Capture the flag • Test your skills across 8 categories
A company's website leaks sensitive information through poor development practices. Analyze the source code to find the hidden flag, it's not in an obvious comment.
Inspired by OWASP Juice Shop, a login form has a classic SQL injection vulnerability. Analyze the server-side code, understand how the query is built, and determine the exact payload that bypasses authentication.
Suspicious DNS queries are leaving a compromised host. Analyze the traffic to identify the data exfiltration channel. Reconstruct the stolen data by decoding the DNS subdomain labels.
Inspired by PortSwigger Academy, a stock check feature fetches URLs server-side. A blocklist prevents localhost access, but can you bypass it to reach the internal admin panel?
You have a low-privilege shell. A misconfigured SUID binary calls system() with a relative path. Exploit PATH injection to escalate to root and read the flag.
Inspired by PortSwigger Academy, the app uses JWT for auth but accepts the 'none' algorithm. Forge an admin token to access the restricted endpoint and capture the flag.
During incident response, you exported the registry from a compromised host. The attacker planted a persistence mechanism with a hex-encoded payload. Decode it to find the flag.
An AWS environment was breached via a publicly accessible S3 bucket. Analyze the bucket policy, CloudTrail logs, and exfiltrated config to trace the attacker's path and find the flag.
A binary uses XOR encryption to validate a license key. Analyze the disassembly, find the XOR key, and decrypt the stored ciphertext to reveal the flag.
Inspired by AI Goat, an AI chatbot has a system prompt containing a secret flag. The prompt instructs the AI to never reveal it. Use prompt injection to make the LLM leak its instructions.
Analyze a complete APT intrusion from initial access through exfiltration. Correlate multi-source logs to find the attacker's final C2 domain, the domain name encodes the flag.
A custom network daemon has a format string vulnerability. Analyze the C source code, understand the memory layout, and determine what payload leaks the secret from the stack. The leaked value is the flag.
A compromised workstation keeps re-infecting itself after every reboot, yet AV finds nothing on disk and there is no Run key or scheduled task. Analyze the Sysmon WMI telemetry to identify the fileless persistence technique.
An image looks completely normal when opened, but the file is larger than it should be. A PNG is supposed to end at its IEND chunk. Inspect the raw bytes to find what was smuggled past the end of the image.
Your EDR captured an obfuscated PowerShell command launched by a malicious macro. Statically deobfuscate it (no execution) to recover the embedded marker the operator left in the payload.
A 64-bit Linux binary reads input into a fixed stack buffer with no bounds checking, and contains an unused win() function that prints the flag. Determine the exact offset (in bytes) needed to overwrite the saved return address so execution redirects to win().
As a low-privileged domain user you enumerate service accounts and request a service ticket for one of them. Crack the ticket offline to recover the service account's weak password. Submit it as the flag.
A Solidity vault lets users deposit and withdraw ETH. An auditor flagged a critical bug that allowed an attacker to drain the contract in a single transaction (the same class of bug behind the 2016 DAO hack). Identify the secure-coding pattern that was violated.
You decompiled an Android APK during a mobile pentest. The developer hardcoded a secret directly into the app instead of using a secure backend or the keystore. Find the secret that ships inside every install.
An application encrypts data with AES but uses an insecure mode. You captured a single ciphertext (hex). Without any key, prove which block-cipher mode is in use by analyzing the ciphertext structure alone.
Complete CTF challenges to sharpen your cybersecurity skills and earn points. Each challenge is mapped to relevant certifications.