Research by:  

Master the SRLabs Hacking-Challenge

To share some unique aspects of our daily work, we created three hacking challenges. Dive into new fields of hacking, enhance your skills, and most importantly, enjoy the experience!

Key facts

What's All the Buzz About?

The unique challenges are developed by hackers for hackers, inspired by our daily work.

We cover three technology areas:

Fig 1: Overview of Hacking Challenge Categories


You want to forge an RSA signature. RSA signatures are commonly used to authenticate and verify important data. While the cryptography is considered secure, its implementations can have bugs. This challenge is based on a real-world vulnerability.


You face an AARCH64-based http server running a vulnerable CGI. The CGI has common protections like stack canaries and ASLR enabled. This challenge is based on a real-life vulnerability as well.


You have a radio capture of a mobile phone call, and now want to decrypt it. As the applied cryptography seems "good enough", you rather want to hack the network provider and grab the key. Using a little tap placed in a cell tower, you can listen to traffic between the cell tower and the telco’s core network. You can also send and receive traffic using the base station's IP. Good luck!


1. The SRLabs Hacking Challenge is available for the duration of one month: From 21st August till 21st September.

2. There are 3 challenges and 4 flags. All challenges are published on the start date.

3. The Hall of Fame lists solutions in the order they were submitted. There is no scoreboard.

4. You can play on your own or in a team. Since CTFd is in user mode, teams must share a single account.

5. Flags have the format SRLABS{flag_here}, unless specified otherwise.

6. Winners are contacted via the email address provided during registration. Please use a valid address.

7. The first participant to submit each flag receives a reward. The first participant to complete all challenges receives an additional reward.

8. Please do not share flags or solutions (write ups) during the runtime of the SRLabs Hacking Challenge (Sept 21st). Once the challenge is closed, you are welcome and encouraged to publish write-ups- **we offer prizes for the 5 best write-ups.**

9. The challenges do not require Brute Force attacks or extensive scanning. Please avoid these attacks to prevent excessive load.

Frequently Asked Questions:

Where is the event?

The CTF event will take place online.

Do I need to send a write up?

You are not required to but more then welcome! The Top 5 write ups will receive a surprise gift from SRLabs. Please send your write ups to [hackingchallenge@srlabs.de].

What to do if there is any infrastructure issue?

Please contact us on Discord

Do I need to play in teams or individuals?

You can participate as an individual or in teams. If you don't have a team, hop onto our Discord channel to find one.

When is the submission deadline?

You have one month, starting at 08/21/2023, to access and solve all challenges as you wish.

What tools might I need?

We recommend patience and a search engine of your choice. :)

Explore more

aLL articles
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping
device hacking
Smarter is not always wiser: How we hacked a smart payment terminal
hacking projects
device hacking
Honeypot research shows variety of DDoS amplification methods