It took us years to build CTFd. It's the result of many hours of thought and work.
We'd love to share our work with you to help you run your Capture The Flag. Starting at $10 a month you can host your CTF with us and we'll do everything we can to make sure your CTF runs as smoothly as possible.
The best defense is a good offense. Capture The Flags have been training generations of hackers since before 1999. They can teach not only how attacks happen, but how to conduct offensive security.
We build every type of security challenge. Whether it's OWASP Top Ten, Forensics, Reverse Engineering, Exploitation, or something in between, we know how to make it fun and approachable.
Phubble is a broken web application riddled with vulnerabilities designed to simulate a real world photo sharing application.
Phubble features vulnerabilities including Cross Site Scripting (XSS), SQL Injection, Cross Site Request Forgery (CSRF), Command Injection, and many other bugs featured in the OWASP Top 10. Phubble provides students with the invaluable experience of attacking a live website, exfiltrating data, and slowly escalating privileges until they’re root.
Phubble serves as an excellent exercise for the end user to learn and practice their hacking skills. It can be be approached with or without source code and is designed to be fun for both newcomers and experts of web security.
Each student receives a personal live instance of Phubble, documentation describing various web vulnerabilities, and an instance of CTFd to track their progress and compete against other students.