HackPack CTF is a security competition that is part of the two security courses at NCSU: CSC-405 Computer Security and CSC-591 Systems Attacks and Defenses. The target audience is people interested in computer security that have some related background (like took a security course before ;) and want to exercise their skills in a secure environment by solving security challenges.

Team Registration

You can register your team here!

Important dates

The CTF will start on April 17th at 1pm EDT and finish on April 27th at 23:59 EDT.

This is different from what we had originally planned for this competition. We have decided that letting the competition run longer will allow our CTF players to participate in a more asynchronous fashion, taking into considerations the difficulties that we are all experiencing due to the effects of Coronavirus (COVID-19).

CTF format

This competition is a Jeopardy-style CTF, which means that challenges are independent, run on our infrastructure and in this particular competition belong to one (or more) of the following categories:

  • pwn - exploiting a vulnerability by gaining code execution
  • re - reversing an algorithm without having access to the source code
  • web - web security challenges
  • misc - security-related challenges that do not fall into any of the previous categories

The competition has dynamic scoring, which means that the more people solve a challenge the less amount of points everyone that solved it gets.

Flag format

All flags in the competition have the following format: flag{abc}

Challenge difficulty

The challenges in this competition are designed so that a significant subset of them can be solved within a 6-hour live event that is happening every year at NCSU as part of the security classes of the semester. However, due to the nature of this semester and the effects of Coronavirus (COVID-19), we are going to expand the duration of the competition to span until the end of the semester, so that the competition is more asynchronous and more CTF players can participate. This does have the effect that we expect experienced CTF teams to finish all available challenges before the competition ends.


None of the challenges require bruteforcing, so any action causing unnecessarily high loads for CPU, traffic, memory, I/O, etc. on our infrastructure, other teams or any other party is strictly prohibited.

If you discover a bug that is affecting the competition, let us know instead of acting maliciously (deleting flags, breaking the challenge deliberately, etc).

Lastly, do not share flags with other teams or ask for flags. Be a l33t hacker and capture the flags with your sk177z.


Part of the infrastructure is sponsored by g.co/cloud.

Discord server