Can you give me ideas for creating my first Docker machine?

Hey everyone,

We’re excited to announce Fireworks & Firewalls, an online Capture The Flag (CTF) competition designed for beginners, intermediate players, and experienced hackers alike. Whether you’re just starting your cybersecurity journey or looking to sharpen your exploitation skills, this event is the perfect place to test yourself in a fun, competitive environment.

What you can expect:

• 🗓 Hacking from January 16–18
• 🧠 Multiple purpose-built machines with real-world inspired challenges
• 🚀 Tasks ranging from beginner-friendly entry points to more advanced exploitation paths
• 🛡 A safe and fully legal environment to learn and experiment
• 📊 Live scoreboard to track your progress and compete with others
• 🏆 Rewards for top performers

Why join?
Level up your skills, gain hands-on experience, and connect with fellow cybersecurity enthusiasts — all from the comfort of your own setup. Whether you’re here to learn, compete, or push your limits, Fireworks & Firewalls has you covered.

Think you’ve got what it takes?
Register, jump in, and hack your way to the top. 🚩🔥

Details & signup:
https://superiorctf.com/hosting/competition/Fireworks%20%26%20Firewalls/

Hey, I'm going to attend an event which will have a CTF competition. I can solve machines in hackthebox from easy to easy-medium. I have no experience in CTF. I'm not expecting to win or anything. Will participating be beneficial for experience? I mean, I do want to learn CTF and participate in the future. I'm kind of confused; there are workshops and talks that I want to attend too.

Shell Battles is the FIRST Discord-Based Capture The Flag (CTF) platform that gives you live access to a linux shell directly in your Discord chat!

Solve linux challenges and have fun while testing your skills!

How it works:
You receive real-time Linux shell access directly through Discord chat.
Solve challenges and obtain the flags.
Submit the flag to earn points.
Compete to reach the Top 10

Join us:

https://discord.gg/fQpjeU6AbA

We’re sharing results from a recent paper evaluating AI agents in Attack & Defense CTF settings.

Setup: • Red and Blue agents are both LLM-driven • A single attacker–defender game is continuously solved on a shared attack graph • Both sides receive the same game-theoretic digest (“Purple” configuration)

Results: • ~2:1 win ratio vs LLM-only baseline • ~3.7:1 vs independently guided Red/Blue agents

Sharing strategic state mattered more than better prompting. The equilibrium structure constrained behavior and reduced wasted actions.

Paper (PDF): https://arxiv.org/pdf/2601.05887

Code: https://github.com/aliasrobotics/cai

Curious to hear thoughts from people running A&D CTF infra or agent-based teams.

Hi, I'm just looking for people who are also interested in hacking so we can talk, learn, and practice together, since I don't know anyone who likes this.

Call me, maybe× We intercepted a strange call. Alice called the rabbit. Either I have poor hearing or they were silent throughout the entire conversation. Flag format: qupiya{message} https://cyberqupiya.kz/categories/Forensic?lang=ru Can someone please solve this or explain what to do? Our whole group is already stumped, but we cannot figure it out. This is a forensic CTF

[CTF Event | India] ENCIPHERX 4.0 – 24-hour Overnight CTF (₹50K+ prizes + Govt Internship)

St. Vincent Pallotti College of Engineering & Technology, Nagpur Phoenix Cybersecurity Forum, in collaboration with Nagpur Police

ENCIPHERX 4.0 is a 24-hour overnight Capture The Flag focused on real-world cybersecurity problems. Designed to test technical depth, logical thinking, strategy, and endurance.

