Offical URL: https://picoctf.com/

Highly recommended as anyone's first CTF, picoCTF is a traditional challenge-based competition with a two-week annual competition period that rolls into a year-round accessible learning platform.

CTF events

NameWeight
picoCTF 20190
picoCTF 20180
picoCTF 20170
Related tags: web pwn xss #web x86 php crypto stego rop sqli hacking forensics writeup base64 android perl python scripting mips pcap xor sha1 fun latex cuda rsa penetration testing latex z3 elf bruteforce algebra tmctfquals wifi cracking c++ reverse engineering forensic buffer overflow attacks logic unicode metasploit javascript puzzle programming c engineering security aes arm java js system brute exploitation node.js misc pwnable re organization sql exploit stegano ppc admin steganography secure-coding things math nodejs obfuscated netflow coding nothing networking ruby mongodb injection http penetration malware shell cracking pentest bash packet analysis ios php comand injection algorithms games windows format-string ai stuff network c64 pentesting social engineering carving asm string format html network hacking game golf being linux recon wireshark googling social being_confused acm problem solving analysis procrastination side-channel figuring privilege escalation rfi sqlinjection lfi fuzzing assembly language back easy networks mysql pyjail image basic programming basic security concepts socket assembly code miscellaneous css caesar script password csrf sleeping blind rev scans servers csharp physics. learning # bsd network securtity nmap tshark kernel race sparc kali linux beginner enumeration sysadmin good oche secuinside pkcs binwalk trendmicroctf network analyze csp joe hash vice 6502 smalltalk jwt radare2 based robots databases 1 lua network security developing webex bof bufferoverflow clicking binaryexploitation hex2raw pwning picoctf2017 music picoctf vbscript code-analysis it writinglinuxsecuritymodule oshardening foren hardwaresecurity macintosh winning logical linuxbasic flask forgery shellcode overflow shell scripting pwntools racecondition sqlmap junior basic sql injection hydra dns nessus binexploit rsa-crypto revesing retro machine gdb satellites quantum crack cookies apk null-byte-poisoning ssti osint aes-cbc diffie-hellman blockchain regex png reversing reverse_engineering oscp use-after-free routing switching type-juggling blackbox cryptography-rsa data-recovery strings netcat nc shellcoding golang switches routers php-filter websocket data structure graphics stackcanary attacks buffer login warmup serialization snort vulnerability pytho nxenabled crytography ssrf ciphers memory angr gif stenography password-cracking captcha ocr session cbc timing cipher pie rc4 linux exploitation devops rce sourcecode debian ecc wireless tbd force koujiao mon stalking joking. pene phreaking emacs cryptanalysis vigenere htm esoteric-language hexeditor c googlectf cryptography command_injection containers macro dreaming pcapng struct reverse ecb hid user-agent scanf match ph heap binary gamehacking oscp level pentesting one-time-pad proxy xxd blackberry unserialize cpu string-format buffer-overflow formatstring x-forwarded-for stega aes-ecb lsb bypassfilter blindsqli secret-sharing fastbin 2018 neverlan octal google_hacking information_gathering discrete-log jailbreak header byte-by-byte-decryption cbc-bit-flipping vulnerable-padding syscall eval wat 0ctf blackhole mime exfiltration lsb-stego csp-bypass classic-crypto php-object-injection hooking es6 check-in tcache cache python-exploitation format-strings binary-exploitation webpage-cookies chinese-remainder euler kubernetes pohlig-hellman houseoforange integer_overflow general_skills machine_learning pwnbinaryexploitation 800 webexp skills general nop-sled bit-flipping-attack telnet blind-os-command-injection bits-rotation heap-overflow-attacks history modular-arithmetic memory_dump file_structure esolang linear_algebra client ellipticcurve rot usb-keyboard cpp rng space waf-bypass soikeo houseofpoortho poisonnullbyte dlmalloc rockyou trustzone canary timing-attack web_exploitation desync http-desync-attack permutation group-theory swoole beancount guitar vuasoikeo geometry