Up to 60% Off for Students & Emerging Markets - Apply Now

Hands-On Labs

Capture the Flag · Real-World Offensive Security Labs

12Total
4Solved
325Points
Category
Difficulty
SolvedEasy

Banku no Kill Man

Web

A notorious gang leader known as "Banku" has been running a underground marketplace protected by a hastily built login portal. Intelligence suggests the system is vulnerable.

SQL InjectionAuthentication
412 solves
30 min
100pts
Hard

Osimili Returns

Pwn

The Osimili binary is back — and this time it has hardened protections. Classic overflow techniques will not work here. You need to construct a full ROP chain.

Buffer OverflowROP Chain
38 solves
3-4 hrs
500pts
Medium

The Ikenga Protocol

Reverse

Ikenga is a stripped binary that uses anti-debugging tricks to prevent analysis. Reverse-engineer its encryption routine to recover the hidden flag.

x86 AssemblyAnti-Debug
187 solves
1-2 hrs
250pts
SolvedEasy

Deep Packet

Network

A .pcap file was captured from a suspicious network session. Analyse the traffic and reconstruct the exfiltrated data.

WiresharkPCAP
601 solves
20 min
100pts
Medium

Cipher State

Crypto

An RSA-encrypted message and its ciphertext have been intercepted. The server responds differently to valid and invalid padding — a critical oracle.

RSAPadding Oracle
143 solves
1-2 hrs
300pts
Hard

Shadow Manifest

Forensics

A memory image from a compromised workstation. Sensitive data was hidden using steganographic techniques within an image embedded in process memory.

SteganographyMemory Dump
52 solves
2-3 hrs
450pts
LockedInsane

Zero Day Sunset

Pwn

A kernel-level vulnerability in a custom driver. Heap layout manipulation required to achieve privilege escalation. For elite operators only.

Kernel ExploitHeap Feng Shui
7 solves
6+ hrs
1000pts
SolvedEasy

OSINT Ghost

OSINT

A threat actor left digital footprints across public platforms. Using only open-source intelligence, identify their real-world location.

GeolocationSocial Media
844 solves
15 min
75pts
Medium

Oja Market Hack

Web

Oja Market is a local e-commerce clone with multiple classic client-side vulnerabilities. Chain them together to escalate privileges.

XSSCSRF
219 solves
45 min
200pts
Hard

Bit Surgeon

Reverse

An ARM firmware image extracted from an IoT device. Reverse engineer the update validation routine to forge a malicious firmware update.

ARM ArchitectureFirmware
29 solves
3-4 hrs
475pts
Medium

Ntoroko Drift

Network

A simulated LAN environment where you must perform a man-in-the-middle attack to intercept privileged communications.

ARP SpoofingMITM
176 solves
1 hr
225pts
SolvedEasy

Agwu Speaks

Misc

A warmup challenge designed to introduce you to the CyLynk CTF platform. No prior hacking knowledge required.

BeginnerWarmup
1102 solves
10 min
50pts

Not Sure Where to Start?

Start with our easy guided labs.

Begin Here →