Offical URL: https://picoctf.org/

Highly recommended as anyone's first CTF, picoCTF is a traditional challenge-based competition with a two-week annual competition period that rolls into a year-round accessible learning platform.

CTF events

NameWeight
picoCTF 20210
picoCTF 2020 Mini-Competition0
picoCTF 20190
picoCTF 20180
picoCTF 20170
Related tags: web pwn xss #web x86 php bin crypto stego rop sqli hacking forensics not writeup base64 android perl python scripting mips pcap xor sha1 fun latex cuda rsa penetration testing latex z3 elf bruteforce algebra tmctfquals wifi cracking c++ reverse engineering forensic buffer overflow attacks logic unicode metasploit javascript puzzle programming c debugging engineering security aes arm java js system brute exploitation node.js exif misc otp pwnable re organization sql exploit stegano ppc admin steganography secure-coding things math nodejs obfuscated netflow code-injection coding nothing networking ruby mongodb injection http penetration malware shell cracking pentest msf bash packet analysis ssh ios punchcard tcpdump php comand injection algorithms games windows format-string ai stuff network c64 pentesting social engineering carving websec asm string format html network hacking game golf being linux recon wireshark googling social being_confused acm problem solving analysis procrastination side-channel figuring privilege escalation rfi sqlinjection lfi fuzzing assembly language burpsuite back kali easy networks mysql pyjail image basic programming basic security concepts socket assembly code miscellaneous css caesar script password csrf sleeping blind rev playfair discord qemu scans servers csharp physics. learning # command bsd network securtity ctf nmap tshark xpath kernel race sparc kali linux beginner hardware maths enumeration sysadmin good english oche secuinside pkcs binwalk trendmicroctf fibonacci network analyze csp joe hash vice 6502 smalltalk jwt radare2 homomorphic leak based git robots databases 1 lua webshell network security developing webex bof bufferoverflow clicking binaryexploitation hex2raw pwning picoctf2017 music picoctf vbscript code-analysis it writinglinuxsecuritymodule oshardening foren hardwaresecurity macintosh winning logical linuxbasic flask forgery shellcode overflow shell scripting pwntools racecondition sqlmap androidsecurity junior basic sql injection hydra dns nessus radio binexploit rsa-crypto revesing retro machine gdb satellites quantum crack cookies apk null-byte-poisoning ssti osint aes-cbc diffie-hellman blockchain regex png reversing reverse_engineering oscp verilog ropchain use-after-free routing switching type-juggling blackbox cryptography-rsa jit data-recovery strings netcat nc shellcoding golang jsp i2c securtity switches routers php-filter websocket data structure graphics bmp stackcanary attacks buffer login warmup serialization snort vulnerability pytho nxenabled rust crytography ssrf ciphers ret2libc memory angr gif stenography password-cracking captcha ocr session cbc timing cipher analysing pie rc4 linux exploitation devops rce sourcecode debian heap-overflow ecc wireless tbd force koujiao mon stalking joking. pene phreaking emacs cryptanalysis vigenere htm esoteric-language hexeditor c lisp googlectf cryptography pickle command_injection gentoo containers macro padding-oracle dreaming pcapng struct reverse ecb hid user-agent scanf match ph escalation heap zlib binary gamehacking oscp level pentesting scala one-time-pad corrupt privilege proxy xxd blackberry crt unserialize salsa20 browser cpu emulator string-format buffer-overflow formatstring x-forwarded-for stega aes-ecb oracle lsb scanning bypassfilter blindsqli cobol secret-sharing bitmap v8 fastbin 2018 neverlan octal google_hacking information_gathering discrete-log jailbreak header exiftool babypwn byte-by-byte-decryption cbc-bit-flipping vulnerable-padding syscall eval wat 0ctf blackhole mime exfiltration lsb-stego one_gadget csp-bypass classic-crypto php-object-injection hooking es6 check-in tcache unintended cache python-exploitation format-strings binary-exploitation webpage-cookies chinese-remainder euler repairing kubernetes pohlig-hellman cache-poisoning houseoforange integer_overflow general_skills machine_learning pwnbinaryexploitation 800 webexp skills general nop-sled bit-flipping-attack telnet blind-os-command-injection bits-rotation heap-overflow-attacks wasm history modular-arithmetic memory_dump file_structure esolang zsteg polynomial linear_algebra binary-search client tcache-poisoning ellipticcurve rot usb-keyboard speedrun duktape spectre typescript cpp noreneeded rng 8051 space rsa-crt waf-bypass soikeo keygenme houseofpoortho poisonnullbyte dlmalloc rockyou trustzone keygen webassembly canary timing-attack web_exploitation desync http-desync-attack permutation group-theory swoole beancount guitar vuasoikeo geometry polynomials decapsulation private_class_field hangul pico like1000 investigative_reversing_0 investigative webnet webnet1 begginner friendly indepth beginner_friendly turbofan in_depth macros tftp peasy picoctf2021#transformation generalskills picoctf2021