Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Advent Calendar of Advanced Cyber Fun

The 2020 edition with even more cyber fun. Wow!


A CTF-like advent calendar that opens a port everyday, starting from port 1. The challenges incorporate different protocols and services ranging from ancient RFCs to bleeding edge technologies. Each port is meant to be solvable rather easily so that it doesn't take too much time.

The 2020 edition of the advent calendar was hosted at The page contents are in the _website directory.


Each task should run in a Docker container, similar to the previous iteration. An exception are services that require to run on the host system because they are implemented in iptable rules or require specific Kernel features.


Tick the boxes to indicate the service has been implemented. Strikethrough text means challenge is already on the agenda.

Overall Challenge

The overall challenge will include an Amazon gift card again. Each port has a secret, the SHA256 hash of all secrets combined will be the password for an encrypted text on the website that includes instructions for receiving the gift card. Unfortunately we cannot just include the code of a gift card, because e.g. German gift cards won't work for Amazon Canada.

All keys are available at _challenge/keys.json, the password in _challenge/password. Both have been generated with the _challenge/ script.


Healthstate can be monitored with docker events --filter event=health_status


First one or two ports should be fairly simple to give participants an easy start. The bold and underlined days are 2nd to 4th advents (1st is not in december this year) and they should have special challenges (harder/more complex).

Port Challenge Path
1 A challenge that opens two web ports, port 1 returns a Set-Cookie2 header with a port list that includes 11111. Send cookie to this port in Cookie2 header according to RFC2965. xmas-cookie2
2 A simple DTLv1.2 server that returns the secret. dtls
3 ELF binary with wrong entry point. If entry point is set to the correct one, the flag is printed. Binary is provided via web server. ELF
4 xmas-socks is a simple portable parallel secure SOCKS server written in Go. xmas-socks
5 A custom TLS server written in Go that returns the flag if you negotiate the correct TLS ALPN protocol. proto
6 Web version of VSCode (Monaco editor) which allows to execute OS commands to read and decrypt flag via JavaScript. XMAS Cloud
7 PCAP File containg a Polyglot file containing the flag a.k.a as Матрешка (Matreshka). PCAP_poly
8 High Speed Fahrzeugzugang (HSFZ) server where user's have to send a proper HSFZ packet that starts the car. HSFZ
9 A simple webserver that only shows the flag with a correct Request Context, which has to include a proper From and Referer header. xmas-from
10 A JPG file with a Red Star OS watermark that includes the flag. redstar
11 A karaoke service where clients have to reflect song lyrics in the UTF encoding indicated by the returned BOM. xmas-karaoke
12 A simple gRPC service where clients have to call the XmasGreeting() function with the xmas name. Protobuf definition will be provided. xmasgreetings
13 WebAssembly page that requires a password. Prints the token with the proper password. xmas-webasm
14 A web shop with a race condition vulnerability. WebRace
15 A Network Time Security service which returns the token in a NTPv4 Server Negotiation Message. nts
16 A simple IP-HTTPS server where a client has to bring up a IP-HTTPS link. ip-https
17 A HTTP server that is only accessible via TLS-over-SCTP. tls-over-sctp
18 A Rust RPC service. rustRPC
19 A HTTP/3-only server on UDP. http3only
20 CSP bypass challenge. santas-naughty-list
21 Simple FTP server with login and a secret file. xmas-ftpd
22 JavaScript type pollution challenge. Santa's Christmas Factory
23 TCP server with emoji puzzles/quizzes. Something with emojis
24 XMAS scan port that returns the token in a ICMP 13 packet. Can be solved with Nmap XMAS scan and Wireshark. xmas-tcpflags


A technical advent calendar with CTF-like services where a new port opens every day.