Offical URL: https://xmas.htsp.ro/

X-MAS CTF is the competition organized by HTsP with the purpose of learning and having fun while solving jeopardy-style challenges.

We welcome both beginners and experienced players alike! Hope you will have a great time and we wish you a Merry Christmas!

(All of the challenges are written by HTsP members)

CTF events

NameWeight
X-MAS CTF 2021 Second Weekend23.56
X-MAS CTF 2021 First Weekend23.56
X-MAS CTF 20200
X-MAS CTF 201924.17
X-MAS CTF 20180.00
X-MAS CTF 201824.17
Related tags: web pwn xss #web php crypto stego rop sqli hacking forensics base64 android perl python scripting mips pcap xor des sha1 algo rsa bruteforce c++ reverse engineering forensic metasploit javascript programming c engineering security aes java js go vm random exploitation misc pwnable re sql joy exploit stegano ppc steganography secure-coding math attack coding nothing networking prng injection malware shell bash programing ios algorithms format-string ai network collision john pentesting guessing social engineering websec libc patient linux hash-collision recon wireshark social analysis ida fuzzing burpsuite sql injection mysql image factoring code miscellaneous phpsessionid css csrf sleeping blind rev biology discord learning ctf xpath kernel hardware enumeration student frida scapy volatility hash jwt radare2 audio git databases lua jail bof bufferoverflow emails binaryexploitation pwning ollydbg it flask packet shellcode overflow pwntools srop bot jquery superstitions decryption vulnerability analysis radio rsa-crypto revesing retro off-by-one gdb dos quantum algorithm qr ssti solidity osint blockchain ethereum shellscript reversing reverse_engineering verilog ropchain fmtstr curl cryptography-rsa emulation netcat nc smartcontract logs tcp tcpip windbg heap-feng-shui electronics substitution dynamic md5 attacks buffer warmup rust crytography ssrf ret2libc angr pdf timing cipher rabin devops lcg apache2 php7 heap-overflow path-traversal wireless cryptanalysis python3 graphs c printf lisp cryptography stack pickle suisse-switzerland reverse heap binary drugs audacity rot13 crt gauss tv watching emulator rsa-like applicative sniffing lattice fpga matrix fault scanning v8 the steghide disassembly stackoverflow doublefree eval libc_database one_gadget brainfuck csp-bypass popad search mmap anti-debug ransomware unintended python2 chinese-remainder youtube memory_dump file_structure cve polynomial oob arm32 iot 1day / oeis function modular vector sanity check hexedit nim scraping xxe tcache-poisoning linker ucucuga ripper encryptctf kml smart-contract rsa-crt trustzone role image-processing reverseengineering blind-sqli or-injection shazam firebase bluetooth glibc-2.32 okamoto-uchiyama gosuha mobile_reverse frequency-analyzing pwnscripts webexploitation paths matrices walks exponentiation adjacency map_fixed waiting_for_sixteen_hours redirection bgblink pokemon_character stack-pivot reentracy