Advent of CTF 2025 · CyberStudents

Advent of CTF 2025 has ended. Thank you to everyone who participated! A full post detailing challenges and statistics will be published soon.

This event will run from December 1, 2025 8:00 PM to December 31, 2025 11:59 PM (EST). You can register anytime before the event ends.

The following competition guidelines are subject to change ahead of the event.

Challenges

A new challenge is released every day at 8 PM EST until December 25. To solve a challenge, you need to obtain a flag (which is always in the format csd{example_flag}). Knowing this format may be useful when attempting certain challenges.

CTF Tip

Flags can be obtained in a variety of ways, depending on the category. For example, you may need to reverse engineer or exploit a vulnerability in a web application or binary, or decrypt a ciphertext. Each challenge will have its own set of instructions and clues to help you get started. Before figuring out how to capture the flag, make sure you have an idea of where it’s located!

There will be a variety of challenges released every day, covering all six of the following categories: web exploitation, reverse engineering, binary exploitation, forensics, cryptography, and miscellaneous. The challenges will progressively get harder as the month goes on, but we will always have help and resources available for everyone.

Challenges can be solved in any order and at any time. You do not need to solve previous challenges before attempting later-released challenges.

Hints

Each challenge has two hints designed to point you in the right direction and help you progress. Hints do not cost points and you will not be penalized for viewing them.

The first hint is released 12 hours after each challenge is released at 8 AM EST.
The second hint is released 24 hours after each challenge is released at 8 PM EST.

If you ever get stuck on a challenge, it might be helpful to come back to it later once a hint has been released. If you still need help after viewing both hints, feel free to come chat with us in our Discord server!

Scoring

Each challenge starts at 500 points, and the points will decrease over time as the challenge is solved by other players.

Please note that the updated points will retroactively apply to all teams who have solved the challenge, meaning you will not be at a disadvantage if you solve a challenge later in the event.

In case of a tiebreaker between points, however, the player who has solved their most recent challenge the earliest will be placed first.

Help and collaboration

We encourage collaboration and teamwork! CTFs are most enjoyable when you work with others to solve challenges together. Even though Advent of CTF is an individual event, we allow collaboration between players as long as you follow these guidelines:

You may collaborate only after the challenge has been solved by at least five other players. This is to keep the leaderboard fair and competitive.
Some challenges have unique flags generated for each player. Do not submit another player’s flag or use another player’s instance or environment.
Using generative AI tools such as ChatGPT is allowed, but remember that understanding the challenge and solution is fundamental to learning. We may not offer assistance if it appears that you’re solely relying on others without genuine effort.

Technical requirements

Many Advent of CTF 2025 challenges can be solved without any special software that needs to be installed on your computer.

However, some challenges may require you to download files, use command-line tools, or write code to solve them. For those challenges, you will need a computer that can run and install the necessary software. Don’t worry if you’re not sure how to use certain tools or programming. There are many resources available, and we’re always here to help you get started!

Some challenges involving binaries or virtual machine images may only be compatible with computers with x86_64 (AMD64) architecture. If you have a computer with ARM architecture (e.g., Apple Silicon, Chromebooks), you may need to use virtualization software or emulators to run those challenges. We’re happy to help you set this up if needed.

Prizes and divisions

The prize pool for this event will be over $12,000 USD for all divisions and the raffle, including non-monetary items like APIsec certifications and CTFGuide Pro subscriptions.

We will also host a raffle for all participants who solve at least one challenge to win up to $5,000 worth of APIsec certifications! More details about the raffle will be announced during the event.

