🎯 2025 Edition (1st Edition)
PWNCTF 2025 - Inaugural Competition
The first annual PWNCTF competition that started the tradition of cybersecurity excellence. This groundbreaking event brought together talented hackers and cybersecurity professionals from around the world.
Key Details
- 📅 Date: 2025
- 🌍 Format: Online & On-site
- 👥 Team Size: 1-5 members
- 🏆 Prize Pool: $3,500+
- ⏱️ Duration: 72 hours
Strada Aristide Demetriade nr. 1
Timișoara 300088, Romania
🎯 2026 Edition (2nd Edition)
PWNCTF 2026 - Second Annual Competition
We're thrilled to announce the second annual PWNCTF competition for 2026! Building on the success of our inaugural event, this year's competition promises to be bigger, more challenging, and more rewarding than ever.
Key Details
- 📅 Date: 8-10 Mai
- 🌍 Format: On-site
- 👥 Team Size: 5 members
- 🏆 Prize Pool: €6,000+
- ⏱️ Duration: 72 hours
Bulevardul George Coșbuc 39-49 București 050141,Romania
⚔️ Challenges Category
PWNCTF 2026 features diverse challenges across multiple categories. Each challenge is crafted by experienced cybersecurity professionals.
Web Security
SQL injection, XSS, CSRF, and modern web vulnerabilities. Exploit web applications and find hidden flags.
Reverse Engineering
Analyze binaries, crack encryption, and uncover the secrets hidden in compiled code.
Cryptography
Break ciphers, solve cryptographic puzzles, and recover encrypted messages.
Forensics
Investigate digital evidence, recover deleted files, and uncover hidden data.
Pwning
Buffer overflows, ROP chains, and binary exploitation. Low-level attacks on real targets.
Miscellaneous
Unique challenges that test creative thinking and problem-solving skills.
Docker Escape
Exploit a misconfigured Docker container to escape isolation, gain host access, and retrieve the flag by abusing container privileges, filesystem mounts, or Linux capabilities.
Linux Kernel Hacking
Exploit a vulnerable Linux kernel to achieve privilege escalation, bypass security mechanisms, and gain root access by abusing kernel bugs, race conditions, or improper memory handling..
Robot Hacking
Exploit ROS-based robot systems by abusing insecure nodes, topics, or services to gain unauthorized control, escalate privileges, and extract flags from robotic software and infrastructure.
Cherri-iot Pwning
Exploit CHERIoT-based IoT systems by abusing compartment boundaries, capability misuse, or call gates to bypass CHERI memory safety guarantees and gain unauthorized access within a secure RISC-V embedded platform.
Bomb defusal scenarios
Solve interactive bomb defusal challenges by analyzing hardware, timing logic, signals, and deceptive clues to disarm the device safely before the countdown expires.
Tempest Pwning
Exploit TEMPEST and RAM EMANATION side channels using Eliza and WebGPU techniques to extract sensitive data through electromagnetic, timing, or rendering leakage from isolated systems.
GPU Hacking
Exploit GPU systems by analyzing and manipulating CUDA code to gain unauthorized control, leak data, or break isolation between host and device through GPU execution flaws.
FPGA Pwning
Exploit FPGA-based systems by triggering buffer and heap overflows, bypassing custom stack canaries, and redirecting execution flow to unauthorized functions to obtain the flag.
Car Hacking
Exploit automotive systems using RAMN-based challenges by abusing in-vehicle networks, memory corruption, or ECU logic flaws to gain control over vehicle components and extract the flag.
Crypto Ledge Hacking
Exploit Side-Channel OLEDvulnerabilities in Ledger to get the flag
BaseBand Pwning
Exploit cellular baseband firmware by abusing memory corruption or protocol flaws to bypass isolation, gain code execution on the modem, and compromise mobile communication subsystems.
SecureBootPwn
Exploit Secure Boot implementations by abusing logic flaws, cryptographic weaknesses, or chain‑of‑trust errors to bypass verification, execute unsigned code, and gain control of the system during early boot.
Mainframe Hacking
Hack the Mainframe
CubeSat Hacking
Exploit CubeSat systems by abusing satellite software, communication protocols, or onboard hardware logic to gain unauthorized control, manipulate telemetry, or retrieve flags from space‑grade embedded platforms.
MQTT PWN
Exploit app over mqtt over air to extract flag from esp32
ManyMoreJust "HOP IN LOOSER WE GOING HACKING"
If everything from here sounds interesting, come along we got a seat for you too!
💻 Hardware Requirements
To participate in PWNCTF 2026, ensure your team has the following hardware setup:
At least 4GB RAM, 2GHz processor, SSD recommended
Linux (Ubuntu) highly recommended, Windows/macOS also required
Altera Cyclone IV DE0-Nano is a compact FPGA development board for embedded, educational, and prototyping applications.
ESP32-WROOM is a low-power Wi-Fi and Bluetooth microcontroller module for IoT and embedded applications.
Arduino Uno is a popular microcontroller board based on ATmega328P for prototyping and educational projects. Used for dumping the code from the badge in order to solve the badge challenge
Adafruit Feather M0 is a compact microcontroller board with ARM Cortex-M0, ideal for IoT and wearable projects.
