PWNCTF 2025

A capture-the-flag competition emphasizing collaborative learning over toxic competition

Location
Timișoara, Romania
Date
Oct 28-30, 2025
Prize Pool
$3,500
Join Competition View on CTFtime

What is PWNCTF?

A fresh approach to cybersecurity education through peer mentorship

PWNCTF represents a paradigm shift in cybersecurity competitions. Unlike traditional CTFs that foster cutthroat competition, we've designed an innovative format that prioritizes learning, fun, collaboration, and community building.

Our 3 day long international event brings together teams from around the world for an onsite experience in Timișoara, Romania, creating an environment where knowledge sharing is not just encouraged but it's essential for success.

Through our unique mentorship system, participants don't just compete. They teach, learn, and grow together, building lasting connections in the global cybersecurity community. The platform will also feature an open scoreboard for online players to follow the action and participate remotely.

How It Works

Throughout the competition, the scoreboard freezes periodically, and teams are split into two groups. Group A mentors Group B through randomly selected challenges. Success means both groups advance, Group B with reduced points, Group A with teaching bonuses. Failure means elimination, emphasizing the critical importance of effective knowledge transfer.

Note: Prize winners must be present onsite to qualify for monetary rewards.

Challenge Categories

We have partenred up with hacker groups from around the world to provide challenges in cutting-edge cybersecurity domains, from traditional web exploitation to emerging technologies like SATCOM and FPGA security

SATCOM

SATCOM Security

Satellite communication protocols, signal analysis, and space-based infrastructure vulnerabilities. Learn about orbital mechanics impact on security and ground station exploitation.

Bomb Defusal

Bomb Defusal

Physical puzzle solving under pressure, circuit analysis, and complex multi-stage challenge coordination. Experience real-world crisis management and technical problem-solving.

Mainframe

Mainframe Hacking

Legacy system exploitation, COBOL vulnerabilities, and enterprise mainframe security assessment techniques. Master z/OS security and TSO/ISPF exploitation methods.

Car Hacking

Automotive Security

Vehicle network protocols, CAN bus exploitation, and connected car vulnerability assessment. Explore autonomous vehicle security and V2X communication attacks.

SCADA

SCADA Systems

Industrial control system security, PLC programming vulnerabilities, and critical infrastructure protection. Master Modbus, DNP3, and IEC 61850 protocol exploitation.

RTOS

RTOS Security

Real-time operating system vulnerabilities, embedded device exploitation, and time-critical system analysis. Explore FreeRTOS, VxWorks, and QNX security challenges.

FPGA

FPGA Security

Field-programmable gate array vulnerabilities, hardware description language analysis, and reconfigurable computing security. Master Verilog/VHDL security analysis and bitstream manipulation.

Web Security

Web Exploitation

Modern web application vulnerabilities, from SQL injection to advanced client-side attacks and API security flaws. Explore cutting-edge techniques in modern web frameworks and cloud-native applications.

Forensics

Digital Forensics

Investigate digital crime scenes, recover deleted data, and analyze complex evidence chains across multiple platforms. Master advanced memory analysis and timeline reconstruction techniques.

Hardware

Hardware Hacking

Physical device exploitation, firmware analysis, and embedded system vulnerabilities in IoT and industrial devices. Dive deep into side-channel attacks and hardware reverse engineering.

Cryptography

Cryptography

Classical and modern cryptographic challenges, from basic ciphers to advanced elliptic curve and post-quantum cryptography. Explore lattice-based cryptography and zero-knowledge proofs.

Reverse Engineering

Reverse Engineering

Binary analysis, malware dissection, and software protection mechanism bypass techniques. Master advanced static and dynamic analysis with modern anti-analysis evasion.

Binary Exploitation

Binary Exploitation

Memory corruption vulnerabilities, exploit development, and advanced exploitation techniques against modern defenses. Explore kernel exploitation and hypervisor escapes.

Browser Pwn

Browser Exploitation

Modern browser security mechanisms, JavaScript engine vulnerabilities, and client-side exploitation techniques. Master V8, SpiderMonkey, and WebKit exploitation methods.

Docker Escape

Container Escape

Docker and container security, privilege escalation, and containerized environment breakout techniques. Explore Kubernetes security and container runtime vulnerabilities.

