VulnCorp

This CTF immerses participants in a realistic multi-service web application security assessment reflecting the OWASP 2025 Top 10 threat landscape. The target environment simulates a modern AI-integrated SaaS product built with Node.js and Python microservices, orchestrated via Docker. Participants must adopt a methodical red-team approach beginning with reconnaissance and enumeration, then progressing through exploitation of interconnected services to recover all flags. The challenge emphasizes the evolving attack surface introduced by AI/LLM integrations, software supply chain dependencies, and cloud-native misconfiguration threats that dominated real-world breach reports throughout 2025. Participants will need to demonstrate proficiency in chaining multiple vulnerabilities across service boundaries to achieve full compromise, mirroring how modern adversaries operate against production infrastructure.