Beta Ongoing Threatsurface.io Capture the Flag!


If you have any general questions or issues accessing the related systems please contact @digitalwoot on Twitter. We hope you enjoy the humor, challenges, and recorded discussion!

Rules and Hints

  • Explicit Scope:

    1. https://ctf.threatsurface.io
    2. wargames.threatsurface.io:9111

  • Take care to avoid deliberate interuption of CTF services, e.g.

    1. Use reasonable rate limits, content is implied in known directories and discoverable with modest path/file iteration. Large lists such as Seclists are not necessary. Instead pay attention to context of other content
    2. Abusive usage of tools, testing outside the explit scope above, or any activities deemed knowingly outside the intent of the CTF event will result in account and IP bans

  • A few pointers...

    • Most flags are in the form of: Flag-N:value where N is the challenge number, some obvious ones are not to prevent string searching; flags may be turned in with or without the prefix
    • The scoreboard has comments on the flags and hints for sale with points, if you need a little push
    • Each section of the site suggests various potential vulnerabilities, be creative and inquisitive! There's a lot more going on than a few simple pages you see above ranging from easy to a bit more work
    • Feel free to help each other but please do not share flags
    • Use the source, Luke...
    • Render unto view the things that are view:

CTFd Scoreboard and Prior Event Streams


Help Wanted
Interested in helping with challenges or making the site look nice* yet still performant?
* - We're not designers... ;)