Division	Placement	Prize (USD)
College	1st	$225 + ASCP, CASA, ACP (APIsec) + CTFGuide Pro (1 year)
	2nd	$125 + ASCP, CASA, ACP (APIsec) + CTFGuide Pro (3 mo)
	3rd	$75 + ASCP, CASA, ACP (APIsec) + CTFGuide Pro (1 mo)
High School	1st	$225 + ASCP, CASA, ACP (APIsec) + CTFGuide Pro (1 year)
	2nd	$125 + ASCP, CASA, ACP (APIsec) + CTFGuide Pro (3 mo)
	3rd	$75 + CASA, ACP (APIsec) + CTFGuide Pro (1 mo)
Write-Up	Best well-written	$25 + CASA, ACP (APIsec) + CTFGuide Pro (3 mo)
	Best technical	$25 + CASA, ACP (APIsec) + CTFGuide Pro (3 mo)
	Best unintended solution	$25 + CASA, ACP (APIsec) + CTFGuide Pro (3 mo)
Raffle		Win up to $5,000 worth of APIsec certifications

Only full-time high school students (or the international equivalent) and full-time undergraduate college/university students at an accredited institution are eligible to win prizes for the High School and College divisions.
All monetary prizes will be awarded in USD. (This is a change from previous years.) Certain non-monetary prizes are subject to availability and may vary based on location and other factors; please contact the event administrators for more information.
Any registered player is allowed to participate in the Write-Up Division. We will open submissions near the end of the event; they will be judged by the event administrators and challenge developers. More details regarding write-up submissions will be announced later.

Additional guidelines

Individuals must be 13 years old or above by the time they begin registration. Participants living in certain countries or regions may have a higher age requirement. Please see the full list here.
Individuals under 18 years old or the age of majority in their country must have consent from their parent or guardian.
Individuals who have not yet begun 9th grade (or the equivalent in their country) cannot participate in the High School and College divisions without first obtaining permission from an event administrator. Students are not considered to be in high school during the summer before they begin 9th grade.
Inaccurate or false information provided during registration may result in disqualification from the event.
Participants should always show sportsmanship and be respectful towards other players and event administrators.
Flag hoarding (i.e., waiting to submit many flags near the end) is discouraged, but not prohibited. Waiting to submit flags may result in a longer verification process at the end of the event.
Sharing or accepting flags or any other type of disallowed collaboration (see “Help and collaboration” above) to other players during the event is prohibited.
Negligently making flags or any other type of disallowed collaboration accessible to other players (e.g., on social media, forums, public Discord channels, by sharing an account on ChatGPT with other players) may result in disqualification.
Write-ups to be submitted for the Write-Up Division must not be publicly shared or published before the submission period ends.
Using automated tools (e.g., DirBuster, sqlmap) blindly to scrape or fuzz challenges extensively (e.g., with a large, generic wordlist) to the degree where it may cause performance issues is prohibited, unless specified otherwise.
Players should observe notes or code comments regarding out-of-scope functionality or behavior within a challenge which were obviously and seriously written by challenge developers (e.g., “online mode is just for fun and is not part of the challenge, seriously!”).
Using commercial-level computing resources (e.g., AWS, school or university clusters, renting GPUs or other hardware) specifically for the competition without prior permission from an event administrator is prohibited.
Do not repeatedly spam or attempt to render the server or infrastructure inaccessible.
Do not use files, links, or instances that were created for another player.
Do not perform or attempt to perform attacks on the competition website, scoring system, Discord bot, or Discord server.
Do not attempt to perform attacks on or attempt to sabotage other players.
Do not attempt to circumvent sandboxes for challenges.
Each person can only register with one account. Account sharing is prohibited and is a bad practice.
Information about participants’ devices, including IP addresses, user agents, and other patterns may be collected to ensure competitive integrity. Any attempts to circumvent this collection or its accuracy may result in disqualification (excluding regular and common privacy practices such as ad blockers or VPNs). These data will be deleted after competition results are finalized.
Challenge developers and Advent of CTF event administrators are not allowed to participate in the event.
Participants must not be currently banned from the Discord server or have been disqualified from previous Advent of CTF events. Please appeal prior bans or disqualifications before registering.
The competition guidelines will still apply to all participants after the event ends until the event administrators announce the winner(s) for all divisions.
The event administrators reserve the right to disqualify and revoke recognition from any player at any time, including after the competition.
Did you know that we used to have an arbitration clause here for fun :)

Advent of CTF 2025 has ended; thank you for playing!

advent of ctf2025