn't.

Entry point in dossier