r/securityCTF

▲ 23 r/securityCTF+1 crossposts

0 Practical Skills and 5 Months of Grinding Theory - CTF/CJCA/CPTS

Hi Reddit! Hi guys! For 5 months I've been working towards the CJCA Certification, it took me so long, 'cuz I'm a person who tried to leave no stone unturned, during this period I have solved all the Starting Point CTFs and 2 Easy-CTFs (`Cap` and `Kobold`), though I had to use a write-up for the last one.

Nevertheless, I have never solved CTFs without any hints or write-ups - by myself, it's a painful experience, when your "detailed knowledge" is equal to 0. So, I've been grinding the theory - Nmap - Footprint - Wordpress.. etc from the CJCA path. After completing offensive modules I tried to solve Easy Enigma Box; on the bright side - my mindset got better, enumeration skills also, but ultimately I haven't been able to solve a box on my own yet.. Idk what I can to do, how to understand CTFs, CVEs without PoCs and other stuff. Do you have any advice? (pls)

I decided before exam to complete some extra-modules from CPTS path - Linux/Windows Priv.Esc, Web-Shells and Attacking common Services. But I'm very confused and frustrated right now

reddit.com
u/DoughnutResident — 20 hours ago
▲ 360 r/securityCTF+21 crossposts

I built a game where your only goal is to gaslight an AI intern into committing fraud

All I hear, all day long is how AI is taking over everything we do. So I made a game to break it.

Basically, in the game you can chat with an AI intern named PIP, and as a player your only job is to gaslight the bot into revealing passwords, company secrets, executing instructions in email and much more across 16 different levels.

This is a browser based game, so it requires no setup and is absolutely free.

Try it out and let me know how far you get or drop your most unhinged prompt in the comments.

It's called "Break The Prompt" and here's the link: https://www.breaktheprompt.xyz/

u/_rhythmbreaker — 3 days ago
▲ 1 r/securityCTF+1 crossposts

I built a tool that proves your npm vulnerability fixes won't break your build before you merge

npm audit fix tells you a CVE is patched. It doesn't tell you if the patch breaks your tests, changes an API, or silently downgrades a transitive dep you actually need.

Built VeriPatch to close that gap: it scans for vulns, applies the fix in a sandbox, runs your test suite against it, and generates an audit-grade evidence report showing the fix is actually safe — not just "applied."

Useful if you've ever ignored Dependabot PRs because you didn't trust them enough to click merge.

Repo: https://github.com/amarjaleelbanbhan/VeriPatch

Feedback welcome.

u/Amar_Jaleel — 2 days ago

Hi there. Guys i need to make portfolio website and i cannot find any good design for it. So can u guys suggest some?

reddit.com
u/arwvah — 3 days ago
▲ 5 r/securityCTF+1 crossposts

ctf lab recommendation

​

Hello ,I'm looking for the best free TryHackMe labs/rooms to improve my penetration testing and cybersecurity skills.

Could you recommend your favorite free rooms, whether they're beginner, intermediate, or advanced? I'd especially appreciate labs that teach practical skills such as:

Linux & Windows Privilege Escalation

Web Exploitation

Active Directory

Enumeration

Networking

CTF-style challenges

If you have a recommended learning order, I'd love to hear it as well.

Thanks in advance!

reddit.com
u/wasnt-Effective-8765 — 5 days ago
▲ 10 r/securityCTF+1 crossposts

[CTF] Operation BLACK CIPHER 2026: 2 Days, 30+ Challenges, Live Attack-Defense (July 20-21) 🚩

Nullgrids Labs is dropping the grid for Operation BLACK CIPHER this July 20-21 at the United Institute of Technology, Coimbatore.

This isn't just another passive CTF. We are running a full-scale Attack-Defense simulation. We don't just allow AI tools—we encourage you to use them to think smarter and strike harder.

The Intel:

  • Format: Live Attack & Defense simulations + 30+ dedicated cyber challenges.
  • Teams: 1-4 members.
  • Recognition: National-level recognition for the top squads.
  • Approved: MSME Approved.

Prove it. Hack it. Defend it. Own it.

🔗 Registration Portal (₹249/pp):https://blackcipher.nullgridslabs.dpdns.org/

Are you in? Drop any questions or team-finding requests in the comments.

u/NullGridsLabs — 5 days ago

Cyber apocalypse ‘26

**Looking for teammates for HTB Cyber Apocalypse 2026 — Nemesis Group**

Hey everyone,

I created a team for **HTB Cyber Apocalypse 2026** called **Nemesis Group** and I’m looking for a few teammates.