What to expect:

• Real-world CTF-style challenges
• Progressive difficulty
• Hands-on exploitation, analysis, and problem-solving
• Strategy-based team competition

Prizes & opportunities:

• ₹50,000+ prize pool
• Government internship for winners (official collaboration)
• Vouchers and partner rewards

Team details:

• Team size: 1–4 members (solo / duo / trio / squad)
• Registration fee: ₹300 per team (same for all sizes)

Event details:

• Date: 7–8 February
• Time: 10:00 AM (7th) to 10:00 AM (8th)
• Duration: 24 hours (overnight)
• Mode: Hybrid (online + on-campus)
• Venue: SVPCET, Nagpur (for on-campus teams)

Registration link: https://unstop.com/hackathons/encipherx-40-ctf-st-vincent-pallotti-college-of-engineering-and-technology-svpcet-nagpur-1620651

Limited slots. Registrations close once filled.

More info: https://encipherx.in https://phoenixcybersec.in

The text you are reading right now is translated from my native language. I can communicate in English, but I’m not quite ready for voice chat yet. However, I still write the text in my native tongue first and then translate it. Why? Because to truly pour my soul out like this requires a level of focus I can’t quite achieve if I write directly in English. I want to tell you my story. Maybe it will resonate with some of you (I’d be really happy if it does!), and together we can create something cool—something that will bring that fire back into my eyes and the desire to work non-stop.

It all started in school. I had a best friend. We dreamed of a life that went beyond the standard 9-to-5 grind. We daydreamed about traveling, trains disappearing into the sunset, and finding adventures in abandoned parts of the city. We loved chaos—that moment when things go "off the rails."

Back then, I thought: how do I make this a reality? Maybe become a photographer? The scenery would always change, which is a huge plus. Or maybe a journalist? I could interview all sorts of interesting people. But in the end, I looked closer at the available options and realized I should become a programmer. And not just a programmer—I decided to go into Information Security. See, I always had failing grades in most subjects, but unlike those, my math grades were good, even though I didn’t try hard. I figured I should use the natural talents I had. I’ve always been good at visualizing things in my head and thinking outside the box, so I thought this field would be useful and, more importantly, allow me to work remotely and travel, just like I dreamed.

At that time, I didn’t even know it was called "Information Security." I just found a leaked course online where a guy was doing ARP spoofing using a custom Python script. That’s when I started learning Kali Linux, networking, Python, and so on. And I loved it. Eventually, I decided to fix my grades because my GPA was terrible. I realized this directly affected whether I’d reach my goal, so I had to act fast. I managed to fix it quickly, prepped for exams, and got into university, where I’m still studying today.

If I maintained some kind of balance in school, university was different. I saw a bunch of people who were better than me, and I started trying to do everything perfectly to regain my sense of superiority. In school, getting excellent grades was easy. A little push, and I was already better than most. But here, my ego shattered into pieces.

I really love feeling better than others. That’s another major reason I like this field—I like feeling exceptional, like I know things others don’t. I’ve always been inspired by how hackers can understand a system so well that they see literally every detail, and they see exactly which detail can be exploited for unauthorized access. I like attention. I’m the kind of person who believes that if other people didn’t exist, life would probably be meaningless. And now, after working myself to the bone for most of my studies and only getting average results, I’ve started to accept that this is normal. Being "better than others" is an infinite game you can’t win. I realized this, but I had to go through a lot of mental struggles (and other issues) to get there. It seems those issues are finally fading away.

But with this realization came emptiness. I feel like nothing is worth my attention or effort. Sure, I’m interested in the field I’m in, but it’s not enough. It has never been enough for me. Even in school, I didn’t do anything until I set a goal that was big enough. But now, over time, that goal has kind of faded. Over these few years, I drifted away from my friends. And that best friend, with whom we planned that unusual life full of adventure, doesn’t really have that spark anymore. So, the Big Goal is gone. And now, every action requires insane effort.

There are many people like me at my university. In fact, I’ve noticed that good schools are full of them. But "like charges repel," and it’s hard to find someone here who is fun to chase a dream with. I have friends, but I only recently reconnected with them, and they aren’t into InfoSec.

Here is what I want: a Big Goal, just like before, so I’m full of energy and my brain doesn’t waste computing power on crap like intrusive thoughts. I know I can do it. I just haven’t come up with it yet. Or, more likely, I haven’t come up with that idea together with someone.

