The 2024 edition of the WP CTF has ended, and we are thrilled to announce its resounding success! This year, approximately 80 participants formed teams from across Europe, including Greece, Germany, Austria, and the Netherlands.
Staying true to tradition, WP CTF 2024 featured a Jeopardy-style competition with diverse categories such as AI, Cryptography, OSINT, Web, Reversing, PWN, and Misc. Each category offered challenges spanning a range of difficulties, ensuring an engaging experience for participants of all skill levels.
The challenges were meticulously crafted throughout the year by our internal teams, taking inspiration from real-world vulnerabilities encountered in professional projects. To ensure top-notch quality, we organized a security workshop a few weeks before the event, where team members tested each other’s challenges, provided feedback, and finalized adjustments
After the competition ended and the winners were celebrated, all challenges and their writeups were published on GitHub. This allowed participants to compare their solutions, gain new insights, and find inspiration to enhance their skills. A networking session followed, where participants and challenge creators exchanged ideas, discussed feedback, and shared suggestions for future editions. The event wrapped up with an after-party, celebrating the shared passion for cybersecurity.
It has been incredibly rewarding to witness the growth of a vibrant, young community passionate about cybersecurity. Each year, this enthusiasm continues to expand, creating an inspiring and ever-evolving space for learning and innovation.
A heartfelt thank you to everyone who participated, and we can’t wait to see you at next year’s edition!
Mattia Codato
Software Developer - IT System & Service Management Solutions at Würth IT Italy
Author
Mattia Codato
Software Developer - IT System & Service Management Solutions at Würth IT Italy
1. Introduction The abuse of vulnerable drivers has become an increasingly common technique adopted by attackers to bypass modern security controls. This attack pattern, commonly referred to as Bring Your Own Vulnerable Driver (BYOVD), consists of loading legitimately signed but Read More
Today, most digital identity systems are built around a Central Identity Provider. That provider signs users in, stores key identity data, and often sits in the middle of every trust relationship between people, applications, and organizations. This model works, but Read More
A Simple Reverse Proxy Might Turn out to Be Dangerous Sometimes we inadvertently make assumptions that undermine our infrastructure security. In today's article I want to share with you one of the most common mistakes that are made when setting Read More
A scalable approach to detecting malicious domains using Threat Intelligence and Indicator Match Rules One of the most common techniques used in phishing and initial access campaigns is the creation of domains that closely resemble legitimate ones. Attackers exploit typosquatting, Read More
This is the second part of my series about a challenge I developed for the WPCTF. In the first article (Infection Chain - Behind the Scenes), I talked about my experience participating in the WPCTF from a different perspective: not Read More