The websites are simple, it show some list and a navigation to login page.
There no much information after logged in.
This challenges also have downloadable part, so let's do code review again.
From JWTHelpers.js
, we know that the website are using JWT for authentication.
We can use https://jwt.io for decoding the token
As you can see, the JWT are exposing public key on the Payload.
From this article, i know that this website are vulnerable to HS/RSA Confusion Attack