THCon 2K26 CTF


CTF Archive.

THCon 2K26 CTF

THCon is the jeopardy-style CTF of the Toulouse Hacking Convention.

Original Date: Thu, 07 May 2026, 11:00 UTC — Fri, 08 May 2026, 11:00 UTC
Original URL: https://thcon.party/
CTFtime Entry: THCon 2K26 CTF
Organizing Team: THCon



Challenges

Silent Signer (#19)

S.N.A.F.U. agents recovered sst-fwsign from a compromised workstation inside the SST Dynamics factory. It appears to be part of the firmware signing pipeline that M4terM4xima uses to flash compromised firmware onto the robots. Our field analysts tried attaching a debugger: each time, the validation fails. Reverse the binary and recover the signing token it accepts.

N.B.: The binary requires root privileges but is harmless. If you're not comfortable running it as root, use a VM.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: THCon 2026

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

PNG is a lie (part 1/2) (#28)

Some members of the COPS We have found this file lying on a very sus USB stick. Maybe try to find something hidden in it ? Or don't, I mean nobody does steganography anyway.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: THCon 2026

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

M4terM4xima's HINT (part 1/2) (#45)

S.N.A.F.U. agents Have recovered this mysterious yet seemingly inoffensive binary... or is it really ?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: THCon 2026

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Rhaaah SH-T again (#47)

A new data leak appeared on the dark web qnd it targets THBank...

Fortunately, the bank said that the cards were "highly securely encrypted". But, is this real ? The flag is the SUM of each UNIQUE card number unencrypted in the format THC{...}, for instance if the sum is 42 then the flag is THC{42}.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: THCon 2026

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Exponope (#49)

Our cryptography expert, Axel Vaughn just announced he's implemented a Secure way of encryption that is very efficient in order to lower the latency of our troops' telecommunications.

To do so he lowered the exponent used to a tiny value and claims the security impact is negligible. He sent us the following file for proof. Can you try to crack it ?

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: THCon 2026

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score