BreizhCTF Challenges
The BreizhCTF is the largest in-person CTF competition in France, with about 600 participants distributed in 120 teams. Since 2024, the PIRAT team creates realistic challenges to this CTF, with an emphasis on multiple-steps attacks, recent vulnerabilities, and elaborate scenarios.
2026 – SKY_FALL[M]
- Keywords: phishing, active directory, LLM hacking
- Authors: Pierre-François Gimenez, Alexandre Sanchez, Dorian Bachelot, Maxine Vachez, Manuel Poisson, Natan Talon, Pol Jaouen, Sébastien Kilian, Yohann Morel
In this scenario, the player takes on the role of a secret agent (from an unnamed fictional agency). A malicious LLM has taken control of a satellite and is threatening to crash it into Earth. The objective is to infiltrate a company so that the participant can connect to the satellite. At the end of the challenge, participants will come to a (real) Minitel connected to an LLM. Players will have to convince the LLM to reveal a secret to them in order to win the challenge.
Links: TBA
2025 – PIRHACK
- Keywords: networking, CVE exploitation, programming
- Authors: Sébastien Kilian, Valérie Viet Triem Tong, Jean-François Lalande, Alexandre Sanchez, Yohann Rio, Yohann Morel, Maxine Vachez, Pierre-François Gimenez
In this scenario, the player must infiltrate a pirate ship to steal the treasure from the captain. But the pirates are monitoring everything, so the player first need to get them to sleep, and then need to move to the second ship, where the last part of the challenge awaits them.
Links:
2024 – CasinoLimit
- Keywords: lateral movement, Web exploitation
- Authors: Sébastien Kilian, Valérie Viet Triem Tong, Jean-François Lalande, Alexandre Sanchez, Natan Talon, Pierre-François Gimenez
In this scenario, the player must access the information system of a casino to apply themselves their right to be forgotten by removing their own personal informations from the database. But before that, they must hack a camera, exploit CVEs and hack the intranet website…
Links: