Skip to content

Capture the Flag

BSides Lancashire is very happy to announce our Capture the Flag event! Powered by Cydena and design for both cybersecurity professionals and enthusiasts of all levels. Test your cybersecurity skills across 11 hands-on challenges covering network recon, web exploitation, AI deepfake forensics, OSINT, hash cracking, and SOC threat hunting. Challenges range from beginner-friendly to advanced. Solve flags, climb the leaderboard, and compete for the top spot — all within 2 hours!

Please follow the rules as the challenges will be observed throughout, and there will be a prize up for grabs on the day!

Download the CTF Programme

All challenges run entirely in the browser using interactive simulations — including terminal emulators, mock web servers, audio analysis tools, and document viewers. No VPNs, VMs, or external tools needed.

Rules

  1. Individual competition — no collaboration between participants.
  2. Do not attack, disrupt, or interfere with other participants or the platform.
  3. Do not share flags or solutions with other competitors during the event.
  4. Automated platform scanning is prohibited unless part of a challenge.
  5. Tiebreak is decided by time of last flag submission — earlier wins.
  6. Event staff decisions are final. Violations result in disqualification.

The Host

The BSides Lancashire 2026 Capture the Flag Challenge is brought to you by Cydena. The UK’s only cybersecurity talent platform where your skills are verified, not just claimed. Whether you are looking for a new role in cybersecurity or just interested in enhancing your skills and validating your capability Cydena has technical challenges and CTF’s to help you in your cyber skills development.

We hope you enjoy the challenge.

Challenges

Min points (single flag): 25. Max points (single flag): 250. Points lost per hint used: 75.

  • Port Scanner — Network Recon — Beginner — 25 points
  • The Curious Web — Web Recon — Beginner — 75 points
  • Port Probe Protocols — Service Enumeration — Beginner — 100 points
  • Client Brief: Prof. Practice — Legal / Ethics — Beginner — 100 points
  • Hash Cracker — Cryptography — Intermediate — 100 points
  • Deepfakes & Dollars — AI Forensics — Intermediate — 150 points
  • Injection Junction — Web App Sec — Intermediate — 150 points
  • Windows: NTLM Hash & Crack — Active Directory — Intermediate — 150 points
  • OSINT Reconnaissance — Open Source Intel — Intermediate — 200 points
  • Advanced Chess Gambit — Logic / Crypto — Advanced — 200 points
  • SOC In The Loop — Threat Hunting — Advanced — 250 points

Details

  • Points awarded immediately on correct flag submission.
  • Each challenge offers up to 35 hints at 25 points each. Use sparingly!
  • Flags use the format FLAG{…} unless stated otherwise in the challenge.
  • Incorrect submissions do not deduct points — keep trying.
  • Live leaderboard updates throughout the event.
  • All you need is a modern web browser (Chrome, Firefox, Edge, or Safari). We recommend a desktop or laptop is used, and you’ll need headphones for the audio forensics challenge.
  • To join in, just create a Cydena account and enter the access code given on the day!