🔐 CTF Security: Hidden threats in Capture The Flag challenges
Authors: Alessandro Nessi & Alessandro Rebecchi
Date: March 2025
This project investigates whether CTF (Capture The Flag) challenges may contain hidden malware, using a combination of automated filtering, web scraping, and dynamic/static malware analysis.
📥 You can download the final PDF from the Releases section.
Filename: CTF_Security_Paper.pdf
- 🌐 Web scraping via Selenium to collect CTFs from crackmes.one
- 🛡️ Infrastructure setup using Proxmox, WireGuard, and Mullvad VPN
- 🔬 Malware analysis via:
- VirusTotal
- Procmon / Process Explorer
- Wireshark
- Strings
- Ghidra
- Total CTFs analyzed: 4042
- Suspicious matches: 70 (~1.73%)
- No conclusive evidence of active malware found.
- Flagged binaries often relied on obfuscation or packers common in reverse engineering challenges.
Even when challenges are flagged by antivirus solutions, further analysis is required.
False positives are common. Secure environments are essential.
This work is released under the Do What The Fuck You Want To Public License v2.
If you use this work, please consider citing us. Citation information is available in CITATION.cff.