The qualifiers challenges for the 10th Edition of Security Summer School are deployed, for the Binary/Exploiting or the Web track. There are no challenges to be solved for the Security Essentials track, but you'll still have to register and motivate your application. For the Hardware Assisted Security track, all participants to the Web or Binary/Exploiting are eligible.

You first need to register an account. Choose SSSv10 Qualifiers as team type. If you want to use an existing account, let us know at sss-contact@security.cs.pub.ro or on Discord channel #technical-issues to update your team type to SSSv10 Qualifiers.

Then go to the challenges page and solve them. Challenges are to be solved individually.

You can choose either Exploiting Qualifiers challenges or Web Qualifiers. You can go for both and apply for both tracks, but we don't recommend that, we recommend you to focus on one.

Solve as many of them as you can by Sunday, June 4, 2023, 11pm EEST (i.e Romania time). Submit the flag here and then submit a .zip archive with README files and solutions scripts for the challenges together with your contact details in this registration form. We will then contact you with our response. Please register with the same e-mail address you used here, for challenge solving.

For SSSv10 qualifiers, challenges are to be solved individually. Most of the exploiting challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Most of the web challenges require a browser, developer tools, wget/curl and editors. Obviously, any correct solution is OK, irrespective of the tools employed.

For any issues and for support we will use the Discord channel #technical-issues.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS_CTF{some_interesting_string} or SSS{some_interesting_string}.

When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
The qualifiers challenges for the 9th Edition of Security Summer School are deployed, for the Binary/Exploiting or the Web track. There are no challenges to be solved for the Security Essentials track, but you'll still have to register and motivate your application. For the Hardware Assisted Security track, all participants to the Web or Binary/Exploiting are eligible.

You first need to register an account. Choose SSSv9 Qualifiers as team type. If you want to use an existing account, let us know at sss-contact@security.cs.pub.ro to update your team type to SSSv9 Qualifiers.

Then go to the challenges page and solve them. Challenges are to be solved individually.

You can choose either Exploiting Qualifiers challenges or Web Qualifiers. You can go for both and apply for both tracks, but we don't recommend that, we recommend you to focus on one.

Solve as many of them as you can by Sunday, May 22, 2022, 11pm EEST (i.e Romania time). Submit the flag here and then submit a .zip archive with README files and solutions scripts for the challenges together with your contact details in this registration form. We will then contact you with our response. Please register with the same e-mail address you used here, for challenge solving.

For SSSv8 qualifiers, challenges are to be solved individually. Most of the exploiting challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Most of the web challenges require a browser, developer tools, wget/curl and editors. Obviously, any correct solution is OK, irrespective of the tools employed.

For any issues and for support we will use the Discord channel #technical-issues.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS_CTF{some_interesting_string} or SSS{some_interesting_string}.

When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
The qualifiers challenges for the 8th Edition of Security Summer School are deployed.

You first need to register an account. Choose SSSv8 Qualifiers as team type. If you want to use an existing account, let us know at sss-contact@security.cs.pub.ro to update your team type to SSSv8 Qualifiers.

Then go to the challenges page and solve them. Challenges are to be solved individually.

You can choose either Exploiting Qualifiers challenges or Web Qualifiers. You can go for both and apply for both tracks, but we don't recommend that, we recommend you to focus on one.

Solve as many of them as you can by Sunday, May 23, 2021, 11pm EEST (i.e Romania time). Submit the flag here and then submit a .zip archive with README files and solutions scripts for the challenges together with your contact details in this registration form. We will then contact you with our response. Please register with the same e-mail address you used here, for challenge solving.

For SSSv8 qualifiers, challenges are to be solved individually. Most of the exploiting challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Most of the web challenges require a browser, developer tools, wget/curl and editors. Obviously, any correct solution is OK, irrespective of the tools employed.

For any issues and for support we will use the Discord channel #technical-issues.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS_CTF{some_interesting_string} or SSS{some_interesting_string}.

When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
The Final CTF for the SSSv7 Web Track will take place on Sunday, July 26, 9am-9pm. 7 Teams will compete agaaain for eternal glory.

You will log in with the provided credentials for your team and subsequently ask us to update your team name.

For any issues and for support we will use the #web channel on Discord.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS_CTF{some_interesting_string} or SSS{some_interesting_string}.
The MID CTF for the SSSv7 Web Track will take place on Saturday, July 11, 10am-6pm. 7 Teams will compete for eternal glory.

You will log in with the provided credentials for your team and subsequently ask us to update your team name.

For any issues and for support we will use the #web channel on Discord.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS_CTF{some_interesting_string} or SSS{some_interesting_string}.

The SSSv7 Exploit Track MID CTF is Live and it will be up until 18:00 today!

