The format

Capture the flag, or simply CTF, is a competition where the participants work with computer systems (for example, a fictional bank’s app) and extract the insufficiently protected valuable information, which is called a flag.

There’s plenty of time to study each challenge, but you always end up in a hurry anyway. The team that submits the most flags wins.

It’s a unique vibe. It’s a marathon that you can run with friends. It’s the competition where being smart and savvy makes you win.

The challenges

Flags can be literally everywhere: on a website protected by a password, in a secret file, in an encrypted archive, in a phone answering machine or even in a satellite signal.

Each challenge belongs to a category. The category suggests which kind of vulnerability should be exploited, and where to look for the flag.

You don’t need to be an omnipotent expert: in the qualification stage, you can team up with friends, and each of you may specialize on areas of your own interest.

Avoid rote learning: you can use any software and search the Internet (however, it is forbidden to seek help from anyone outside your team).

Choose what you like the most and start preparing!

The categories

Web technologies

Web-specific vulnerabilities of the pages, web servers and databases.

Skills and knowledge
  • Knowing the difference of frontend vs backend
  • HTTP: cookies, headers, forms, request types
  • JavaScript
  • SQL
How to prepare


A thousand-year-old science of encrypting data so that it can’t be read by anyone.

Skills and knowledge
  • Basics of number theory and discrete math
  • Making sense of moderately easy math
  • …and specifications of crypto algorithms
How to prepare


Looking for evidence in memory, disk images and dumps of network traffic.

Skills and knowledge
  • File formats
  • Memory structures
  • File systems
  • Network protocols
  • Knowing how to conduct investigations
How to prepare


The art of covert information transmission over non-covert channels. Invisible ink.

Skills and knowledge
  • Files, formats, encodings
  • Data analysis
  • Finding patterns in data
  • Solving unusual challenges
How to prepare
  • You’re prepared


Open-source intelligence. Identification by an IP address and view from the window.

Skills and knowledge
  • Searching the Internet (like a pro)
  • General knowledge (knowing where to look)
  • Being smart
How to prepare

Pwn (binary exploitation)

Exploiting vulnerabilities in the code. Make the program obey you and not its creator.

Skills and knowledge
  • Programming
  • Reverse engineering
  • Computer architecture
How to prepare

Reverse engineering

Researching binary code. Programs at your computer are not black boxes.

Skills and knowledge
  • Programming experience
  • Knowing how to read and debug code
  • Being patient and attentive
  • Fearlessness
How to prepare


Try solving some simple challenges right here, on this page.

Using a computer for solving and searching the Internet is probably more convenient than using a phone.

Flags (the strings that you need to find and submit) start with ugra_.


PPC / Programming

Solving this challenge is very easy:

The darker times


We’ve got this picture for you.

No further words


Well, this is how it goes.

75 67 72 61 5f 77 6f 77 5f 79 6f 75 5f 73 70 65 61 6b 5f 68 61 63 6b 65 72 69 73 68

By the way: the course!

We have a course that’s recommended both for those who solved the challenges above and for those who struggled too much with them.

The course is in Russian, so it’s probably of limited use if you don’t speak it, but the machine translation is becoming better and better, so you’re still very much encouraged to have a look.