Core Incursion

Pwn2Play CTF

Core Incursion begins in

-- Days
-- Hours
-- Mins
-- Secs
Pwn2Play: Core Incursion

Hybrid student CTF for teams of up to 6

A rigorous Jeopardy-style competition built to validate practical skills and connect emerging cyber talent with industry sponsors.

Date & Time Saturday 30th May 2026

09:00 – 18:00

Location Virtual & DMU Campus

In-person competitors will be based at Gateway House, Floor 5.

Format Up to 6 members

Compete online or in person.

12 Categories, 50 Challenges

Challenge Categories

A broad challenge set weighted toward web exploitation, with room for reversing, forensics, OSINT, scripting, crypto and fundamentals.

15

Web Exploitation

SQL injection, XSS, SSRF, authentication bypasses and web logic flaws.

7

Reverse Engineering

Disassemble, decompile and decode binaries to uncover hidden logic.

7

Miscellaneous

Unexpected formats, strange clues and challenge ideas that refuse one label.

5

Forensics

Recover evidence from captures, filesystems, memory, logs and hidden artefacts.

4

OSINT

Track down answers through public records, digital footprints and careful research.

3

Scripting

Automate parsing, brute force paths and transform data under time pressure.

3

Cryptography

Break ciphers, exploit weak implementations and reason about flawed secrecy.

2

Linux

Navigate shells, permissions, processes and system clues like an operator.

1

Binary Exploitation

Break compiled targets with memory corruption, control flow and exploit craft.

1

Full-Pwn

Chain attack paths from initial access to deeper compromise.

1

Code

Solve a focused programming problem with clean logic and fast execution.

1

Intro

A first flag to get teams settled into the platform and event flow.

Important

Key Information

Core Incursion // CTF Venue

Gateway House Floor 5
De Montfort University
The Gateway, Leicester LE1 9BH

WiFi

Student & Guest WiFi will be available. Please bring your own machine. Computers will not be provided.

Awards Event Venue

De Montfort Students' Union
Campus Centre Building
Mill Ln, Leicester LE2 7DR

Food & Drink

The bar opens after the event from 18:00 onwards for you to purchase drinks.

View Campus Map
Rewards

In-Person Prizes

Challenge Coins and TryHackMe Premium vouchers are reserved for the in-person podium.

In-person rewards

In-person podium teams receive formal recognition, a P2P Challenge Coin and TryHackMe Premium time for four team members.

1st

First Place

  • Faculty-signed Certificate
  • P2P Challenge Coin
  • 4x 6-month TryHackMe Premium vouchers
2nd

Second Place

  • Faculty-signed Certificate
  • P2P Challenge Coin
  • 4x 3-month TryHackMe Premium vouchers
3rd

Third Place

  • Faculty-signed Certificate
  • P2P Challenge Coin
  • 4x 1-month TryHackMe Premium vouchers

Online and in-person winners receive a Certificate of Achievement signed by DMU Faculty for LinkedIn and professional portfolios. Challenge Coins and TryHackMe vouchers are awarded to in-person podium teams.

Tracks

Scoreboard Rules

Choose the right track before you start solving.

Read the Rules

CTF Server Rules

01

General Conduct

  • Respect all participants, organisers, and the integrity of the competition.
  • No harassment, discrimination, or toxic behaviour will be tolerated.
  • Follow all university IT policies and legal regulations.
02

AI Usage Policy

  • AI usage is strictly forbidden in the main event.
  • Teams found using AI in the main event will be disqualified.
  • A separate AI-only scoreboard will be available on the Pwn2Play platform for teams who choose to use AI.
03

Server & Network Use

  • Only interact with CTF challenges and infrastructure. Do not target other participants or university systems.
  • Denial of Service (DoS/DDoS) attacks against the server, network, or participants are strictly prohibited.
  • Scanning outside the designated CTF scope is forbidden.
04

Fair Play & Ethics

  • No brute-forcing challenge platforms, flag submission forms, or administrative panels unless explicitly part of a challenge.
  • Do not share, trade, or leak flags, solutions, or hints to other participants.
  • No automated tools/scripts that degrade server performance (e.g., aggressive scanning, spamming requests).
05

Virtual Participants

  • Maintain a stable internet connection and avoid using VPNs/proxies unless required for a challenge.
  • Keep your credentials secure. Do not share your access keys or login information.
  • Follow organiser instructions in the event of technical issues.
06

Challenge & Flag Submission

  • Flags must be submitted exactly as retrieved, in the expected format.
  • If a challenge is broken, report it to an admin instead of exploiting it.
  • The organisers' decisions on challenge validity, scoring, and disputes are final.
07

Prohibited Actions

  • No social engineering, phishing, or attacking other teams' setups.
  • No modifying, deleting, or tampering with challenge infrastructure.
08

Penalties & Disqualification

  • Violating these rules may result in a warning, score reduction, or disqualification.
  • Severe infractions (e.g., damaging university systems, disrupting the event) may be reported to university authorities.
09

Support & Reporting Issues

  • Contact event staff on the designated CTF Discord/Slack channel or help-desk for any issues.
  • If you encounter a security issue affecting the event, report it responsibly to the organisers.
10

Discord ToS

  • Follow the Discord Terms of Service (ToS) at all times when using the CTF Discord server.
Keep the night going

After Party

Social Route Around Leicester

Following the awards ceremony, join us for a social route around Leicester with a combination of DMU societies. Whether you competed or just want to celebrate, everyone is welcome.

After awards ceremony
Various venues across Leicester
All are invited
Partners

Sponsors

Prize providers and challenge creators supporting Pwn2Play: Core Incursion.

Prize Providers

Supporting the winners with prizes that make the competition worth chasing.

Main Sponsor Prize Provider

Kit365

Kit365 is the primary sponsor of Pwn2Play, providing prizes for the winning teams. Their support helps make our flagship CTF a stronger event for cybersecurity talent.

Prize Provider

TryHackMe

TryHackMe is supporting Pwn2Play by providing prizes for our event, helping us reward standout performances and make the competition more exciting for participants.

Prize Provider

Immersive Labs

Immersive Labs is supporting Pwn2Play as a prize provider, helping us reward standout teams while backing practical cyber skills development through realistic, hands-on learning.

Challenge Creators

Building realistic problems and scenarios for competitors to solve under pressure.

Challenge Creator

North Quay Holdings

North Quay Holdings is a private sector company specialising in all-source intelligence and OSINT. They create challenges for Pwn2Play, helping deliver realistic and engaging CTF experiences.

Challenge Creator

Redcentric

Redcentric is a managed IT services provider delivering network, cloud, and security solutions. They create challenges for Pwn2Play, bringing industry expertise and real-world scenarios.

Want to sponsor Pwn2Play or get involved?

Become a Sponsor
Results

Pwn2Play Results