Happy hacking!
There was an issue with "The Talker" challenge preventing it from providing the flat. It's now fixed.
The qualifiers challenges for the 7th Edition of Security Summer School are deployed.

You first need to register an account. Choose SSSv7 Qualifiers as team type.

Then go to the challenges page and solve them. Challenges are to be solved individually.

You can choose either Exploiting Qualifiers challenges or Web Qualifiers. You can go for both and apply for both tracks, but we don't recommend that, we recommend you to focus on one.

Solve as many of them as you can by Sunday, June 7, 2020, 11pm EEST (i.e Romania time). Submit the flag here and then submit a .zip archive with README files and solutions scripts for the challenges together with your contact details in this registration form. We will then contact you with our response. Please register with the same e-mail address you used here, for challenge solving.

For SSSv7 qualifiers, challenges are to be solved individually. Most of the exploiting challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Most of the web challenges require a browser, developer tools, wget/curl and editors. Obviously, any correct solution is OK, irrespective of the tools employed.

For any issues and for support we will use the Freenode IRC channel #hexcellents.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS_CTF{some_interesting_string} or SSS{some_interesting_string}.

When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
The Final CTF for SSSvs will take place on Saturday, July 20, 2019, 9:00 - 21:00. Teams of 4 will compete for eternal glory.

Unless otherwise stated, flags use the format SSS{some_interesting_string}.

You can either create e new team or use a previous e-mail address and ask us to update your team name.

Keep calm and let's hack !
The Mid CTF for SSSv5 will take place on Saturday, June 29, 2019, 9am-5pm. Teams of 4 will compete for eternal glory.

Unless otherwise stated, flags use the format SSS{some_interesting_string}.

You can either create a new team or use a previous e-mail address and ask us to update your team name.
The qualifiers challenges for the 6th Edition of Security Summer School are deployed.

You first need to register an account. Choose SSSv6 Qualifiers as team type.

Then go to the challenges page and solve them. Challenges are to be solved individually.

Solve as many of them as you can by Sunday, May 12, 2019, 11pm EEST (i.e Romania time). Submit the flag here and then submit a .zip archive with README files and solutions scripts for the challenges together with your contact details in this registration form. We will then contact you for interviews. Please register with the same e-mail address you used here, for challenge solving.

For SSSv6 qualifiers, challenges are to be solved individually. Most of the challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Obviously, any correct solution is OK, irrespective of the tools employed. For any support we will use the Freenode IRC channel #hexcellents.

Unless otherwise state, the remote flags are found in /home/ctf/flag.

Unless otherwise stated, flags use the format SSS{some_interesting_string}.

When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
The Final CTF for SSSv5 will take place on Saturday, July 21, 2018, 9am-9pm. Teams of 4 will compete for eternal glory.

Unless otherwise stated, flags use the format SSS{some_interesting_string}.

You can either create a new team or use a previous e-mail address and ask us to update your team name.
We've added hints for the mid CTF challenges. Have fun and happy hacking!
The Mid CTF for SSSv5 will take place on Saturday, June 30, 2018, 9am-5pm. Teams of 4 will compete for eternal glory.

Unless otherwise stated, flags use the format SSS{some_interesting_string}.

You can either create a new team or use a previous e-mail address and ask us to update your team name.
For SSSv5 qualifiers, challenges are to be solved individually. Most of the challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Obviously, any correct solution is OK, irrespecrtive of the tools employed.
The qualifiers challenges for the 5th Edition of Security Summer School are deployed.

You first need to register an account. Choose SSSv5 Qualifiers as team type.

Then go to the challenges page and solve them. Challenges are to be solved individually.

Solve as many of them as you can by Wednesday, May 23, 2018, 11pm EEST (i.e Romania time). Submit the flag here and then submit a .zip archive with README files and solutions scripts for the challenges together with your contact details in this registration form. We will then contact you for interviews. Please register with the same e-mail address you used here, for challenge solving.

Please solve challenges individually. For any support we will use the Freenode IRC channel #hexcellents.

Unless otherwise stated, flags use the format SSS{some_interesting_string}.

When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
The SSS Final CTF is on! Get all the flags. Use the #hexcellents channel on Freenode for hints.
The contest will start on Saturday, July 22, 2017, 10:30am and will end on Satudray, July 22, 2017, 22:30pm, EET (i.e. Romania time). For any support we will use the Freenode channel #hexcellents.

Unless otherwise stated, flags use the format SSS{Some_random_string}.

In order to be eligible for the grand prize and be a part of the competition, you must follow the following rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.
SSS Final CTF will take place starting from Saturday, July 22, 2017, 10:30am, until Saturday, July 22, 2017, 22:30pm.

In order to take part in the CTF contest, you have to register a team.

Please join the IRC channel #hexcellents Freenode for hints.

Let's get cracking!