14 Ott 2022

14 – 15 OCTOBER 2022

Reply Cyber Security Challenge is a 24-intense-hours, international CTF competition where each year thousands of security lovers come to solve a matrix of 25 problems made of 5 categories: Coding, Web, Miscellaneous, Crypto and Binary. The winning team is the one who finds the highest number of flags.
Learning is key and that’s why Reply has put together some useful content on how to solve past Cyber Security CTF editions in a sandbox environment to let you prepare for the next edition in 2022.

More information  can be found on the Reply Cyber Security Challenge website.
Politecnico di Bari contact: Prof. Francesco Nocera (


Registration is open one month before the challenge, until 23.59 of the previous day unless there’s an extension which we’ll announce via the platform. Your team can be made up of 2 – 4 members. During the registration phase you can:
• create a new team
• ask to join an existing one
• register and wait for the random team assignment once registration closes.

The Reply Cyber Security Challenge is an online coding competition open to coders and security experts aged 16 years + (at time of registration) from all over the world. There are two challenges: one for Replyers and one for non-Replyer professionals and students.

Challenge Platform
Your team submits solutions through Reply’s challenge platform. The platform features a regularly updated leader board, showing how teams are performing.

Challenge categories and levels

On October 15th at 19:30 CEST we’ll publish the 25 problems to be solved on the challenge platform. The problems are divided into five categories (Coding, Web, Miscellaneous, Crypto, Binary), described below:

Coding – this category relates to problems you’ll need to solve using your programming languages and coding skills.
Web – this category focuses on finding and exploiting vulnerabilities in web applications.
Crypto – this category involves attacking poorly implemented cryptographic algorithms, finding their vulnerabilities, then decrypting encrypted messages.
Binary – this category involves reverse engineering and exploiting security vulnerabilities in binary applications.
Miscellaneous – this category combines challenges from all the other categories, and requires additional skills such as stegano, forensic, recon, as well as general knowledge.
Each category consists of five levels. When the Challenge starts, we’ll publish only the first three problems for each category. The last two problems of each category will only become available once your team has completed the first three. Or, depending on how the challenge progresses, they could be unlocked, maybe just partially, by the Reply Keen Minds Team. Six hours from the end of the Challenge, level four could be unlocked, while the last level, the 5th, could be unlocked four hours from the end.

There are no cross-category dependencies.

Finding flags and submissions

A challenge is solved when a team finds a flag – consisting of a string that match the following regular expression: /\{FLG:.+\}/ where the content is any non-empty ASCII string (uppercase and lowercase letters, digits or symbols).

To earn points, your team must insert the flag into the answer input box in the platform challenge (curly brackets included).


Each challenge is scored according to its level of difficulty. For each category:

Challenge one – 100 points
Challenge two ­­– 200 points
Challenge three – 300 points
Challenge four – 400 points
Challenge five – 500 points

We also assign first-blood points to the first five teams that solve a challenge. The bonus points for each category are:

First solver – 32 points
Second solver – 16 points
Third solver – 8 points
Fourth solver – 4 points
Fifth solver – 2 points

University Students League

By playing the Cyber Security Challenge, you can win a prize for your university, too. To join the University Students League you must tell us the name of your university, right after the creation of your team.

On the day of the challenge the points you earn will contribute to your university’s final score.

At the end of the Challenge, the university with the most points wins a Reply Arcade Game for its communal area. Or it can choose to receive a financial donation to support an educational or research project.

The final score of your team will count for every person on the team: if in your team there will be students from different universities the points will be added to each of those.

The University Students League is open to Alumni too. Right after creating your team, insert the name of the university where you studied and make it win.