Welcome to the Beta Threatsurface.io Capture the Flag!
Rules and Hints
- Explicit Scope:
- Use reasonable rate limits, content is implied in known directories and discoverable with modest path/file iteration. Large lists such as Seclists are not necessary. Instead pay attention to context of other content
- Abusive usage of tools, testing outside the explit scope above, or any activities deemed knowingly outside the intent of the CTF event
will result in account and IP bans
- Most flags are in the form of: Flag-N:value where N is the challenge number, some obvious ones are not to prevent string searching; flags may be turned in with or without the prefix
- The scoreboard has comments on the flags and hints for sale with points, if you need a little push
- Each section of the site suggests various potential vulnerabilities, be creative and inquisitive! There's a lot more going on than a few simple pages you see above ranging from easy to a bit more work
- Feel free to help each other but please do not share flags
- Use the source, Luke...
- Render unto view the things that are view: