๐Ÿšจ Important Announcement:

Sadly, we have to announce that Platypwn 2024 is being postponed to December 7th due to infrastructure issues. ๐Ÿ˜ข๐Ÿ–ฅ๏ธ By postponing, we hope to improve your experience.

  • โ” What: A hybrid 24 hour-long intermediate Jeopardy Capture the Flag event!
  • ๐Ÿ•› When: 2024-12-07T14:00Z - 2024-12-08T14:00Z (download ics file)
  • ๐Ÿ“ Where: Online and at our university right here, which is easily reachable with S7 from Berlin.
  • โ›ณ๏ธ Challenges: Various challenges in categories which may include pwn, rev, network, crypto, misc and more.
  • ๐Ÿค– Teams: Every team size is welcome in the online competition! In the offline event the maximum team size is 4.
  • ๐Ÿ† Prizes: There will be prizes for the first three teams on-site and online. Online prizes include HTB+ voucher and more. On-site prizes include HPI Goodies and vouchers.
  • ๐Ÿ’ฐ Sponsoring: In case you are interested in sponsoring, don’t hesitate to send us an email.

Participation

The contest is open to individuals who are

  1. over the age of eighteen (18) at the time of entry
  2. not a resident of Quebec, Cuba, Iran, Syria, North Korea, Crimea, and the so-called Donetsk People’s Republic (“DNR”), and the so-called Luhansk People’s Republic (“LNR”) (adapted from Google CTF)
  3. an individual who is not restricted by applicable export controls and sanctions programs

Registration

Registration and team creation will start one week in advance. We will post the registration link here. Stay tuned. ๐Ÿš€

Rules

  1. Don’t attack the infrastructure! When in doubt, please reach out.
  2. Do not share flags, solutions and hints with other teams before the end of the CTF. Please pay attention to this rule when you ask questions in the public channels.
  3. The flag format is PP{[a-zA-Z0-9_\\-]+}.
  4. The team size is not restricted for non-HPI teams. Everyone can participate (no student status or else required). HPI teams are restricted to a size of 4.
  5. After the CTF, feel free to openly discuss the challenges in their corresponding Discord channels.
  6. If you have a question or a problem (e.g. if a seemingly valid flag gets rejected or a challenge does not start), please reach out to us. The main form of communication for the Platypwn is our Discord server. If you do not want to use Discord at all, you can also email us at klub-cybersecurity-sprecher (at) hpi (dot) de (it will probably take longer to receive a reply via email). The main language is English. If you do not speak English or in private communications with us, you can also use German.

Challenges

The Platypwn is a Jeopardy Capture the Flag event with challenges which may include:

  • Reverse Engineering
  • Binary Exploitation
  • Network
  • Crypto
  • Forensic
  • OSINT
  • Web
  • Misc

All are created by students of our Club. There are usually around 20 challenges per event and the CTF is 24 hours long. The target group are primarily people from our university with a background in computer science, but everyone is welcome! The main venue provides space for about 60 guests and a nice presentation screen.

Results & Prizes

After the competition has ended, we will announce the official result in our Discord server. After that we will contact the prize winners on Discord or via email. To be eligible for the on-site prizes, your team must have at most 4 members, all of whom must be students of the Hasso Plattner Institute in Potsdam, and none of whom may be official members of the Cybersecurity Klub @ HPI.

Vulnerabilities

Responsible disclosure of vulnerabilities and serious bugs in our infrastructure will be rewarded with bonus points according to our judgement as well as eternal fame in our hearts ;) Abusing vulnerabilities or serious bugs in our infrastructure will be punished. If in doubt, talk to us.

Scoring

We use dynamic scoring. That means, challenges which are solved more often will be worth less points. Every team that solves a challenge is awarded the same amount of points, the scores will be updated dynamically.

Social Conduct

The goal of this CTF is to allow people to practice their skills and have fun. We ask you to avoid spoiling other’s fun unnecessarily. We want the competition to be a pleasant experience for all participants, regardless of their gender, sexual orientation, race, religion, skill level, personal background or any other criteria. Therefore, we do not tolerate harassment in any form. This especially applies to our Discord server. Be fair and kind to everyone.

Rule Enforcement

Violation of the rules or any other hostile behavior may lead to temporary or permanent exclusion from the competition or any other measure deemed appropriate by the organizing team. Be aware that any attempt of using a vulnerability in our infrastructure for cheating in the competition or other malicious purposes will lead to exclusion of the whole team. In cases not covered by the rules, we will decide according to our own judgement. We may change these rules before or during the competition.

Credits: We adapted and modified these rules from saarCTF 2023 and Google CTF.

Past Events

Platypwn 2023

The Platypwn was hosted for the first time on 28th October 2023, 12:00 UTC until 29th October 2023, 12:00 UTC (online). We had 3 network, 4 crypto, 6 forensic, 7 misc, 2 OSINT, 2 pwn, 2 rev and 3 web challenges.