r/securityCTF

Is this common for ctf players or is this just a hallucination.

I run a small IRC network called MansionNET (irc.inthemansion.com) which is a self-hosted community with its own web services, radio stream, the whole deal. Recently we started building an ARG layer on top of it called Cipher Station.

The concept is that there's a (partly) numbers station themed landing page at cipher.inthemansion.com with a CRT terminal aesthetic. Hidden in the page are puzzle clues. Each puzzle solved "opens a room" in a fictional decaying mansion built by a telegraph operator named Elias Voss in 1887, who believed he was receiving transmissions from... something.

Puzzle 001 "The Gatekeeper's Key" is live right now. It's a multi-step chain that'll take you across the landing page and the IRC server (no more spoilers). Everything you need is on the page if you look carefully enough.

There's more coming, as we've got ideas involving steganography, audio ciphers, and puzzles that require multiple people to solve together.

If you're into cryptography puzzles, weird lore, and IRC (yes, IRC, as we are old), come poke around.

https://cipher.inthemansion.com

The Mansion is listening.

Nine modules, eight CTF-style browser challenges covering:

• Direct prompt injection
• Indirect injection (planted content in docs the bot ingests)
• System prompt extraction
• Tool abuse / excessive agency
• Data exfiltration (including the markdown-image exfil pattern)
• Guardrail bypass
• Insecure output handling (OWASP LLM05)
• RAG poisoning (OWASP LLM08)

Each module has concept + walkthrough + a live target you attack in the browser + defense patterns. First challenge in every module opens without a signup so the attack pattern is reachable before any commitment.

What would actually help: if anyone spends 15 minutes on one of these, a reply mentioning an unexpected solve path, a trigger that fires on natural phrasing you wouldn't have predicted, or a scenario that feels unrealistic versus what shows up in production engagements — that's worth more than any usage metric.

https://wraith.sh/academy

New wargame just launched — Phantom track of BreachLab.

  ssh phantom0@204.168.229.209 -p 2223
  password: phantom0                                                        

Persistent infra (not ephemeral instances), chain-password format like
Bandit/OverTheWire. 32 levels covering Linux privesc → container escape → Kubernetes takeover → exfil. Real Docker stack, not simulators (except Leaky
Vessels emulator and K8s API which I built specifically to make the technique mandatory without leaving real CVEs on the host).

Bonus: Ghost track (Linux fundamentals, 23 levels) for warm-up.

  ssh ghost0@204.168.229.209 -p 2222                                        
  password: ghost0                                                     

Free, no signup, no paywall, no AI hints. Resource links per level — that's
it. 11 more tracks planned (web, crypto, AD, RE, etc).

Leaderboard + first-blood bonuses at breachlab.org/leaderboard if you register an account.

First 100 graduates of any track get permanent Founding Operative status —
breachlab.org/founding

anyone’s willing to help, please DM. Would really appreciate a hint 🙏

Hello everyone, I wanted to introduce you to this website where I am learning to do pentesting. If any of you are interested in trying it out, I think you might find it interesting.

Hey there.

I'm a software engineering student. I'm currently learning C# from university and some databases and the .net framework so I can become a backend developer from this framework. The reason I chose this stack is because the job offers in the country I live in are most of them from this stack. Even though I enjoy this my dream job is to become an ethical hacker or work in cyber security.

Someone told me once there's no such entry level role as a "junior ethical hacker " so that I should better start with something like junior network engineer or IT specialist or Helpdesk and keep getting experience and then apply for a cyber security job.

I want to hear some suggestions from those who are experienced in the field about what should I learn now. Because sometimes I feel I should be learning maybe OS or python or Linux or networking instead of backend in .NET.

Do anyone know any GitHub repository or somewhere documented which has all the common ctf questions with the flag answers ... Database kind of

I'm building a Discord community for people who are genuinely interested in cybersecurity, pentesting and CTFs.

The goal is not to create another casual tech Discord where people just hang out. The idea is to build a focused learning environment where people actually work on improving their skills.

Right now the server is small and that's intentional. I'm looking for people who are:

seriously interested in offensive security willing to learn and experiment comfortable asking questions and sharing knowledge.

motivated enough to actually put in the work

You don't have to be an expert. Beginners are welcome too - but the mindset matters. This is meant for people who want to actively grow, not just lurk or spam random questions.

The server focuses on things like:

CTF challenges pentesting labs (HTB/THM etc.) exploit development experiments tooling, scripting and workflows writeups and research discussion

If you're looking for a place where people are actually practicing and improving together, you might find this useful.

If you're more experienced and want to share knowledge or collaborate on interesting problems, you're also very welcome. DM if you'd like an invite.

Hey everyone, I’m currently preparing for the Microsoft SC-300 exam and looking for some solid practice tests to help me cross the finish line. Since I’m on a tight budget, I can really only invest in one high-quality resource that covers everything accurately. is udemy a better option?

For those of you who have cleared the SC-300 recently, which practice tests did you find most similar to the actual exam environment? I’m specifically looking for something with realistic scenario-based questions, clear technical explanations, and heavy emphasis on Microsoft Entra ID, Conditional Access policies, and Identity Governance. I also want to make sure it covers the newer 2026 updates like Global Secure Access and Permissions Management.

Would really appreciate your recommendations on which one worked for me the most. Thanks in advance

Edit : Finally passed my SC-300 exam with 912

After my teammate suggestion at office. I did use Skillcertpro practice tests, they are quite similar to the questions that I saw on my exam. Almost 70-80% of the questions were strikingly similar to these tests. May be because they are adding new questions every 2 weeks. Thats helps in staying updated. Also I liked the fact they have lot of questions to practice with easy to understand explanations. I would also recommend reviewing the cheat sheet that they give 2 days before the exam.

https://skillcertpro.com/product/microsoft-sc-300-exam-questions/

I recently competed in a CTF with a team from my university and we all finished in 52th position i got around 1050 points doing OSINT and MISC, i an just a beginner in cyber security my teammates apriciated this and idk if it did good or not, they told me about write ups but idk how to write it, need some help like format or what to write in a writeup

I saw this page from an instagram reel and the video looked kinda cryptic too

Hey, i want to make a ctf for my friend for his bday with inside jokes and stuff. I have no knowledge on how to make one. How should i approach this?

Hey, I’m building a serious, well-rounded CTF team aiming to cover all categories and perform at a high level.

Current team:

• Networking + Digital Forensics
• Kernel exploits / container escapes (gVisor, seccomp, namespaces, etc.), low-level C, assembly, Linux internals
• Crypto + some reverse engineering

We’re strong in low-level/pwn + forensics, but we’re looking to fill key gaps.

Looking for people strong in:

• Web exploitation: SQLi, XSS, SSRF, auth bypass, deserialization, modern frameworks
• Binary exploitation (userland): heap, ROP, format strings, UAF, etc.
• Reverse engineering: fast analysis, obfuscation, multi-arch
• Crypto (deep): number theory, RSA/ECC, CTF-style crypto challenges
• Misc / OSINT / puzzles: pattern solving, stego, lateral thinking
• Scripting / automation: Python, pwntools, quick tooling

If you’re solid in any of these and interested in joining a competitive team, DM me with:

• Your strengths
• Experience (CTFs, platforms, anything relevant)
• Preferred categories

Find info on:

1. https://ctftime.org/ctf/1109/

2. https://ctf.cyber-cit.club/