• What: A hybrid 24 hour-long intermediate Jeopardy Capture the Flag event!
  • 🕛 When: 2025-11-15T12:00:00Z - 2025-11-16T12:00:00Z (download ics file)
  • 📍 Where: Online and at our university right here, which is easily reachable with S7 from Berlin.
  • ⛳️ Challenges: Various challenges in categories which may include pwn, rev, network, crypto, misc and more.
  • 🤖 Teams: Every team size is welcome in the online competition! The team size for the on-site competition is TBD.
  • 🏆 Prizes: There will be prizes for the first three teams on-site and online. Prizes will be announced before the CTF.
  • 💰 Sponsoring: In case you are interested in sponsoring, don’t hesitate to send us an email.

Timeline

  • User and Team Registration: TBD
  • CTF Start: 2025-11-15T12:00:00Z
  • CTF End: 2025-11-16T12:00:00Z
  • Infrastructure Teardown: 2025-11-23T12:00:00Z

Rules

  1. Do not attack the infrastructure or other people! The website shows which IP/port combinations belong to the task, only those may be attacked. When in doubt, please reach out.
  2. Do not share flags, solutions, hints, or ideas with other teams before the end of the CTF.
  3. The flag format is PP\{[A-Za-z0-9\-_]+(::[A-Za-z0-9\-_]+)?\}.
  4. Communicate in English on the Discord server.
  5. The team size is not restricted for online teams. Everyone can participate (no student status or else required). On-site teams are restricted to a size of TBD.

Credits: We adapted and modified these rules from saarCTF 2023 and Google CTF.

Social Conduct

The aim of this CTF is to give participants the opportunity to practice their skills and have fun. We ask you not to spoil the fun for others. We want the competition to be an enjoyable experience for all participants, regardless of their gender, sexual orientation, race, religion, skill level, personal background or other criteria. Therefore, we do not tolerate harassment in any form. This is especially true for our Discord server. Be fair and friendly to everyone.

Communication

If you have a question or a problem (e.g. if a seemingly valid flag gets rejected or a challenge does not start) or do need any other kind of help, please reach out to us. The main form of communication for the Platypwn is our Discord server where you can create tickets that we will process as fast as possible. Please use the ticket system instead of writing your questions in the open channels to not give other teams any hints by accident. After the CTF, feel free to openly discuss the challenges in our Discord. We will create channels for them. If you do not want to use Discord at all, you can also email us at klub-cybersecurity-sprecher (at) hpi (dot) de (it will probably take longer to receive a reply via email). The main language is English. If you do not speak English, you can also use German in private communications with us.

Responsible Disclosure

Responsible disclosure of vulnerabilities and serious bugs in the infrastructure will be rewarded with bonus points at our discretion as well as eternal glory in our hearts. Abusing these vulnerabilities will be penalized. If you have any doubts, please contact us.

Participation

The contest is open to individuals who are

  1. over the age of eighteen (18) at the time of entry.
  2. not a resident of Quebec, Cuba, Iran, Syria, North Korea, Crimea, and the so-called Donetsk People’s Republic (“DNR”), and the so-called Luhansk People’s Republic (“LNR”). (adapted from Google CTF)
  3. not restricted by applicable export controls and sanctions programs.

Rule Enforcement

Violation of the rules or any other hostile behavior may lead to temporary or permanent exclusion from the competition or any other measure deemed appropriate by the organizing team. Be aware that any attempt of using a vulnerability in our infrastructure for cheating in the competition or other malicious purposes will lead to exclusion of the whole team. In cases not covered by the rules, we will decide according to our own judgement. We may change these rules before or during the competition.

Results & Prizes

After the competition has ended, we will announce the official result in our Discord server. After that we will contact the prize winners on Discord or via email. The prizes for the Platypwn 2025 will be published before the next iteration. The scoreboard will be uploaded to ctftime shortly after the competition end.

Challenges

The Platypwn is a Jeopardy Capture the Flag event with challenges which may include:

  • Reverse Engineering
  • Binary Exploitation
  • Network
  • Crypto
  • Forensic
  • OSINT
  • Web
  • Misc

All are created by students of our Club. There are usually around 20 challenges per event and the CTF is 24 hours long. The target group are primarily people from our university with a background in computer science, but everyone is welcome!

Scoring

We use dynamic scoring. That means, flags which are solved more often will be worth less points. Every team that solves a challenge is awarded the same amount of points, the scores will be updated dynamically. The points for a flag may also increase again after other flags are solved more often.

Past Events

Platypwn 2024

Our second Platypwn took place from 8th December 2024, 14:00 UTC until 9th December 2024, 18:00 UTC (online). We had 3 crypto, 3 forensics, 5 misc, 1 network, 3 OSINT, 2 pwn, 3 rev, and 8 web challenges. For hosting the CTF, we used Flugsicherung, our own CTF platform which was previously used for the Potsdam Cyber Games.

Sponsors

Binary Ninja Binary Ninja

Platypwn 2023

The Platypwn was hosted for the first time on 28th October 2023, 12:00 UTC until 29th October 2023, 12:00 UTC (online). We had 4 crypto, 6 forensics, 7 misc, 3 network, 2 OSINT, 2 pwn, 2 rev, and 3 web challenges.