This repository contains a collection of Capture The Flag (CTF) challenges designed and implemented for the iTEC 2025 Cybersecurity track. These challenges simulate real-world security vulnerabilities across various domains, providing hands-on experience with contemporary cybersecurity threats and defense mechanisms. Each challenge has been meticulously crafted to test specific skills in vulnerability assessment, exploitation techniques, and critical thinking in security contexts.
The repository includes challenges across multiple security domains:
- 3DS: Exploration of vulnerabilities in 3D Secure v1 payment protocol implementation
- ClearwayPay: Exploitable webhook vulnerabilities in payment processing flows
- Cryptoverse: Microservice architecture requiring vulnerability chaining (XSS + SSRF) to exfiltrate sensitive data from CouchDB
- Ticketing: JWT authentication implementation with weak secret key susceptible to dictionary attacks
- PCI-Mess: Implementation of insecure hashing practices for PAN (Primary Account Number) storage requiring cryptanalysis and brute-force techniques
Each challenge is organized with the following structure:
challenge_name/
├── source_code/ # Challenge implementation code
└── walkthrough/ # Detailed solution guide and educational material
Each challenge can be deployed independently using docker-compose from its respective directory. For an optimal learning experience, attempt the challenges before consulting the walkthroughs.
© 2025 [iantal]