2020 CTF

Last update: February 14, 2022 18:59

BSidesTLV 2020 CTF prizes are sponsored by https://HackTheBox.eu/

CTF starts in:

Rules and Guidelines

  1. Remote participation is allowed (for all teams) this year
  2. In the past, we only allowed physically present teams to claim a prize, we are considering a different approach this year
  3. This is a game, play fairly - we reserve the right to disqualify participants (and we came pretty close to do that in the past)
  4. Register to the competition at ctf20.bsidestlv.com, you must be registered to participate
  5. Each team may be made of one or more individuals
  6. The CTF challenges are containerized and scalable, as such most web challenges use a sticky cookie called ‘BSidesTLV’ please make sure to work with sessions to retain access to the same container
  7. For any persistency challenges with files, please note that we do an hourly cleanup of large and old files.
  8. Team size is limited to 20
  9. Scoreboard will be frozen on the 29th, 18:00 (Israel time), new submissions are allowed, but will not be shown on the board (this is getting exciting!). This means that you can still submit flags and get your points, but the scoreboard will not update - and only we will know who the final winners are :-)
  10. Note: You must use the BSidesTLV cookie for the challenges to work properly if it is supplied (it is not part of the CTF just part of the infrastructure)
  11. We usually keep the challenges live for a couple more (~1 week) days after the event to enable write-ups
Join Slack!


Full 48-hours

Winner anouncement on July 2nd, during our event

You’re invited to join our Slack channel, or follow us on social media: @BSidesTLV_CTF

please check this page for any updates prior to the competition


Do I have to be a member of a team to participate?

No, you can register as a team of one member

Is the CTF aimed at beginners?

some of the challenges will be in beginner level, some on expert level. try solving from the lower scores working up

Are there binary exploitation challenges in the CTF?

yes. yes there are

When does registration end?

Registration ends at the end of the contest

What is the flag format?

The flag format is either “BSidesTLV2020{…}” or “BSidesTLV{…}”

Will you release the code/containers/VM after the CTF

Yes, plan to release our entire repo

Hall of Fame

1st Place
2nd Place
3rd Place
Houston We Got Pwned

Our Team

Reut Menashe
Tomer Zait
Can you bypass the SOP 2
Docker Manager
Certified App
Roei Sherman
Ego Hostium
Check yourself so you won't wreck yourself
The Target
Nimrod Levy
Can you bypass the SOP 2
WebProxy Nightmare
Vera Mens
Certified App
Back to the 90s
Back to the 90s
Daniel Abeles
Guy Barnhart-Magen
Lavie BB
Ego Hostium
Check yourself so you won't wreck yourself
The Target
Guy Beck
Omer Cohen
Michael Maltsev
Snappaste (Part 1)
Snappaste (Part 2)
Artur Isakhanyan

Resources and WriteUps

GitHub repository of the challenges source code: https://github.com/bsidestlv/ctf20-public


830 teams registered

125 solved at least one challenge

5026 unique IP addresses

We had a total of 20 challenges across a wide range of domains