Do not share flags, solutions and hints with other teams before the end of the CTF. Please pay attention to this rule when you ask questions in the public support channel. After the CTF, feel free to openly discuss the challenges in the Discord.


If you have a question or a problem (e.g. if a seemingly valid flag gets rejected or a challenge does not start), please reach out to us. The main form of communication for the Platypwn is our Discord server. If you do not want to use Discord at all, you can also send us an email to klub-cybersecurity-sprecher (at) hpi (dot) de (it will probably take longer to receive a reply via email). The main language is English. If you do not speak English or in private communications with us, you can also use German.


CTFd will redirect you to our single sign-on service. Every member of your team should create an account there. One account must be used by at most one person and one person must have at most one account. Any member of you can create a team in CTFd that the others can then join.

Technical Behavior & Bugs

CTFd clearly shows which IP/Port combination you are supposed to access. You can only access these from within our VPN. You can download a configuration here after logging in with our single sign-on solution. Do not attack anything except the services shown by CTFd, especially not our infrastructure or other teams.
Responsible disclosure of vulnerabilities and serious bugs in our infrastructure will be rewarded with bonus points according to our judgement as well as eternal fame in our hearts ;).
Abusing vulnerabilities or serious bugs in our infrastructure will be punished. If in doubt, talk to us.


We use dynamic scoring. That means, challenges which are solved more often will be worth less points. Every team that solves a challenge is awarded the same amount of points, the scores will be updated dynamically. This is the normal CTFd behavior for dynamic challenges with logarithmic decay.

Results & Prizes

CTFd shows a scoreboard during the competition. After the competition has ended, we will announce the official result in our Discord server.
As this is our first public CTF and we do not have any sponsors, there will be no prizes for external teams. To be eligible for prizes, your team must have at most 4 members, all of whom must be students of the Hasso Plattner Institute in Potsdam, and none of whom may be official members of the Cybersecurity Klub @ HPI.

Social Conduct

The goal of this CTF is to allow people to practice their skills and have fun. We ask you to avoid spoiling other's fun unnecessarily. We want the competition to be a pleasant experience for all participants, regardless of their gender, sexual orientation, race, religion, skill level, personal background or any other criteria. Therefore, we do not tolerate harassment in any form. This especially applies to our Discord server. Be fair and kind to everyone.

Rule Enforcement

Violation of the rules or any other hostile behavior may lead to temporary or permanent exclusion from the competition or any other measure deemed appropriate by the organizing team. Be aware that any attempt of using a vulnerability in our infrastructure for cheating in the competition or other malicious purposes will lead to exclusion of the whole team.
In cases not covered by the rules, we will decide according to our own judgement. We may change these rules before or during the competition.

Credits: We adapted these rules from saarCTF 2023.