Challenges

Clear
All 138 Web 14 Pwn 11 Crypto 11 Forensics 11 Rev 10 Misc 11 OSINT 10 network 11 Mobile 14 Cloud 14 web3 12 Linux 9
OSINT Easy

EXIF + Reverse Image Search Chain

A journalist posted a photo online. The EXIF GPS data was stripped — but the photo's unique features (a distinctive mural + partial street sign) allow geolocation. Find the exact street address using reverse image search and street view. The flag is aSEC{StreetName_CityName} in lowercase with underscores.

150 pts
OSINT Easy

Username Hunt

Find a threat actor's public profiles using their username 'h4ck3rj0hn_ctf'. The flag is in their GitHub README.

100 pts
4 solves 🩸
OSINT Medium

Certificate Transparency OSINT

A threat actor registered a typosquatting domain. Using certificate transparency logs, find all subdomains of 'acmec0rp.com' (note the zero). One subdomain hosts a login portal — its /robots.txt contains the flag.

300 pts
OSINT Medium

Email Investigation

Analyze email headers and decode the base64-encoded flag hidden in the message body.

300 pts
4 solves 🩸
OSINT Medium

Geolocation

GPS coordinates from photo EXIF data point to a Paris cafe near the Eiffel Tower (7th arrondissement).

200 pts
4 solves 🩸
OSINT Medium

Social Media OSINT

A hacker with username "cyb3rgh0st2025" has been identified. Use OSINT techniques to gather information about them and find the flag hidden in their public profiles.

250 pts
10 solves 🩸
OSINT Medium

Wayback Machine Code Leak

A startup's website (acmestartup.io) was taken down after a security incident. The Web Archive captured several snapshots. One snapshot from 2023-08-14 includes an exposed /api/config endpoint that returned a JSON response containing an internal API key. That key is the flag.

250 pts
OSINT Hard

Shodan + CVE Fingerprint

A company (acme-iot.com) runs an industrial control system exposed to the internet. Using Shodan, find their public ICS device. It runs a vulnerable version of a SCADA web interface. Identify the exact CVE number for the authentication bypass in that version. The flag is aSEC{CVE-YYYY-XXXXX}.

400 pts
2 solves 🩸
OSINT Hard

Social Media Trail

Combine 4 key fragments found across Twitter, LinkedIn, GitHub Gist, and Reddit to form the flag.

400 pts
4 solves 🩸
OSINT Insane

Deep Dive

Multi-source OSINT: WHOIS + certificate transparency + DNS history + Wayback Machine. Find archived page with flag.

500 pts
5 solves 🩸