KITCTF

We like to hack things, all the things.
Toots and typos by @95p
and @intrigus

2025-07-01

We've just published our report on flag sharing during GPN CTF 2025!

Sadly, we had to investigate 53 incidents of flag sharing which was possible because we used dynamic, team-specific flags.

Read the full breakdown of our findings and methodology: kitctf.de/gpnctf-23/gpn-ctf-fl

#GPN23 #ctf

An adaption of the four panel gru meme (https://knowyourmeme.com/memes/grus-plan)
Frame #1: Build dynamic flags
Frame #2: detect cheating in your ctf
Frame #3: 53 hits
Frame #4: 53 hits
2025-06-29

We had a lot off fun playing this year's Google CTF in a spontaneous merger with @fluxfingers
Somehow we qualified for the finals 🎉.
Thank you for such a great CTF @googlevrp
GG to all teams and see you in Mexico!

The scoreboard of google ctf.
FluxKITtens :3 is placed 6th.
Place
Name
Flags Captured
Score
1
Friendly Maltese Citizens
30
7659
2
Kalmarunionen
28
6903
3
SLICES
28
6520
4
Zer0RocketWrecks
27
6509
5
DiceGang
26
6256
6
FluxKITtens :3
25
5968
7
Maple Mallard Magistrates
25
5879
8
Stockholm Syndrome
25
5793
9
kijitora
24
5539
10
pasten
23
5426
11
C4T BuT S4D
24
5345
12
GMO Ierae
23
5183
13
Blue Water
22
4883
14
justCatTheFish
21
4803
15
r3kapig
21
4538
16
MEPhI CTF
20
4284
KITCTF boosted:
2025-06-26

New writeup for @KITCTF 's GPN CTF 2025, "Honeypot" reversing challenge by @dnlptr: Playing labyrinth with my scheduler or; having fun with eBPF syscall hooks.
pwn-la-chapelle.eu/posts/gpn20

2025-06-25

Our intro ctf ends today 😮
Place 🥉 looks very tight so submit those last flags!
We'll also talk about last week's GPN CTF: the good, the bad, and the ugly parts of organizing it.
Thursday, 7 pm in the KIT CS building (50.34), room -120.

The scoreboard of our intro ctf:
Place 	User 	Score
1 	uxxct 	9046
2 	liba 	4971
3 	fea 	3666
4 	flori 	3217
5 	tobi 	3028
KITCTF boosted:
2025-06-23

New writeup for @KITCTF 's GPN CTF 2025, "Paranoid" crypto challenge by doriank: LCG break via Babai's algorithm into nonce-reuse attack.
pwn-la-chapelle.eu/posts/gpn20

2025-06-21

We would also like to thank our main and prize sponsor: @GitHubSecurityLab - their mission is to inspire and enable the community to secure the open source software we all depend on.

We would like to thank our writeup sponsor:Zellic
- they hire and apply top CTF talent to the world's most critical security problems, specializing in securing blockchain companies and smart contract protocols.

And finally, no event would work without an infrastructure sponsor: #telemaxx- they are a Karlsruhe-based provider of state-of-the-art data center, housing, managed and telecommunications services for business customers. telemaxx.de/en/

2025-06-21

Congratulations to the winners of this year's GPN CTF:
🥇 "Platypwnies" (platypwnies.de)
🥈 "RubiyaLab" (rubiyalab.team)
🥉 @valgrindctf
(valgrindc.tf)
We hope everyone had fun with our challenges, and we'll see you all again 🚀
#gpn #gpn23 #ctf

2025-06-20

GPN CTF 23 at @gulasch is now live and will run for 36 hours!
Come play our challenges.
==> gpn23.ctf.kitctf.de/ <==
If you're on-site, say hello! (opposite the μPOC)
#gpn #gpn23 #ctf

The KITCTF mascot in front of a monopoly game.
2025-06-03

Our “getting started talk series” is coming to a close!
This Thursday, @s1nn105 will conclude it with his talk about cryptography. 7pm -102, 50.34

2025-06-01

Hey, GPN CTF is back!

Can you break the CTF monopoly? The only property worth owning is the top spot on our CTF leaderboard. 'Go to jail' is just a chroot jail away, play online or on-site at @gulasch Friday, 20th of June 2025 10:00 UTC!
More info: gpn23.ctf.kitctf.de
#GPN23 #GPN #ctf

A monopoly board with common CTF categories instead of streets.
"Collect all the flags in GPN CTF 2025"
"Hosted by KITCTF"
2025-05-21

After learning how to reverse engineer binaries, @Ordoviz will continue on this Thursday with an introduction on how to pwn them (binary exploitation). 7pm -101, 50.34

2025-05-15

After a week of web exploitation (and almost all challenges being solved), it is time to descend to the binary level and add reverse engineering into the mix.
@ik0ri4n will get you started with his talk on Thursday, 7 pm in the KIT CS building (50.34), room -101.

Place 	User 	Score
1 	uxxct 	2335
2 	liba 	2068
3 	flori 	1768
4 	Jonathan 	1143
5 	Yarkar 	1135
6 	tobi 	1135
7 	annaaurora 	868
8 	phil 	651
9 	fea 	643
10 	neolium 	642
KITCTF boosted:
2025-05-07

Last year I played Realworld CTF and solved "Protected by JavaSE" together with I-Al-Istannen.
We exploited XXE in @github's CodeQL using the unintended CVE-2024-25129.
I wrote about the (un)intended solution and how to use CodeQL to find bugs in CodeQL 😂
intrigus.org/research/2025/05/

2025-05-05

Want to get into CTFs? Our “getting started talk series” is a great opportunity to do that. Come by every Thursday at 7 pm in the KIT CS building (50.34), room **-101**.
We will start with an intro into CTFs and web hacking on the 8th of May.
More info: kitctf.de/intro/

2025-02-19

This Thursday, @intrigus will present the results of his master's thesis on bounded verification of the range analysis in v8's Turboshaft engine.
As always, 7pm -120, 50.34

2025-02-10

We played LA CTF by Psi Beta Rho of UCLA and got 7th place.

Lots of fun challenges from kernel pwn to minecraft datapack reversing.
Thanks for hosting and until next time :)

#	Team	Points
1	idek	17285
2	infobahn	14440
3	no rev/pwn no life	14411
4	S1uM4i	14355
5	L3ak	12552
6	Project osu!lazer	12158
7	KITCTF	11322
8	The Flat Network Society	10900
9	Maple Bacon	10816
10	b01lers	10756
2025-02-10

This Thursday, we're excited to have @momo5502 give us a deep dive into Windows user-space emulation.
As always, 7pm -120, 50.34

Emulator architecture overview

x86/x64 CPU Emulation Layer
depends on
OS Awareness Layer
depends on
PE Loader
Memory
Syscalls
Exceptions
Threads

Debugger
State Manager
2025-02-06

Today finn will present "~~fun~~ with web4", an introduction to web3.
As usual, 7pm -120, 50.34

2024-12-12

Today, we'll look at two OS topics. misterpine will present "sched_ext; Scheduling with eBPF" and rizecookey will introduce us to Windows on ARM. As always, 7pm -101, 50.34

2024-12-06

Yesterday I was carried trough Venice. today I am participating in the Snake CTF finals

Flag-squirrel sitting on the left shoulder of a person looking at a lagoon in Venice.Flag-squirrel in the game arena at the KITCTF table.

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst