Capture The Flag Events
Test your cybersecurity skills in our hands-on Capture The Flag competitions. Whether you're attacking or defending, we've got challenges for every skill level.
Both CTFs Hosted on
Join the offensive security challenge where you'll exploit vulnerabilities, crack systems, and capture flags. Perfect for penetration testers, ethical hackers, and security researchers looking to sharpen their offensive skills.
Defend systems, detect threats, and respond to incidents in this defensive security competition. Ideal for SOC analysts, incident responders, and defenders who want to test their skills in a realistic environment.
General CTF Rules
These rules apply to all Capture The Flag competitions at BSides Philadelphia 2025
Eligibility & Registration
- •Open to all BSides Philadelphia 2025 attendees
- •CTF is included in conference registration
- •Teams and individuals welcome (check event-specific rules)
- •Valid conference badge required for participation
Code of Conduct
- •All attacks must stay within the CTF infrastructure
- •No attacks on conference network or other participants
- •Respect fellow competitors and organizers
- •Follow BSides Philadelphia Code of Conduct at all times
Scoring & Prizes
- •Points awarded for each successfully captured flag
- •Challenges vary in difficulty and point value
- •Prizes for top performers in each category
- •Final standings announced during closing ceremony
Fair Play
- •No sharing of flags or solutions during competition
- •No denial of service attacks on CTF infrastructure
- •Organizers may disqualify participants for rule violations
- •Organizer decisions are final
Competition Format
This is an offensive security competition featuring a variety of exploitation challenges across multiple domains including web applications, network services, cryptography, reverse engineering, and forensics. All challenges are hosted on the ThreatSims platform.
- •Jeopardy-style CTF with various challenge categories
- •Individual or team participation (max 4 members per team)
- •24-hour competition window (starts at conference opening)
- •Access to challenges via ThreatSims platform
Challenge Categories
Expect challenges across multiple security domains:
Web Exploitation
SQL injection, XSS, authentication bypass, and more
Binary Exploitation
Buffer overflows, format strings, ROP chains
Cryptography
Breaking weak crypto implementations and protocols
Reverse Engineering
Analyzing binaries and uncovering hidden functionality
Tools & Resources
- •Bring your own laptop with preferred security tools
- •Kali Linux, Parrot OS, or similar distributions recommended
- •Internet access provided for tool downloads and research
- •Dedicated help desk for technical issues
Important Notes
- • Automated scanning tools are allowed but use responsibly
- • Flag format will be announced at competition start
- • Hints available after certain time periods (may reduce points)
- • Write-ups encouraged after competition ends
Competition Format
Immerse yourself in realistic security incidents that mirror real-world threats. Practice containment, analysis, and remediation techniques used by professional incident response teams. This self-paced competition uses Wazuh SIEM and is hosted on the ThreatSims platform.
- •Team-based competition (1-4 members per team)
- •Self-paced format - work through challenges at your own speed
- •Intermediate skill level recommended
- •ThreatSims platform for challenge access, scoring, and leaderboards
- •Kill chain challenges testing complete incident response lifecycle
System Requirements
Participants must set up their own Wazuh SIEM environment. Ensure your system meets these requirements:
Operating System
Windows 10+, macOS 12.0 (Monterey)+, or Linux
RAM & Storage
Minimum 8GB RAM (12GB+ recommended), 100GB+ free storage
Required Software
Docker Desktop, Docker Compose (setup guides provided)
Architecture
Apple Silicon (M1/M2/M3) or x86_64 compatible
Challenge Areas
Participants will develop skills across multiple defensive security domains:
- •SIEM Configuration: Deploy and configure Wazuh SIEM with SSL certificates, authentication, and data ingestion
- •Security Analysis: Log analysis, threat detection rules, incident investigation, and reporting
- •Incident Response: Practice containment, analysis, and remediation of realistic security incidents
- •Docker Deployment: Multi-container orchestration, volume management, and ARM64 compatibility
- •Troubleshooting: Diagnose permission issues, monitor container health, and optimize performance
Getting Started
Complete setup guides and resources are provided for all skill levels:
- •Step-by-step Wazuh SIEM installation guides for Windows, macOS, and Linux
- •Pre-configured Docker volumes with CTF challenge data
- •ARM Mac-specific instructions including x86_64 emulation and OpenSearch compatibility
- •Comprehensive troubleshooting guides for common deployment issues
- •Access to full documentation at ctf.blueteamvillage.org
Important Notes
- • Participants must set up their own Wazuh environment (detailed guides provided)
- • Bring a laptop with sufficient resources (12GB+ RAM recommended)
- • Setup can be completed before the conference or during designated setup time
- • Kill chain challenges simulate realistic attack scenarios from initial compromise to final objectives
- • CTFd platform provides real-time scoring and challenge tracking
- • Developed by Blue Team Village's Project Obsidian team
Ready to Compete?
Registration for both CTF events will open soon. Make sure you have a valid BSides Philadelphia 2025 conference ticket before registering for the CTF competitions.