Offical URL:

X-MAS CTF is the competition organized by HTsP with the purpose of learning and having fun while solving jeopardy-style challenges.

We welcome both beginners and experienced players alike! Hope you will have a great time and we wish you a Merry Christmas!

(All of the challenges are written by HTsP members)

CTF events

X-MAS CTF 20200
X-MAS CTF 201924.17
X-MAS CTF 20180.00
X-MAS CTF 201824.17
Related tags: web pwn xss #web php crypto stego rop sqli hacking forensics base64 android perl python scripting mips xor des sha1 algo rsa bruteforce c++ reverse engineering forensic metasploit javascript programming c engineering security aes java js go vm random exploitation misc pwnable re sql joy exploit ppc steganography secure-coding math attack coding nothing networking prng injection malware shell bash programing ios algorithms format-string ai network collision john pentesting guessing social engineering libc patient linux hash-collision recon wireshark analysis ida fuzzing burpsuite sql injection mysql image factoring code miscellaneous phpsessionid css csrf sleeping blind rev discord learning ctf xpath kernel hardware enumeration student frida scapy volatility hash jwt radare2 git databases lua jail bof bufferoverflow emails binaryexploitation pwning ollydbg it flask packet shellcode overflow pwntools bot jquery superstitions decryption vulnerability analysis rsa-crypto revesing retro gdb dos quantum algorithm qr ssti osint shellscript reversing reverse_engineering ropchain fmtstr cryptography-rsa emulation netcat nc tcp tcpip windbg heap-feng-shui electronics substitution dynamic md5 attacks buffer warmup rust crytography ssrf ret2libc angr pdf timing cipher rabin devops lcg apache2 php7 heap-overflow path-traversal wireless cryptanalysis python3 graphs c printf lisp cryptography stack pickle suisse-switzerland reverse heap binary drugs audacity rot13 crt gauss tv watching emulator rsa-like applicative sniffing lattice matrix fault scanning v8 the steghide disassembly stackoverflow eval libc_database one_gadget brainfuck csp-bypass popad mmap anti-debug ransomware unintended python2 chinese-remainder memory_dump file_structure cve polynomial oob arm32 iot 1day / oeis function modular vector sanity check hexedit nim scraping xxe linker ucucuga ripper encryptctf kml rsa-crt trustzone role image-processing reverseengineering blind-sqli or-injection firebase glibc-2.32 okamoto-uchiyama gosuha mobile_reverse frequency-analyzing pwnscripts webexploitation paths matrices walks exponentiation adjacency map_fixed waiting_for_sixteen_hours redirection bgblink pokemon_character