Offical URL:

Highly recommended as anyone's first CTF, picoCTF is a traditional challenge-based competition with a two-week annual competition period that rolls into a year-round accessible learning platform.

CTF events

picoCTF 20220
picoCTF 20210
picoCTF 2020 Mini-Competition0
picoCTF 20190
picoCTF 20180
picoCTF 20170
Related tags: macro java python vbscript obfuscated #web stuff figuring javascript privilege escalation rfi sqlinjection lfi fuzzing problem solving linux reverse engineering sleeping shell code binexploit php network analyze stego clicking nothing acm forensics c++ networking being game c recon lua css coding crypto c math html back code-analysis perl puzzle programming penetration testing exploitation asm writinglinuxsecuritymodule oshardening exploit hardwaresecurity hacking shellcode ph pytho winning macintosh logic pico engineering binary reversing #sql android webex pwn algorithms node.js crytography network hacking network security formatstring scanf struct security ai assembly language servers it switches routers webnet pentest windows wireshark mysql shell scripting sqli nessus latex netflow latex match nmap string regex hash crack web bash # penetration re not pentesting tbd network admin brute force koujiao social mon logical steganography stegano organization good base64 being_confused carving basic security concepts basic programming rop googling basic sql injection buffer overflow attacks algebra bruteforce oscp stalking joking. secure-coding php comand injection sqlmap scripting social engineering csrf linux exploitation data structure blackberry misc pwnable bufferoverflow metasploit networks radare2 snort kali linux pene phreaking elf emacs switching system wireless routing debian sysadmin network securtity devops wifi cracking htm games procrastination databases ios technologies flask gamehacking things learning cryptanalysis oscp level pentesting enumeration scans packet analysis dreaming vulnerability bsd binaryexploitation reverse jsp csharp png cracking x86 analysis malware xor xss hydra password-cracking pcap ruby cuda linuxbasic script-kitty bad miscellaneous zip programming.algorithm cryptography systems git guessing tcpdump z3 6502 c64 vice esoteric-language rsa mips golang pwning cryptography-rsa picoctf pwntools socket netcat string-format nodejs js blind forensic xxd hid diffie-hellman forgery racecondition hex2raw picoctf2017 format gif strings pyjail binary-exploitation format-strings cbc smalltalk jwt ppc privilege escalation scala english webshell kali ctf gentoo reverse_engineering proxy bin hardware rev graphics msf analysing securtity rce googlectf easy joe session csp osint password trendmicroctf tmctfquals pkcs secuinside oche code-injection rust scanning technical xposed sql injection forensic+crypto beginner angr format-string stackcanary nxenabled data-recovery fun - stegno http assembly writeup hashcat information pwnables eat vm visual basic writing physics. developing lsb google_hacking information_gathering neverlan sha1 encoding heap ocr vulnerable-padding byte-by-byte-decryption cbc-bit-flipping buffer-overflow aes-cbc syscall mongodb sourcecode header x-forwarded-for wat tshark 2018 0ctf blackhole mime exfiltration dns type-juggling script vigenere cipher eval reverse-engineering cybersecurity maths nc unicode ecc csp-bypass es6 check-in arm rc4 python-exploitation junior euler chinese-remainder stega hooking kubernetes ssrf containers blackbox machine heap-overflow-attacks fastbin integer_overflow general_skills machine_learning aes-ecb buffer rsa-crypto pwnbinaryexploitation webpage-cookies cookies robots user-agent lsb-stego 800 webexp general skills captcha nop-sled use-after-free bit-flipping-attack telnet ssti ciphers blind-os-command-injection command_injection blindsqli bits-rotation bof gdb binwalk attacks overflow client login kernel dlmalloc androidsecurity websec caesar rot radio oracle fibonacci usb-keyboard speedrun duktape wasm timing shellcoding unintended spectre heap-overflow tcache-poisoning ellipticcurve ropchain one_gadget leak ret2libc cobol punchcard research noreneeded verilog 8051 i2c python3 image hexeditor null-byte-poisoning houseoforange tcache houseofpoortho poisonnullbyte ecb aes php-object-injection rockyou based revesing rng serialization beer ascii_shellcode fms statistics otp morse bacon sequence postman exit dl_fini template-injection cve-2017-9650 webctrl lsb-oracle factoring modular-arithmetic race blockchain 1 web_exploitation desync http-desync-attack secret-sharing coppersmith golf file_structure warmup pohlig-hellman number_theory permutation group-theory linear_algebra cetus unity webgl discrete-log bypassfilter one-time-pad quantum side-channel cpu cache swoole unserialize beancount jailbreak apk waf-bypass guitar music cpp soikeo vuasoikeo pcapng space octal history retro satellites geometry esolang classic-crypto foren algo websocket sparc graphql base32 hex cryptocurrency web3 ethereum tumbler qrcode cntr0llz dsky 15-bit apollo timing-attack xtce canary pie stenography memory_dump memory trustzone wav-steg php-filter pickle private_class_field decapsulation typescript cache-poisoning discord babypwn polynomials hangul padding-oracle binary-search like1000 investigative_reversing_0 investigative webnet1 emulator jit simic salsa20 zlib begginner friendly indepth beginner_friendly burpsuite browser v8 turbofan qemu in_depth macros zsteg playfair tftp peasy keygen homomorphic rsa-crt xpath webassembly picoctf2021#transformation command generalskills ssh exif exiftool repairing corrupt bitmap bmp keygenme polynomial crt picoctf2021 crackme pyyaml chess extreme cursed kerberoasting delegation s3 aws cloud impersonation airflow jenkins firebird cockpit unquotedpath nosqli hta virtualbox ctf_machine mission schnorr mt19937 volatiltiy prototypepollution json_interoperability safari got-overwrite libc sbox windows-forensics-analysis android-forensics no py sqlite cve-2017-15804 linear-cryptanalysis nested-vms 0day loremipsum bitcoin secp256k1 discrete-logarithm knapsack windbg smartcontract small-d wienersattack rockstart rockstartprogramminglanguage mus1c reveng bittorrent ropgadget web-exploitation 2022 backdoor noted ghidra without_automaticrops upx backdoor-rsa pollard-rho compiler undefined_behaviour mitm des optimization mathematics picoctf2022 sleuthkit autopsy solana selfxss morsedecode news liverpool and q's p's pod-racing madrid real planetary babysfirst minecraft baby printf misc200 object-pascal inconsistencies smart-contracts smart-contract ecrecover happynewyear manchester ook medium