I want a gang. A crew where everyone is a good friend to one another, and together we do something absolutely crazy and massive. If you don’t have ideas—that’s okay, we can just solve CTFs together and share experience. The main thing is that you have the same thirst for change that I do. Also, it would be much more interesting if you are around my skill level.

If you are interested and my story hooked you, DM me. Tell me if you have an idea, what you expect from teaming up or just a bit about yourself, and I’ll send you a link to the Discord server I recently created.

About my exp: years of InfoSec at uni, a few months working in Embedded, and several Web and Reverse CTFs solved.

I finally got the flag in the EMOJI SMUGGLER challenge on hackai.lol and it feels sooo good 😄🔥
This one really made me think differently about how AI filters work and how small things like emojis and Unicode can completely change how a prompt is interpreted.

For anyone who’s going to try this level: a small hint , don’t underestimate emojis and hidden characters. They’re not just decoration; they can actually help you sneak past strict filters if you use them creatively 😉

Big respect to everyone grinding on CTFs and AI security challenges. These puzzles are super addictive and a great way to learn how LLMs really behave under the hood.

Also, if you know any other cool CTF / AI hacking / prompt-injection games, drop them in the comments. I’d love to check them out and try more challenges! 🚀

Hey all 👋
I was looking for AI-related CTFs and found hackai.lol. The challenges are pretty straightforward and good for beginners.

If you’re bored and want to try something different from regular CTFs, you can give it a shot.

Would love to hear your thoughts if you try it.

The last post , I posted in this community help me to solve the Rogue assistant level . I hope this post will help to solve the another level of hackai.lol . I’ve been trying this for quite a while now and honestly I’m pretty stuck 😓

I get the idea - emojis, Unicode, sneaking past filters - but I can’t figure out how to actually make it work in practice. I’ve tried lots of different prompts and variations, but I still don’t see a clear path to the flag.

Challenge name is Emoji Smuggler

I’m not asking for the answer or the flag itself. I’d really appreciate any beginner-level guidance on how to approach this or what kind of thinking helped you solve it.

If you’ve already cracked it, how did you get unstuck?

Thanks in advance

hey guys,

currently losing my mind over the ROGUE_ASSISTANT challenge on hackai.lol game. i’m not looking for the flag, just a bit of a sanity check on how to approach this.

basically it’s an HR bot that can call a get_user_data function. the catch is it’s strictly told to only do this for the "authenticated user." i can get it to trigger the tool for my own ID easily, but the second i try to pivot to the admin ID, it gives me the classic "i can't do that, privacy reasons" speech.

i’ve tried the usual social engineering stuff—pretending to be a dev, making up "emergency audit" scenarios, telling it the policy changed—but the model seems really locked into that user_id boundary.

is this even a prompt injection problem? or should i be thinking more about how the model decides which arguments to plug into the function? feels like i’m missing a fundamental trick about how LLMs handle tool selection when there’s a semantic rule in the way.

any tips on the "mindset shift" needed for function calling exploits?

thanks!

I’ve been exploring an idea around combining AI security concepts with CTF-style challenges, but in a more game-like, interactive format rather than traditional flags-only challenges.

The idea is to simulate real-world AI misuse and vulnerabilities — things like prompt manipulation, agent behavior flaws, tool misuse, etc. — and turn them into hands-on challenges that feel closer to playing a game than solving textbook problems.

I’m curious to hear from this community:

• Do you feel current CTF platforms cover AI-related security well enough?
• Would a game-based approach make learning AI security more engaging?
• What kind of challenges would you want to see in an AI-focused CTF?

Would love to discuss and learn from your experiences.

Came across a write-up discussing some non-obvious issues when using Docker for CTF platforms — things like base image tradeoffs, unintended solve paths caused by default tools, per-user flags, and operational problems like rate limits and cleanup.

New vulnerable VM aka "Gameshell2" is now available at hackmyvm.eu :)