Operation Mirage

On June 20, 2025, Souk Digital, Morocco's largest online marketplace, receives a fraud notification: 3,000 customer cards flagged. Common point: all victims shopped on Souk Digital in the past 60 days. The attack ran for 8 weeks before detection. The attackers probed every endpoint, found multiple vulnerabilities, and exploited them in sequence. The Application Security Division is called in to reconstruct the attack. 20 missions covering the OWASP Top 10 - SQL injection, XSS, IDOR, SSRF, authentication bypass. Analyze HTTP logs, decode payloads, and identify exfiltrated data.