Capture the flag, written with care.

A 28-hour capture-the-flag built around five tracks of hand-crafted challenges. Designed to reward genuine reasoning over reflexive automation, with the kind of small details that turn an exercise into a memory.

Join Discord Browse tracks
StatusARMED ·
EditionVOL.I
Window28H
Tracks0
Authors0
FormatJEO
WEB CRYPTO MISC REV PWN WEB CRYPTO MISC REV PWN WEB CRYPTO MISC REV PWN
28 hours one night no slop no repeats 28 hours one night no slop no repeats 28 hours one night no slop no repeats

Most CTFs are either trivially solved by a generic language model, or rough enough that the fun gets buried under broken Docker images. We refuse to ship either. Every challenge is hand-crafted, theme-aware and play-tested before the gates ever open. — ZeroArenaCTF design brief, vol. I

Tracks · 01 → 05

Five disciplines.
One overnight sprint.

01/05 WEB

Web Exploitation

SSTI, prototype pollution, SSRF chains through cloud metadata, second-order SQLi, OAuth misuse, and authentication mistakes that age like fine wine.

Open brief
02/05 CRYPTO

Cryptography

Custom ciphers with subtle invariants, RSA misused three creative ways, sketchy curves, and PRNG state recovery dressed up as palace lore.

Open brief
03/05 MISC

Miscellaneous

Stego in unlikely places, OSINT trails through obscure corners, jailbreak puzzles for language models, logic mazes whose rules quietly change.

Open brief
04/05 REV

Reverse Engineering

Compiled binaries with intent, hand-rolled VMs that need unflattening, obfuscated bytecode, and at least one ELF written purely for the aesthetic.

Open brief
05/05 PWN

Binary Exploitation

Stack overflows that demand a real ROP chain, format-string puzzles with subtle pivots, heap challenges where the allocator is the entire game.

Open brief
END · OF · TRACKS

All five.
One night.

Pick a track or pick fights with all of them. Solo or team — same leaderboard.

Full breakdown
Centerpiece · sample

A challenge taste,
before kickoff.

CRYPTO · 01 CRYPTO

Numeria's Royal Random Oracle

The Court Mathemagician swore off primes and built a random oracle in their place. Each morning the oracle publishes 624 numbers to "prove its impartiality" — and immediately seals the day's correspondence with whatever comes next.

  • Multi-stage solve
  • State recovery
  • AES-CBC chain
Read brief
The weekend

A single overnight sprint.
No multi-week stamina test.

Phase Day Time (CEST) What happens
BriefingFri 29 May19:45Rules recap, scoring walkthrough, infrastructure status.
KickoffFri 29 May20:00All challenges unlock simultaneously. First-blood pings begin.
MorningSat 30 May09:00Organiser broadcast: clarifications, leaderboard recap.
Hint cascadeSat 30 May18:00Tiered hints unlock for unsolved challenges.
Submission closeSat 30 May23:59Leaderboard freezes. Final scoring is computed.
AwardsSun 31 May18:00Winners announced. Author writeups begin shipping.
Full schedule
RSVP / DISCORD

Gates open
29 May · 20:00.

Solo entries welcome. Teams up to four. Pre-event briefings, live announcements during the competition, and post-event writeups all happen on Discord.

Join the server