// CYBERSECURITY CAPTURE THE FLAG · OFFENSIVE SECURITY CHALLENGE
Think Like an Attacker. Defend Like a Professional.
// ABOUT THE EVENT
What is the CTF Competition?
Participants have 24 hours to investigate deliberately vulnerable machines sourced from VulnHub. Each team must identify security weaknesses, exploit them methodically, and capture all available flags.
This is not just a hacking competition — it is a full professional security assessment. Teams are required to document every step of their investigation, propose practical mitigations, and present their findings to a panel of judges.
Successful participants demonstrate both offensive and defensive security thinking: the ability to attack systems and the discipline to communicate findings clearly and responsibly.
Reconnaissance
Discover services, endpoints & attack surface
Exploitation
Leverage real-world CVEs & misconfigurations
Priv Escalation
Gain root access through privilege chains
Documentation
Evidence-based technical reporting
Flag Collection
Capture all available proof-of-compromise flags
Presentation
Defend your methodology before the panel
// CHALLENGE DOMAINS
Three Machines. One Mission.
DC Corp has deployed an internal web portal for employee use. The security team has reported suspicious activity and possible unauthorized access to the system hosted on the DC-1 machine. The portal contains multiple web pages, authentication mechanisms, and hidden resources. It is suspected that misconfigurations and weak security controls exist within the application. Your task is to act as a security analyst and investigate the web application to identify vulnerabilities and compromised areas.
// OBJECTIVES
- Perform reconnaissance on the web application
- Identify hidden directories and files
- Exploit web application vulnerabilities
- Retrieve every available flag
// EXPECTED METHODOLOGY
- Directory Enumeration
- robots.txt Analysis
- Login Enumeration
- Hidden File Discovery
- Authentication Bypass
- Flag Collection
// DELIVERABLES
- Enumeration Report
- Attack Chain
- Evidence
- Retrieved Flags
- Mitigation Recommendations
Kioptrix Corporation is operating a legacy Linux server that has been exposed to the Internet. The infrastructure contains outdated software, insecure services, and weak configurations. Your objective is to conduct a full penetration test and obtain root access.
// OBJECTIVES
- Discover active services
- Enumerate vulnerabilities
- Gain initial access
- Escalate privileges
- Capture all flags
// EXPECTED METHODOLOGY
- Nmap
- Service Enumeration
- Vulnerability Assessment
- Exploitation
- Linux Privilege Escalation
// DELIVERABLES
- Attack Timeline
- Vulnerability Analysis
- Root Access Evidence
- Retrieved Flags
- Security Recommendations
A compromised internal server is suspected to contain sensitive information and multiple privilege escalation opportunities. You begin with limited access and must fully compromise the system while documenting every step.
// OBJECTIVES
- Enumerate the system
- Identify privilege escalation vectors
- Gain root access
- Retrieve all hidden flags
// EXPECTED METHODOLOGY
- Manual Enumeration
- LinPEAS
- Sudo Enumeration
- Cron Jobs
- Credentials Discovery
- Root Exploitation
// DELIVERABLES
- Enumeration Report
- Privilege Escalation Report
- Evidence
- Retrieved Flags
- Hardening Recommendations
// COMPETITION RULES
Event Rules & Constraints
// EVENT SCHEDULE
Competition Timeline
// POINT DISTRIBUTION
Scoring Breakdown
// FINAL PRESENTATION
Present & Defend
15 Minutes