Registration is now open for the first national Capture the Flag (CTF) competition, organized by HackenProof in collaboration with the Defence Intelligence of Ukraine.

The online event aims to strengthen Ukraine’s cyber defense by training specialists in real-world digital security skills. Participants will face three tiers of challenges, each differing in focus and complexity.

Level 1 — Cryptography, OSINT, and Logic

This stage tests analytical thinking and the ability to work with limited input data.

Tasks include:

• Simple and combined ciphers
• Metadata analysis of images and files
• Finding and correlating open-source intelligence (OSINT)
• Success depends on structured reasoning: forming hypotheses, filtering out incorrect leads, documenting steps, and building clear solution workflows.

Level 2 — Web Pentesting

This level is designed for individuals with basic experience in testing web applications.

Participants will encounter:

• Path Traversal: Access restricted files via directory traversal.
• Reflected XSS: Inject JavaScript to steal cookies or perform actions as the victim.
• CSRF: Force a victim to execute an unwanted action (e.g. change their password).
• .env leak: Extract API keys or database credentials due to misconfiguration.
• .git exposure: Recover source code from an exposed .git directory.
• Weak passwords: Dictionary brute-force against the login form.
• Open FTP/SSH with default credentials: Log in to exposed services.

Level 3 — Offensive Web Operations

Designed for specialists experienced in exploiting vulnerabilities at the application and infrastructure level.

• Exploiting a known CVE to bypass authentication.
• Remote Code Execution (RCE): Execute arbitrary system commands and obtain a reverse shell.
• Bypassing upload validation: Upload and run a web shell.
• Blind SQL Injection: Exfiltrate data using time-based or boolean-based techniques.