← Back to Projects

CTF Challenge Platform

In Progress View on GitHub
Docker Python Flask PostgreSQL nginx

Overview

A self-hosted Capture The Flag platform built from the ground up for hosting custom security challenges. The platform is designed for small team training sessions and local security meetups, providing a hands-on way to practice offensive security skills in a controlled environment.

Challenge Categories

  • Web Exploitation - SQL injection, XSS, SSRF, authentication bypass, and deserialization challenges ranging from beginner to advanced
  • Binary Analysis - Buffer overflows, format string vulnerabilities, ROP chains, and reverse engineering challenges for x86 and x64
  • Cryptography - Classical cipher breaks, padding oracle attacks, RSA weaknesses, and hash collision challenges
  • Forensics - Memory dump analysis, network packet captures, steganography, and disk image investigations

Platform Features

  • Dynamic flag generation to prevent flag sharing between participants
  • Containerized challenge environments that spin up on demand using Docker
  • Real-time scoreboard with team and individual tracking
  • Challenge difficulty ratings and hint system with point deductions
  • Admin dashboard for managing challenges, users, and competition settings

Deployment

The platform runs as a set of Docker containers orchestrated with Docker Compose. The Flask backend handles user authentication, challenge management, and scoring. PostgreSQL stores user data and challenge metadata. Each challenge runs in its own isolated container behind nginx, ensuring participants cannot interfere with each other’s environments.

Current Status

The core platform is functional with approximately 25 challenges across all categories. Currently working on adding more advanced binary exploitation challenges and improving the automated challenge deployment pipeline.