Offical URL: https://picoctf.org/

Highly recommended as anyone's first CTF, picoCTF is a traditional challenge-based competition with a two-week annual competition period that rolls into a year-round accessible learning platform.

CTF events

NameWeight
picoCTF 20220
picoCTF 20210
picoCTF 2020 Mini-Competition0
picoCTF 20190
picoCTF 20180
picoCTF 20170
Related tags: web pwn xss #web x86 php bin crypto stego rop sqli hacking forensics not writeup base64 android perl python scripting mips pcap xor des sha1 fun algo latex cuda rsa penetration testing latex z3 elf bruteforce algebra tmctfquals wifi cracking c++ reverse engineering forensic buffer overflow attacks logic unicode metasploit javascript puzzle technologies programming c debugging engineering security aes arm java js vm system brute exploitation node.js exif misc otp pwnable re organization sql exploit stegano ppc admin pwnables steganography secure-coding things math nodejs obfuscated netflow code-injection coding nothing networking ruby mongodb injection http penetration malware shell cracking pentest msf bash packet analysis ssh ios punchcard tcpdump php comand injection algorithms games windows format-string ai stuff network c64 pentesting guessing social engineering carving websec asm libc string format html network hacking game golf being linux recon wireshark googling social being_confused acm problem solving analysis procrastination noth side-channel figuring privilege escalation rfi sqlinjection lfi fuzzing assembly language burpsuite back kali easy networks mysql pyjail base32 morse image technical basic programming basic security concepts socket assembly factoring code miscellaneous mitm css caesar script password csrf sleeping blind rev optimization bitcoin playfair discord qemu scans servers csharp physics. learning # command bsd systems network securtity ctf nmap tshark backdoor xpath kernel race sparc kali linux beginner crackme hardware maths basic enumeration sysadmin good english oche secuinside pkcs binwalk trendmicroctf fibonacci network analyze csp joe hash vice 6502 smalltalk jwt radare2 homomorphic stegno visual leak based information git robots databases 1 lua webshell network security developing webex bof bufferoverflow clicking binaryexploitation research hex2raw pwning picoctf2017 music picoctf vbscript ollydbg code-analysis it writinglinuxsecuritymodule oshardening foren hardwaresecurity forensic+crypto beer macintosh winning logical linuxbasic flask forgery shellcode overflow shell scripting pwntools - racecondition 0day sqlmap androidsecurity junior hashcat basic sql injection hydra dns nessus cloud radio binexploit rsa-crypto revesing retro machine gdb satellites quantum crack cookies apk null-byte-poisoning ssti osint aes-cbc diffie-hellman nosqli blockchain ethereum regex png reversing impersonation reverse_engineering oscp verilog ropchain use-after-free routing switching type-juggling blackbox cryptography-rsa jit compiler data-recovery strings netcat nc smartcontract shellcoding windbg golang jsp i2c sqlite securtity eat switches routers php-filter websocket aws data structure graphics hex bmp stackcanary attacks buffer login warmup serialization snort vulnerability pytho nxenabled rust crytography ssrf ciphers ret2libc memory angr gif stenography password-cracking programming.algorithm autopsy captcha ocr session statistics cbc #sql timing cipher analysing encoding pie rc4 coppersmith linux exploitation sbox devops rce sourcecode debian heap-overflow ecc wireless tbd force koujiao mon xposed stalking joking. pene phreaking emacs cryptanalysis vigenere python3 htm esoteric-language hexeditor c qrcode lisp googlectf bad cryptography knapsack pickle command_injection gentoo containers macro padding-oracle dreaming pcapng struct reverse ecb hid user-agent scanf match ph escalation zip heap zlib binary gamehacking oscp level pentesting scala one-time-pad corrupt privilege proxy xxd blackberry crt unserialize salsa20 browser cpu emulator script-kitty string-format buffer-overflow formatstring mathematics x-forwarded-for template-injection cybersecurity stega chess aes-ecb oracle lsb scanning bypassfilter blindsqli cobol secret-sharing bitmap v8 fastbin 2018 virtualbox the neverlan octal google_hacking information_gathering discrete-log jailbreak header exiftool babypwn byte-by-byte-decryption cbc-bit-flipping vulnerable-padding syscall eval wat 0ctf blackhole mime exfiltration lsb-oracle lsb-stego one_gadget csp-bypass classic-crypto php-object-injection hooking es6 check-in tcache unintended cache python-exploitation format-strings binary-exploitation webpage-cookies cryptocurrency chinese-remainder euler repairing kubernetes pohlig-hellman cache-poisoning houseoforange integer_overflow general_skills machine_learning pwnbinaryexploitation 800 webexp skills general nop-sled bit-flipping-attack telnet blind-os-command-injection bits-rotation heap-overflow-attacks number_theory wasm history bacon modular-arithmetic memory_dump file_structure esolang zsteg polynomial linear_algebra binary-search client tcache-poisoning reverse-engineering s3 and ghidra got-overwrite ellipticcurve rot usb-keyboard speedrun duktape spectre typescript cpp noreneeded rng 8051 space real rsa-crt waf-bypass schnorr soikeo keygenme houseofpoortho poisonnullbyte dlmalloc rockyou trustzone postman keygen webassembly py upx canary cntr0llz timing-attack exit sequence ascii_shellcode fms dl_fini webctrl cve-2017-9650 web_exploitation desync http-desync-attack permutation group-theory cetus unity webgl swoole beancount guitar vuasoikeo geometry graphql web3 tumbler apollo 15-bit dsky xtce wav-steg polynomials prototypepollution volatiltiy decapsulation private_class_field hangul pico like1000 investigative_reversing_0 investigative webnet webnet1 pyyaml web-exploitation linear-cryptanalysis ropgadget mission wienersattack begginner friendly indepth beginner_friendly turbofan in_depth macros tftp peasy loremipsum picoctf2021#transformation jenkins generalskills picoctf2021 discrete-logarithm json_interoperability extreme cursed kerberoasting delegation firebird airflow cockpit unquotedpath hta ctf_machine mt19937 safari windows-forensics-analysis android-forensics no cve-2017-15804 nested-vms secp256k1 small-d rockstart rockstartprogramminglanguage mus1c 2022 reveng noted bittorrent without_automaticrops pollard-rho backdoor-rsa undefined_behaviour picoctf2022 sleuthkit solana selfxss morsedecode streaming news simic liverpool q's p's pod-racing madrid planetary clinics netflix batman