// Mission Briefing
7 SE leaders. 7 domains. 7 flags. Capture them all to face the Final Boss.
Your mission: exploit misconfigurations, bypass defenses, and extract flags hidden across Cloudflare's security stack. Work with your team to solve challenges spanning Zero Trust, WAF, AI Gateway, Workers, Email Security, and more.
The CTF runs throughout the summit. Hunt challenges between sessions. Move fast—the leaderboard is watching.
// Get Started
// Rules
- Teams of 3-4 members
- All flags follow format:
CF{APAC_keyword_xxxx} - 10 submission attempts per 10 minutes (rate limited)
- No brute forcing—solve the challenges
- Capture all 7 flags to unlock the Final Boss
- First team to complete wins—tiebreaker is last capture time
// Domains
| # | Challenge | Domain |
|---|---|---|
| 1 | Side Door | Zero Trust / Access |
| 2 | Rule Breaker | WAF / DDoS |
| 3 | Jailbird | AI Gateway / Workers AI |
| 4 | Dead Drop | Workers / D1 |
| 5 | You've Got Mail | Email Security |
| 6 | Ghost Signal | OSINT |
| 7 | Prompt Trojan | AI Security |