UTCTF 2026


CTF Archive.

UTCTF 2026

Online, jeopardy-style CTF run by the Information & Systems Security Society team at The University of Texas at Austin.

Problems span crypto, pwn, forensics, web, misc, and more, with a mix of beginner-friendly and harder challenges.

Original Date: Fri, 13 Mar. 2026, 00:23 UTC — Sun, 15 Mar. 2026, 00:23 UTC
Original URL: https://www.isss.io/utctf
CTFtime Entry: UTCTF 2026
Organizing Team: isss



Challenges

Our security team built a "cryptographically secure" random number generator. The lead engineer assured us it was basically AES. He has since been let go.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Garv (@GarvK07 on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Our cryptographer assured us that a 649-bit prime makes this completely unbreakable. He also said the order of the group "doesn't really matter that much." He no longer works here.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Garv (@GarvK07 on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

A workstation in the design lab crashed during an overnight maintenance window. By morning, a critical desktop artifact was gone and the user swore they never touched it. You only have a memory snapshot from shortly before reboot. Recover what was lost.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: UTCTF Team

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Our SOC captured suspicious traffic from a lab VM right before dawn. Most packets look like ordinary client chatter, but a few are pretending to be something they are not.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: UTCTF Team

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

You are a DFIR investigator in charge of collecting and analyzing information from a recent breach at UTCTF LLC. The higher ups have sent us a triage of the incident. Can you read the briefing and solve your part of the case?

Triage Files: https://cdn.utctf.live/Modified_KAPE_Triage_Files.zip

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Jared (@jarpiano on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Last Byte Standing

  • ID: 7
  • Category: Forensics
  • Points: 856
  • Solves: 121
  • Solved By Me: false

Description

A midnight network capture from a remote office was marked “routine” and archived without review. Hours later, incident response flagged it for one subtle anomaly that nobody could explain. Find what was missed and recover the flag.

Files

  • last-byte-standing.pcap

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Sherlockk

  • ID: 8
  • Category: Forensics
  • Points: 973
  • Solves: 53
  • Solved By Me: false

Description

We're almost done agent. All we need to do now is identify some Indicators of Compromise (IOCs) left by the threat actor, among other things. The triage is the same as the one in "Landfall" and "Watson". Can you read the briefing and solve your part of the case?

Triage Files: https://cdn.utctf.live/Modified_KAPE_Triage_Files.zip

By Jared (@jarpiano on discord)

Files

  • briefing.txt
  • checkpointA.zip
  • checkpointB.zip
  • checkpointC.zip

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Silent Archive

  • ID: 9
  • Category: Forensics
  • Points: 886
  • Solves: 108
  • Solved By Me: false

Description

Incident response recovered a damaged archive from an isolated workstation. The bundle split into two branches during transfer: one looks like duplicate camera captures, and the other is an absurdly deep archive chain.

Follow both trails, reconstruct the hidden message, and recover the token.

Files

  • freem4.zip

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

We've built the world's most secure Python sandbox. Nothing can escape. Probably. Hopefully. Run it locally: python3 jail.py

Run it locally with python3 /challenge/jail.py.

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Garv (@GarvK07 on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

I managed to bypass the IPS to exfiltrate the secrets you wanted from the target's intranet. I just hope you remember the encoding structure we agreed on. by Emmett (@emdawg25 on discord)

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: UTCTF Team

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

The three words I would use to describe this location are...

Flag format: utflag{word1.word2.word3}

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Caleb (@eden.caleb.a on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

The three words I would use to describe this location are...

Flag format: utflag{word1.word2.word3}

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Caleb (@eden.caleb.a on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

The three words I would use to describe this location are...

Flag format: utflag{word1.word2.word3}

Use flagCheck to input the flag you get from the challenge to get the actual flag

Author: Caleb (@eden.caleb.a on discord)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score