Offical URL:

X-MAS CTF is the competition organized by HTsP with the purpose of learning and having fun while solving jeopardy-style challenges.

We welcome both beginners and experienced players alike! Hope you will have a great time and we wish you a Merry Christmas!

(All of the challenges are written by HTsP members)

CTF events

X-MAS CTF 202224.42
X-MAS CTF 2021 Second Weekend23.56
X-MAS CTF 2021 First Weekend23.56
X-MAS CTF 20200
X-MAS CTF 201924.17
X-MAS CTF 20180.00
X-MAS CTF 201824.17
Related tags: web pwn xss #web php crypto stego rop sqli hacking forensics base64 android perl python scripting mips pcap xor des sha1 algo rsa elf bruteforce c++ reverse engineering forensic metasploit javascript programming c engineering security aes java js go vm rand random exploitation misc pwnable re mobile sql joy exploit stegano ppc steganography secure-coding math attack coding nothing networking prng injection malware shell bash programing ios algorithms format-string ai network collision john pentesting guessing social engineering websec libc patient linux hash-collision recon wireshark social analysis ida fuzzing burpsuite intro sql injection mysql pyjail image factoring bitflipping code miscellaneous phpsessionid css caesar csrf sleeping blind rev biology discord learning ctf xpath kernel aes-ctr hardware enumeration student frida scapy volatility hash jwt radare2 audio git databases lua jail bof bufferoverflow emails binaryexploitation pwning ollydbg it flask packet shellcode overflow pwntools srop bot jquery superstitions decryption vulnerability analysis dns radio rsa-crypto revesing retro off-by-one gdb dos quantum algorithm qr ssti solidity osint blockchain ethereum shellscript reversing reverse_engineering verilog ropchain fmtstr curl cryptography-rsa emulation netcat nc smartcontract logs tcp tcpip windbg heap-feng-shui electronics substitution dynamic md5 attacks buffer warmup rust crytography ssrf ret2libc angr pdf timing cipher rabin devops lcg apache2 php7 heap-overflow path-traversal wireless cryptanalysis vigenere python3 graphs c printf lisp cryptography stack pickle suisse-switzerland reverse seccomp heap binary drugs audacity rot13 crt gauss tv watching emulator rsa-like applicative sniffing lattice fpga matrix fault scanning v8 the steghide disassembly stackoverflow doublefree eval libc_database one_gadget brainfuck csp-bypass popad search mmap anti-debug ransomware unintended python2 chinese-remainder pyc youtube memory_dump file_structure cve polynomial oob arm32 iot 1day / oeis function modular vector sanity check hexedit nim scraping xxe tcache-poisoning reverse-engineering inspect-element linker ucucuga ripper encryptctf kml smart-contract rsa-crt trustzone role image-processing reverseengineering blind-sqli or-injection shazam firebase bluetooth glibc-2.32 okamoto-uchiyama gosuha mobile_reverse frequency-analyzing pwnscripts webexploitation paths matrices walks exponentiation adjacency map_fixed waiting_for_sixteen_hours redirection bgblink pokemon_character stack-pivot integer-overflow native-library mariadb reentracy