// Five tracks

Pick your
discipline.

The competition spans five categories, each with multiple difficulty tiers. Every track ships at least one chain-puzzle and one signature centrepiece challenge built around a memorable theme.

WEB CRYPTO MISC REV PWN
01 WEB

Web Exploitation

Modern web stacks. Modern flaws.

$GET /api/orders?id=42 HTTP/1.1

Server-side template injection, prototype pollution, SSRF chains through cloud metadata services, second-order SQL injection, JWT misuse, and the occasional CSP bypass via overlooked HTML sinks. Everything served behind realistic authentication, with logs, observability and the kind of mistakes you would see in a production codebase.

On your bench

Burp SuiteNode / TypeScriptHTTP smugglingOAuth flowsBrowser sandboxing
4 challenges planned 1 chain-puzzle Easy → Insane
02 CRYPTO

Cryptography

Mathematics with consequences.

$n = p · q (and q = p + δ)

Custom ciphers with weak invariants, RSA misuse in three creative variants, elliptic curves whose parameters look fine until you check the j-invariant, and PRNG state recovery dressed up as palace lore. Multi-stage chains designed so each step requires the right insight, not just the right one-liner.

On your bench

SageMathPythonNumber theoryPRNG analysisSide channels
4 challenges planned 1 chain-puzzle Easy → Insane
03 MISC

Miscellaneous

The wildcard slot.

$strings ./photo.jpg | grep -i flag

Steganography hidden in unexpected places, OSINT trails through obscure corners of the web, jailbreak puzzles for language models, and logic mazes whose rules quietly drift the deeper you go. Bring patience, references and a willingness to follow strange threads.

On your bench

Image / audio forensicsOSINTLLM jailbreaksPure puzzling
4 challenges planned 1 chain-puzzle Easy → Insane
04 REV

Reverse Engineering

Bring your dissector.

$0x4011a0 <vm_step>: jmp rax

Compiled C with intent, hand-rolled virtual machines that need unflattening, obfuscated bytecode (Python, Lua and a custom dialect), plus one ELF whose anti-debug tripwires double as a stylistic statement. Symbolic execution welcome, but rarely required.

On your bench

IDA / Ghidragdb / lldbangrZ3Custom VM analysis
4 challenges planned 1 chain-puzzle Easy → Insane
05 PWN

Binary Exploitation

Earn your shell.

$p32(0xdeadbeef) * 4 + p32(rop)

Stack overflows that demand a real ROP chain, format string vulnerabilities with subtle pivots, heap puzzles built around controlled allocators, and one carefully scoped kernel module for those who like their challenges well-seasoned.

On your bench

pwntoolsROP / SROPHeap feng shuiKernel exploitation
4 challenges planned 1 chain-puzzle Easy → Insane
Difficulty

Easy is calibrated.
It is not trivial.

"Easy" is calibrated for human solvers with reasonable AI assistance. Easy challenges are still multi-stage on purpose, so a single language-model prompt rarely cracks them — but a determined player with two cups of coffee absolutely will.

Easy 25%
Multi-stage, intended for newcomers with light tooling.
Medium 55%
A solid grasp of the category plus one creative leap.
Hard 80%
Two attack chains, careful note-taking, real research.
Insane 100%
A dedicated weekend. Teamwork and custom tooling welcome.
Sample chain

What a multi-stage
challenge looks like.

01 / Recover

Untemper the auspice

Use the published 624-line auspice to invert the PRNG temper function and reconstruct the internal generator state.

02 / Predict

Project forward

Step the recovered state forward by twelve outputs and assemble the AES-256 key and the IV from the resulting integers.

03 / Decrypt

Open the seal

Decrypt the sealed correspondence with the recovered key and IV, unpad, and the flag falls out.