Arduino Nano is a small, breadboard-friendly microcontroller board based on the ATmega328P, ideal for compact projects and prototyping.
Optional but Recommended
👨💼 Staff & Organizers
Meet the experienced cybersecurity professionals organizing PWNCTF 2026:
Is a passionate, self-taught CTF player. He was part of team greece for ECSC 2025. Part of i0.rs group
Known as docea007. With 3 years of experience in ctf’s he's greateast achievements are: 4th place at OCSN 9th grade, won the finance track at unihack 2024, AC ctf finalist, I wrote challenged for the retroctf village at defcamp 25.
Passionate, self-taught CTF player. He was part of team hungary for ECSC 2025.
CTF player and DEFCON 33 finalist focusing on browser and software exploitation. He has discovered and reported two browser CVEs (CVE-2025-1426, CVE-2025-4082) and currently studies at Korea University.
Passionate about web development and security, mainly focusing on client-side vulnerability research and CTF activities. He works primarily on penetration testing and internal intrusion assessments, and additionally, he conduct smart contract audits on Solana and Ethereum based projects.
One of the most respected voices in mainframe cybersecurity. A true old-school hacker at heart, Philip cut his teeth on an Amiga 500 and early networks — and today leads the charge for mainframe pentesting as Director of Mainframe Penetration Testing Services at NetSPI.Over the years, he’s spoken at world-class conferences like DEF CON, Black Hat, RSA, and SHARE — teaching others how to find and exploit vulnerabilities even on highly guarded z/OS systems.
A self-taught electrical engineer, working in analog electronics. Responsible for the PVNCTF's badges and hardware support and challanges
0xMard is the founder of MardLab and the author of this challenge. His current work focuses on isogeny-based, quantum-resistant cryptography. He is also researching high-performance fuzzers for Windows and macOS to advance vulnerability research and kernel exploitation.
Aka Lifip, he is part of "Dacia Team". Qualified for the final phase for ECW Finals CTF 2025 , qualified at AC@CTF Finals 2025 and wrote challenges for the Retro Villiage at Defcamp 2025.
Lead Information Security Engineer at Betsson Group.Currently OSEE, OSED,OSC3,OSMR.He’s active in the community, sharing exploit development and red-teaming content exploit writeups.
Created the infrastructure for the first edition of PWNCTF. Currently operating AS214205,having points of presence in Bucharest,Frankfurt,Amsterdam,Toronto,Ashburn,Fremond. He can turn any network setup in a flying machine.
a passionate, self-taught CTF player. Part of “Dacia Team”. Passionate about web.
A leading figure in the emerging domain of space cybersecurity. As CEO and Founder of ETHOS Labs, LLC, and a former Security Analyst at Black Hills Information Security, he combines deep offensive-security expertise with a passion for making space systems safer.Tim has contributed real satcom hacking challenges — in CTFs like Defcon and training environments — helping to grow the space-cyber learning ecosystem.
Egyptian offensive security engineer (web & binary exploitation) with 4 years of experience in Pentesting & App sec playing and creating CTFs for 5 years. Won DuCTF and DiceCTF in 2024 with idek
Is a passionate, self-taught CTF player. He was part of team greece for ECSC 2023/2025.Currently working at Bcrypt.Part of i0.rs team
🤝 Our Sponsors
We're grateful to our sponsors who make PWNCTF 2026 possible. Their support enables us to offer amazing prizes and world-class infrastructure.
Platinum Sponsors
Hex-Rays SA is a premier cybersecurity company and the developer of IDA Pro, the industry-standard binary analysis platform, providing world-class disassembly and decompilation solutions that enable security researchers to analyze, debug, and secure complex software across 60+ architectures for a safer digital world everywhere today.
This can be you platform
Gold Sponsors
NXP Semiconductors is a global semiconductor company designing secure connectivity and embedded solutions for automotive, industrial, IoT, and mobile markets, enabling smarter, safer, and more efficient systems worldwide everywhere today.
This can be you platform
This can be you services
Silver Sponsors
ZET.net is a Romanian global network services provider offering high-performance IP transit, AI-optimized routing, colocation, and transport solutions, connecting thousands of networks through multiple points of presence in Europe and the USA.
DreamServer is a Romanian hosting provider offering web, game, radio, VPS/VDS, dedicated servers, colocation, and web design services with focus on high uptime, low-latency networks and technical support.
Covsec (Covenant Security Solutions) is a specialized cybersecurity consultancy and training provider delivering high-end technical expertise in Windows system architecture, security research, and defensive engineering, empowering security professionals to master complex internals and kernel-level mechanisms to protect critical infrastructure in an increasingly sophisticated threat landscape today.
MetaCTF is a leading cybersecurity skills and training company providing a modern, gamified platform for hands-on learning, allowing organizations to assess, upskill, and retain their workforce through realistic Capture The Flag simulations and interactive labs that build a "secure by design" mindset across global security teams today.
Interested in Sponsoring?
Companies of all sizes are welcome to sponsor PWNCTF. Contact us for partnership opportunities and sponsorship packages.
📞 Get In Touch
Have questions about PWNCTF 2026? We'd love to hear from you!
Social Media
Follow us on Twitter, LinkedIn, and GitHub for updates