Required Hardware

Additional equipment is needed to actively participate in some special onsite challenges (excluded from scoreboard)

Intel Cyclone IV FPGA — EP4CE22F17C6

Core challenge: “ret2win”-style buffer overflow on an FPGA
Memory-safety on hardware HDL/soft-CPU pipeline JTAG/USB Blaster

Why it’s needed

  • Run a purposely vulnerable design (e.g., soft-CPU or state machine) where you’ll chain a minimal ret2win flow.
  • Understand exploitation when the “OS” is your logic: no ASLR/DEP — timing and register flow matter.
  • Hands-on with synthesis, bitstreams, and on-chip debug signals.

What you’ll do

  • Flash the bitstream, connect via UART/JTAG, and trigger the overflow.
  • Pivot control to a win function under strict resource/timing constraints.
  • Capture proof by interacting with a success GPIO/LED/win token.

We’ll provide programmer and reference bitstream; bring a laptop with drivers (Quartus/USB-Blaster or compatible).

Adafruit M0 (ATSAMD21)

Core challenge: 3 scenarios of buffer-overflow attacks
Stack corruption ISR-adjacent bugs Bare-metal toolchain

Why it’s needed

  • Showcase overflow classes on a small Cortex-M0+ target with predictable memory layout.
  • Practice exploitation without an OS: direct registers, linker scripts, and vectors.
  • Contrast protections (stack canaries, fortify) across scenarios.

What you’ll do

  • Build/flash vulnerable sketches for three distinct overflow patterns.
  • Craft inputs that redirect execution (e.g., overwrite return addr / function ptr).
  • Demonstrate control via a visible effect (LED, UART banner, or token printout).

We’ll provide ready-to-flash binaries and source; bring a USB cable and a serial terminal.

ESP32-WROOM (x2)

Used in two separate challenges:
MQTT remote format-string Reverse ARM firmware (analysis pipeline)

Why it’s needed

  • Remote format-string exploit (MQTT-PWN): craft a malicious packet to control formatting paths and overwrite a variable to get flag.
  • Firmware reversing track: analyze a provided ARM firmware image and interact via the ESP32 as the transport/IO harness (UART/Wifi), validating your understanding on real IO.

What you’ll do

  • Set up one ESP32 with a MQTT server waiting for your to transmit the payload and leak the flag.
  • Use the second ESP32 as a serial/IO bridge while you reverse and test the ARM image behavior.
  • Document primitives (write-what-where, info leak) and produce a reproducible PoC.

Bring two ESP32-WROOM devkits + USB cables.

Arduino nano

Used in one vcc type challenges:
Glitch pins → get flag Reverse ARM firmware (analysis pipeline)

Why it’s needed

  • Introduction to glitch type attacks to control formatting paths and flip a GPIO connection.
  • Firmware reversing track: analyze a provided ARM firmware image and interact via the ARDUINO as the transport/IO harness (GPIO), validating your understanding on real IO.

Arduino Uno

Used in one eeprom dump challenges:
Dump EEPROM → get flag Reverse ARM firmware (analysis pipeline)

Why it’s needed

  • Introduction to eeprom dump type attacks to gain access to proprietary code.
  • Firmware reversing track: analyze a provided ARM firmware image and interact via the ARDUINO as the transport/IO harness (GPIO), validating your understanding on real IO.

Prize Pool

$3,500 in total prizes for the top performing teams

1st Place
$2,000

Winners must be present onsite to qualify

2nd Place
$1,000

Winners must be present onsite to qualify

3rd Place
$500

Winners must be present onsite to qualify

Organizers

Meet the team behind PWNCTF 2025

Lead Organizer

Vatafu Vladut

Reuben Sammut

Challenge Author

mainframed767

Challenge Author

Tim Fowler

Challenge Author

Sponsors

Supporting the future of cybersecurity education

Venue

Join us in the heart of Timișoara

Venue

Iulius Congress Hall

www.iuliuscongresshall.ro

Located in the heart of Timișoara, Iulius Congress Hall is a modern venue known for its state-of-the-art facilities and excellent accessibility. Surrounded by restaurants, cafes, and shopping areas, it offers a good setting for a comfortable onsite CTF experience.

Contact

Get in touch with the PWNCTF team

CTFtime

View Event

X

@f00fc7c800

Discord

Join Server

Email

[email protected]