Beginner-friendly, but serious: I’m looking for people who want to communicate, show up during the event, follow HTB rules, and work together. No ego, no flag sharing outside the team, no chaos.

Categories we’re interested in:

Web, Pwn, Reversing, Crypto, Forensics, Cloud, Machines, Coding, and Misc / Hardware / ICS.

If you want to join, comment with:

* HTB username
* Timezone
* Skill level
* Preferred categories

You can also search for **Nemesis Group** on the HTB CTF team page and send a join request.

reddit.com
u/ohmygen7 — 5 days ago

CTF

I’m a cybersecurity student, and my goal is to become a pentester. I’ve been studying for about a year, but I feel like I’ve learned in a very unstructured way. I know the basics, but I still can’t solve even easy CTFs by myself. I’ve started wondering if the problem is that I just haven’t developed a pentester mindset yet.

reddit.com
u/dit0sc00p — 7 days ago

Looking for experienced CTF mates / team in Germany (EU)

Hey. I’m based in Germany and looking for an intermediate+ CTF team or mates to play on CTFtime.

My focus: Web, OSINT

Also do: Basic Reverse Engineering, basic Crypto

Languages: English, German, Russian

Contact me directly on Discord: yftgjiol

reddit.com
u/Electronic_Foot6422 — 8 days ago
▲ 228 r/securityCTF+1 crossposts

CHRONOS — a terminal escape room through 50 years of computing

Playable Link: https://chronos-game.com

Platform: Browser (desktop & mobile) — runs in any modern browser, no install or signup

Description: You wake up locked in an isolation chamber in 2026 with one terminal and a 60-minute purge timer counting down. To get out, you don't play a computer — you operate real ones, era by era. You'll work a series of real, half-forgotten machines — the genuine tools, not stand-ins — pressing each to give up a secret it was never meant to reveal. Each era hands you an artifact that unlocks the next — the past literally reaches forward into the future. It's terminal-native and period-accurate, with CRT visuals and synth audio. There are multiple endings depending on how you play — and what you figure out. A full run is about 45–75 minutes. I'd love feedback on where you got stuck, whether the in-game hints landed, whether you reached an ending, and any bugs — there's a "Tell the maker" button on the end screen.

Free to Play Status:

  • [X] Free to play

Involvement: Solo developer — I designed and built the entire thing: the engine, all the era content and puzzles, the writing, the audio, and the deployment. CHRONOS is my project; this is its first public beta and I'm looking for honest playtest feedback.

u/xav77 — 11 days ago
▲ 12 r/securityCTF+1 crossposts

Looking for new team members!

Cyber Apocalypse 2026 is coming up soon. We already have a core team, but we could use a few more people. To be clear: we don't care about your HTB rank. Some of our best guys don't have high ranks at all but they absolutely crush challenges. We only care that you actually have some experience and can solve stuff. Spots are limited, but we can take about ~10 more people. If you think you can deliver and want to join, hit me up!

EDIT GUYS: ONLY 3 SEAT LEFT , AND LOOKING FOR SPECIFIC SPECIALIZATIONS (WE HAVE A LOT OF WEB GUY LOL)

reddit.com
u/Legal-Chair5619 — 10 days ago
▲ 50 r/securityCTF+18 crossposts

As inscrições para o CTF LATAM 2026-2 da Fluid Attacks já estão abertas. 🚩

Se você curte segurança ofensiva, CTFs ou simplesmente quer testar suas habilidades contra outros participantes da região, vale a pena dar uma olhada. A competição é online, individual e traz desafios baseados em situações reais de segurança.

Inscrições e mais detalhes:

https://fluidattacks.com/pt/ctf

Alguém daqui vai participar?

u/CyberMKT993 — 11 days ago

Try to breach my P2P file hosting

Hello CTF team,

I've develop a P2P solution to host files instead of hosting files on GDrive.

Here is little context :

- The app is host on GCP using Compute Engine VM.

- I've develop the solution using only few technologies to reduce the exposing surface.

- Here is the flow of a new user used in this project (this flow is when localhost)

https://preview.redd.it/i3676dfala9h1.png?width=1024&format=png&auto=webp&s=466b8533522fc5b842db92bc8f55a49508103239

I don't know if you need more information but your goal is to try to breach my solution and find the flag.

This is the link : https://p2pfs.lun-a.xyz

The flag is a word in a text file that you have to DM me to validate the CTF. This file is in my vault that I securised with a physical key.

I offer a prize of 100$ in BTC if you arrive to DM me the correct word and prove me that my solution isn't safe.

Good luck and thank you to test my solution.

reddit.com
u/waryz184 — 11 days ago

CTF with a big difference — it's a game.

