DMU Hackers presents

Pwn2Play

Our flagship Capture The Flag competition. Exploit, decrypt, reverse-engineer. Prove you've got what it takes.

Register Now Discord

--Days

:

--Hours

:

--Mins

:

--Secs

until Pwn2Play: Core Incursion

Date

Saturday 30th May 2026

Time

09:00 – 18:00

Location

Virtual & DMU Campus

Connect with us

Discord Register

Full Pwn

Complete system takeover. Combine multiple attack vectors to go from zero to root.

Pwn

Binary exploitation. Buffer overflows, format strings, ROP chains - break the binary, get the flag.

Rev

Reverse engineering. Disassemble, decompile, and decode binaries to uncover hidden logic.

Misc

Anything goes. Steganography, forensics, encoding schemes, or something completely unexpected.

OSINT

Open-source intelligence. Track down information using publicly available data and digital footprints.

Code

Programming challenges. Solve algorithmic problems or write scripts under time pressure.

Web

Web exploitation. SQL injection, XSS, SSRF, authentication bypasses - hack the web app.

Crypto

Cryptography. Break ciphers, exploit weak implementations, and crack the code.

Core Incursion // CTF Venue

Gateway House Floor 5
De Montfort University
The Gateway, Leicester LE1 9BH

WiFi

Student & Guest WiFi will be available. Please bring your own machine. Computers will not be provided.

Awards Event Venue

De Montfort Students' Union
Campus Centre Building
Mill Ln, Leicester LE2 7DR

Food & Drink

The bar opens after the event from 18:00 onwards for you to purchase drinks.

08:20

Doors Open

09:00

CTF Start

12:00

Lunch Break

13:00

CTF Resumed

18:00

CTF End

18:40

Awards Doors Open

19:00

Awards Ceremony

20:30

After Party

Respect all participants, organisers, and the integrity of the competition.
No harassment, discrimination, or toxic behaviour will be tolerated.
Follow all university IT policies and legal regulations.

Only interact with CTF challenges and infrastructure — do not target other participants or university systems.
Denial of Service (DoS/DDoS) attacks against the server, network, or participants are strictly prohibited.
Scanning outside the designated CTF scope is forbidden.

No brute-forcing challenge platforms, flag submission forms, or administrative panels unless explicitly part of a challenge.
Do not share, trade, or leak flags, solutions, or hints to other participants.
No automated tools/scripts that degrade server performance (e.g., aggressive scanning, spamming requests).

Maintain a stable internet connection and avoid using VPNs/proxies unless required for a challenge.
Keep your credentials secure — do not share your access keys or login information.
Follow organiser instructions in the event of technical issues.

Flags must be submitted exactly as retrieved, in the expected format.
If a challenge is broken, report it to an admin instead of exploiting it.
The organisers' decisions on challenge validity, scoring, and disputes are final.

No social engineering, phishing, or attacking other teams' setups.
No modifying, deleting, or tampering with challenge infrastructure.
No use of AI-generated solutions unless explicitly allowed.

Violating these rules may result in a warning, score reduction, or disqualification.
Severe infractions (e.g., damaging university systems, disrupting the event) may be reported to university authorities.

Contact event staff on the designated CTF Discord/Slack channel or help-desk for any issues.
If you encounter a security issue affecting the event, report it responsibly to the organisers.

Follow the Discord Terms of Service (ToS) at all times when using the CTF Discord server.

Social Route Around Leicester

Following the awards ceremony, join us for a social route around Leicester with a combination of DMU societies. Whether you competed or just want to celebrate, everyone is welcome.

After awards ceremony

Various venues across Leicester

All are invited

Want to sponsor Pwn2Play or get involved?

[email protected]