๐ Important Announcement:
The registration for Platypwn 2024 is now open here!
Every team member needs their own account, otherwise your VPN will not work. The registration will stay open until the end of the CTF.
The team selection will happen when the CTF starts on our platform. For team member limitations, see the rules below.
- โ What: A hybrid 24 hour-long intermediate Jeopardy Capture the Flag event!
- ๐ When: 2024-12-07T14:00Z - 2024-12-08T18:00Z (download ics file)
- ๐ Where: Online and at our university right here, which is easily reachable with S7 from Berlin.
- โณ๏ธ Challenges: Various challenges in categories which may include pwn, rev, network, crypto, misc and more.
- ๐ค Teams: Every team size is welcome in the online competition! In the offline event the maximum team size is 4.
- ๐ Prizes: There will be prizes for the first three teams on-site and online. Online prizes include HTB+ voucher and more. On-site prizes include HPI Goodies and vouchers.
- ๐ฐ Sponsoring: In case you are interested in sponsoring, don’t hesitate to send us an email.
Sponsors
Participation
The contest is open to individuals who are
- over the age of eighteen (18) at the time of entry
- not a resident of Quebec, Cuba, Iran, Syria, North Korea, Crimea, and the so-called Donetsk People’s Republic (“DNR”), and the so-called Luhansk People’s Republic (“LNR”) (adapted from Google CTF)
- an individual who is not restricted by applicable export controls and sanctions programs
Registration
Registration and team creation will start one week in advance. We will post the registration link here. Stay tuned. ๐
Rules
- Don’t attack the infrastructure! When in doubt, please reach out.
- Do not share flags, solutions and hints with other teams before the end of the CTF. Please pay attention to this rule when you ask questions in the public channels.
- The flag format is
PP{[a-zA-Z0-9_\\-]+}
. - The team size is not restricted for non-HPI teams. Everyone can participate (no student status or else required). HPI teams are restricted to a size of 4.
- After the CTF, feel free to openly discuss the challenges in their corresponding Discord channels.
- If you have a question or a problem (e.g. if a seemingly valid flag gets rejected or a challenge does not start), please reach out to us. The main form of communication for the Platypwn is our Discord server. If you do not want to use Discord at all, you can also email us at
klub-cybersecurity-sprecher (at) hpi (dot) de
(it will probably take longer to receive a reply via email). The main language is English. If you do not speak English or in private communications with us, you can also use German.
Challenges
The Platypwn is a Jeopardy Capture the Flag event with challenges which may include:
- Reverse Engineering
- Binary Exploitation
- Network
- Crypto
- Forensic
- OSINT
- Web
- Misc
All are created by students of our Club. There are usually around 20 challenges per event and the CTF is 24 hours long. The target group are primarily people from our university with a background in computer science, but everyone is welcome! The main venue provides space for about 60 guests and a nice presentation screen.
Results & Prizes
After the competition has ended, we will announce the official result in our Discord server. After that we will contact the prize winners on Discord or via email. To be eligible for the on-site prizes, your team must have at most 4 members, all of whom must be students of the Hasso Plattner Institute in Potsdam, and none of whom may have helped in the creation of the challenges or seen the challenges beforehand.
Vulnerabilities
Responsible disclosure of vulnerabilities and serious bugs in our infrastructure will be rewarded with bonus points according to our judgement as well as eternal fame in our hearts ;) Abusing vulnerabilities or serious bugs in our infrastructure will be punished. If in doubt, talk to us.
Scoring
We use dynamic scoring. That means, challenges which are solved more often will be worth less points. Every team that solves a challenge is awarded the same amount of points, the scores will be updated dynamically.
Social Conduct
The goal of this CTF is to allow people to practice their skills and have fun. We ask you to avoid spoiling other’s fun unnecessarily. We want the competition to be a pleasant experience for all participants, regardless of their gender, sexual orientation, race, religion, skill level, personal background or any other criteria. Therefore, we do not tolerate harassment in any form. This especially applies to our Discord server. Be fair and kind to everyone.
Rule Enforcement
Violation of the rules or any other hostile behavior may lead to temporary or permanent exclusion from the competition or any other measure deemed appropriate by the organizing team. Be aware that any attempt of using a vulnerability in our infrastructure for cheating in the competition or other malicious purposes will lead to exclusion of the whole team. In cases not covered by the rules, we will decide according to our own judgement. We may change these rules before or during the competition.
Credits: We adapted and modified these rules from saarCTF 2023 and Google CTF.
Past Events
Platypwn 2023
The Platypwn was hosted for the first time on 28th October 2023, 12:00 UTC until 29th October 2023, 12:00 UTC (online). We had 3 network, 4 crypto, 6 forensic, 7 misc, 2 OSINT, 2 pwn, 2 rev and 3 web challenges.