It's not a traditional CTF. There's no scoreboard, no time limit. But there are flags.

We just launched Hacktivity Games, with SAFETYNET Holding Back the ENTROPY, a spy-thriller cyber security escape room built on real VMs. You play an undercover operative for SAFETYNET, countering a criminal organisation called ENTROPY.

Unlike any other hacking game out there, the hacking is real, on live VMs — you can walk up to a PC in the game, and find yourself on a Kali desktop. The CTF-style flags are there — but you'll need to interact with the game world to find the clues to complete each challenge. Flags advance the plot rather than just score you points.

NPCs, branching narrative, and the decisions you make shape how the mission closes. Physical puzzles, lockpicking, RFID cloning, branching NPC dialogue, and a story that reacts to what you do — all gating the technical challenges.

Beginner-friendly entry point, but the series gets progressively more challenging as it unfolds. In-character hints from your handler if you get stuck, but if you are experienced with CTFs you can ignore them and figure it out yourself.

Built on the same infrastructure as Hacktivity, our hands-on cyber security labs platform.

Full disclosure: I'm a cybersecurity academic and the lead developer of Hacktivity (hacktivity.co.uk), a cybersecurity training platform.

More than happy to discuss and answer any questions if you are curious about anything!

Mission 1 is free — sign up and play today.

https://hacktivity.co.uk

Happy hacking!

u/zcliffe — 11 days ago

Completed all OverTheWire Leviathan levels with team Zero Trace (Full Writeup)

My team Zero Trace finished all levels of the Leviathan wargame during our main stage training at RootX. We documented our exact methodology for every level.

Here is the breakdown of the specific concepts we covered:

  • Level 0 to 1: File permissions.
  • Level 1 to 2: SUID analysis and using ltrace for binary exploitation.
  • Level 2 to 3: Bypassing the access() system call check.
  • Level 3 to 4: Cracking passwords using ltrace.
  • Level 4 to 5: Decoding data utilizing CyberChef and Python.
  • Level 5 to 6: Reverse engineering and exploiting symbolic links.
  • Level 6 to 7: Writing Bash and Python scripts for automation and behavioral analysis.

You can read the full writeup here:https://app.notion.com/p/OTW-Leviathan-3851e8562bd080adbbf2ecd50ff6fd09

Thanks to Eng. Asmaa Elsheikh for the technical direction. The team includes Ahmed Samy, Abdelrhman Hussein, Hossam Hassan, Seif Elddien, and myself.

u/waterblade0x — 12 days ago

I built a game where your only goal is to gaslight an AI intern into committing fraud

All I hear, all day long is how AI is taking over everything we do. So I made a game to break it.

Basically, in the game you can chat with an AI intern named PIP, and as a player your only job is to gaslight the bot into revealing passwords, company secrets, executing instructions in email and much more across 16 different levels.

This is a browser based game, so it requires no setup and is absolutely free.

Try it out and let me know how far you get or drop your most unhinged prompt in the comments.

It's called "Break The Prompt" and here's the link: https://www.breaktheprompt.xyz/

reddit.com
u/_rhythmbreaker — 12 days ago

Once my final exams are over,I'm gonna reward myself by grinding CTF challenges every single day until the summer break ends

I LO

VE

CTF!

I DON'T WANT TO WASTE MY TIME IN FINAL WEEKS!

reddit.com
u/CharmingChipmunk2654 — 11 days ago
▲ 14 r/securityCTF+1 crossposts

Buffer Overflow Tutorial for Beginners and new CTF players

If you are new to the world of exploit development and need a solid entry level challenge this week we look at "bof". This is a binary challenge hosted on pwnable[.]kr covering the topic of a Buffer Overflow.

This is what many consider to be their first exploit type written (it was mine), and this particular challenge approaches it in a way you will truly understand how to adapt to situations in which the buffer overflow is not necessarily "vanilla" exploitation.

By the end of this tutorial you should have:

- Learned how to exploit a Buffer Overflow, WITHOUT OVERWRITING THE RETURN ADDRESS!!!
- Learned how to use GDB (raw)
- Learned the basics of hook stops within GDB
- Learned how to approach a CTF challenge with speed or precision (or both depends on what you decide)
- Learned how to find offsets that are small and don't require the use of tooling such as pattern_offset

I wanna thank Center for Cyber Security Training for continuing to help sponsor the channel and their support.

You can find the video here:

https://youtu.be/A-P2bhxzK1Y?si=CcKd2lAZysRaCfCD

u/AdvisorPowerful9769 — 11 days ago