In honor of social distancing, I will be hosting a remote quarantine CTF Thursday, April 2nd, 2020 from 6:00-9:00 PST. The CTF is completely free and presents five different web application security challenges. You can easily register here to secure your spot!
Any way that you can find the flag is valid in my book. That being said, I do have a few requests:
Brute forcing passwords is not the intended route for any of the boxes.
CTFD is the framework that’s being used to host the CTF so there is a scoreboard, flag submission, etc.
Fuzzing is definitely in scope, but please be mindful of how many requests are being sent every second. I’m not sure how much CTFD’s infrastructure can handle.
If you find an unintentional bug (I’m sure there are plenty), kudos! I would love to hear about it once I post the solutions/containers after the CTF has ended.
Overall, I would consider the CTF to be focused on beginner-level web exploitation techniques. There are however some slightly harder challenges.
The objective of the CTF is to have fun and give everyone constructive things to do while we are all stuck at home.