Offical URL:

Highly recommended as anyone's first CTF, picoCTF is a traditional challenge-based competition with a two-week annual competition period that rolls into a year-round accessible learning platform.

CTF events

picoCTF 20190
picoCTF 20180
picoCTF 20170
Related tags: web pwn xss #web x86 php crypto stego rop sqli hacking forensics writeup base64 android perl python scripting mips pcap xor sha1 fun latex cuda rsa penetration testing latex z3 elf bruteforce algebra tmctfquals wifi cracking c++ reverse engineering forensic buffer overflow attacks logic unicode metasploit javascript puzzle programming c engineering security aes arm java js system brute exploitation node.js misc pwnable re organization sql exploit stegano ppc admin steganography secure-coding things math nodejs obfuscated netflow coding nothing networking ruby mongodb injection http penetration malware shell cracking pentest bash packet analysis ios php comand injection algorithms games windows format-string ai stuff network c64 pentesting social engineering carving asm string format html network hacking game golf being linux recon wireshark googling social being_confused acm problem solving analysis procrastination figuring privilege escalation rfi sqlinjection lfi fuzzing assembly language back easy networks mysql pyjail image basic programming basic security concepts socket assembly code miscellaneous css caesar script password csrf sleeping blind rev scans servers csharp physics. learning # bsd network securtity nmap tshark kernel race kali linux beginner enumeration sysadmin good oche secuinside pkcs binwalk trendmicroctf network analyze csp joe hash vice 6502 smalltalk jwt radare2 based robots databases 1 lua network security developing webex bof bufferoverflow clicking binaryexploitation hex2raw pwning picoctf2017 picoctf vbscript code-analysis it writinglinuxsecuritymodule oshardening hardwaresecurity macintosh winning logical linuxbasic flask forgery shellcode overflow shell scripting pwntools racecondition sqlmap junior basic sql injection hydra dns nessus binexploit rsa-crypto revesing machine gdb crack cookies null-byte-poisoning ssti osint aes-cbc diffie-hellman blockchain regex png reversing reverse_engineering oscp use-after-free routing switching type-juggling blackbox cryptography-rsa data-recovery strings netcat nc shellcoding golang switches routers data structure graphics stackcanary attacks buffer login warmup serialization snort vulnerability pytho nxenabled crytography ssrf ciphers angr gif password-cracking captcha ocr session cbc cipher rc4 linux exploitation devops rce sourcecode debian ecc wireless tbd force koujiao mon stalking joking. pene phreaking emacs cryptanalysis vigenere htm esoteric-language hexeditor c googlectf cryptography command_injection containers macro dreaming struct reverse ecb hid user-agent scanf match ph heap binary gamehacking oscp level pentesting proxy xxd blackberry string-format buffer-overflow formatstring x-forwarded-for stega aes-ecb lsb bypassfilter blindsqli secret-sharing fastbin 2018 neverlan google_hacking information_gathering discrete-log header byte-by-byte-decryption cbc-bit-flipping vulnerable-padding syscall eval wat 0ctf blackhole mime exfiltration lsb-stego csp-bypass php-object-injection hooking es6 check-in tcache python-exploitation format-strings binary-exploitation webpage-cookies chinese-remainder euler kubernetes pohlig-hellman houseoforange integer_overflow general_skills machine_learning pwnbinaryexploitation 800 webexp skills general nop-sled bit-flipping-attack telnet blind-os-command-injection bits-rotation heap-overflow-attacks modular-arithmetic file_structure linear_algebra client ellipticcurve rot rng houseofpoortho poisonnullbyte dlmalloc rockyou web_exploitation desync http-desync-attack permutation group-theory