The SnakeCTF Finals by MadrHacks, which took place at the Bella Italia EFA Village in Lignano Sabbiadoro, was an amazing experience this year. From December 5 to December 8, 2024, this cybersecurity competition gathered some of the brightest minds in the field, and I was excited to play a part in its success.
I developed two web challenges for the event: Snakemail and SlashGirlfriends. Snakemail focused on vulnerabilities in an older version of pdf.js, allowing players to exploit JavaScript execution within a specially crafted PDF. SlashGirlfriends took a creative approach from stealing cookies from an admin to UI redressing to phishing a user of the platform, featuring a unique backstory involving AI "girlfriends." It was incredibly rewarding to see participants engage with these challenges and devise their solutions.
In addition to the challenges, I helped design the event website and the official t-shirts. Working with my teamates to ensure the branding captured the fun and technical spirit of the event was a highlight for me.
Lignano Sabbiadoro provided a fantastic setting for the finals. Participants and organizers enjoyed great facilities, including accommodations, meals, and leisure activities like the swimming pool.
The competition saw outstanding performances from top teams. The organizers team managed to get to the first place (also the only ones that flagged SlashGirlfriends), followed by pwnthem0le in second place and theromanxpl0it in third. The full scoreboard is available in the CTFtime page for the event.
I’m already looking forward to future editions. If you’re interested in cybersecurity or hacking competitions, SnakeCTF is definitely worth checking out! For more information about the event, visit SnakeCTF’s website.
