PlainlySec CTF Arena
15 hands-on cybersecurity challenges across forensics, web security, cryptography, steganography and network analysis. All challenges use real downloadable files.
🟢 Easy Challenges
Challenge #1: The Suspicious Photo
OSINT / Image Forensics — Extract hidden location data from a photo
Challenge #2: Hidden in Plain Sight
Steganography — Find the message hidden inside an image
Challenge #3: Base64 Is Not Encryption
Cryptography — Decode a layered encoding challenge
Challenge #6: Caesars Last Message
Cryptography — Classical cipher decryption and ROT analysis
Challenge #4: The Forgotten Config
OSINT / Config Analysis — Exposed .git directory with hidden secrets
Challenge #13: Token of Trust
Web Security / JWT — Decode an intercepted authentication token
🟡 Medium Challenges
Challenge #5: Packet Detective
Network Forensics — Analyze PCAP for DNS tunneling data
Challenge #7: SQL Injection 101
Web Security — Bypass authentication using SQL injection
Challenge #8: What Did the Malware Say?
Malware Forensics — Extract strings from a binary executable
Challenge #9: Hash Cracking Challenge
Cryptography — Identify and crack multiple password hashes
Challenge #11: Certificate of Deception
Forensics / Crypto — Extract hidden data from an X.509 certificate
Challenge #12: The Silent Signal
Steganography — Extract hidden data from audio LSB encoding
Challenge #14: DNS Tunnel Vision
Network Forensics — Decode data exfiltrated via DNS tunneling
🔴 Hard Challenges
Challenge #10: The Log File
DFIR — Analyze server logs to reconstruct an attack timeline
Challenge #15: Cracking the Vault
Password Cracking — Identify and crack weak hashes in a vault DB
All challenges are offline — download the file, analyze locally. No internet access to external services required.
Progress is saved locally in your browser. View Scoreboard