Introducing RunCode CTF

For people who want to pwn good and want to do other things good, too.

What is RunCode CTF?

This is a new format brought to you by the same team that develops the on-site and online coding competitions at . Our team loves a good CTF, and our gradual inclusion of more and more infosec challenges to our traditional programming challenges called for a new format we think you'll enjoy.

We believe that the best way to learn to exploit is by actually exploiting live machines and in support of this, we have created a mobile capture-the-flag (ctf) environment. This environment contains several types of machines with multiple pathways for exploitation. We understand that ctf's have a broad appeal and will entice individuals (both novice and seasoned) to attempt the ctf competition. In light of this, we ensure that the machines we develop are developed at varying difficulties. This will engage a novice just starting out as well as a seasoned competitor.

The format is a little different from what you might be used to, but similar in style to some competitions we've enjoyed in the past, such as DerbyCon and EverSec. Teams are placed on a network and given a list of target boxes running vulnerable services they need to pwn. Each box will contain one to many flags waiting to be captured and submitted to the scoring server.

Competition Times

RunCode CTF competitions are (currently at least) held a few times a year at special events like security conferences and meetups.

Team Size

Teams can be comprised of anywhere between 1 - 6 people - beyond the size restriction, anyone can be on a team.


Prizes vary from event to event, but we will announce specifics prior to an event. Follow us on Twitter @runcode_ninja for updates.

Flag Format

The competition will not use a specific flag format. Look for l33tsp34k words scattered about and try submitting them. They'll generally be in places where you might normally find something of value (config files, passwords, so on and so forth).

Last updated