Love At First Breach 2026
Across these ten rooms, you’ll work through the core foundations of web exploitation from an attacker’s perspective. Expect hands-on practice with reconnaissance and content discovery, input validation flaws, authentication weaknesses, session handling issues, and common injection vectors. You’ll analyze how user-supplied data moves through an application, identify where trust boundaries break down, and exploit misconfigurations that expose sensitive functionality. The focus isn’t just on running tools, it’s on understanding web app logic, recognizing patterns in vulnerable design, and building a repeatable methodology you can apply to real-world assessments.
Welcome To TryHeartMe
What Will Be Covered In This Challenge:
OSINT, Web Hacking, API Hacking, Mobile Reversing, AI In Security,
Forensics, Boot2Root, And More…
Cupid Bot
You’ve found Cupid’s AI chatbot that writes Valentine’s messages. It contains 3 hidden flags in its system. Your job: exploit prompt injection vulnerabilities to extract them all.
Hidden Deep In My Heart
Cupid’s Vault was designed to protect secrets meant to stay hidden forever. Unfortunately, Cupid underestimated how determined attackers can be.
Intelligence indicates that Cupid may have unintentionally left vulnerabilities in the system. With the holiday deadline approaching, you’ve been tasked with uncovering what’s hidden inside the vault before it’s too late.
Corp Website
Valentine’s Day is fast approaching, and “Romance & Co” are gearing up for their busiest season.
Behind the scenes, however, things are going wrong. Security alerts suggest that “Romance & Co” has already been compromised. Logs are incomplete, developers defensive and Shareholders want answers now!
As a security analyst, your mission is to retrace the attacker’s, uncover how the attackers exploited the vulnerabilities found on the “Romance & Co” web application and determine exactly how the breach occurred.