Step into the Vulnerable House, a unique Capture The Flag experience where the digital meets the domestic. Explore a simulated smart home network packed with connected devices, misconfigurations, and hidden flaws — all waiting to be discovered.
Participants will investigate real-world vulnerabilities in IoT, web, and network components, analyzing everything from smart cameras to home automation hubs. The CTF is designed to be beginner-friendly, yet deep enough to challenge security enthusiasts.
Learn, hack, and have fun — all within the safe virtual walls of vuln.casa!
Goal
Goal of the Competition
Your mission is to uncover and exploit vulnerabilities inside the Vulnerable House environment.
Each flag represents a discovered weakness in the simulated home ecosystem — from exposed web interfaces and weak credentials to flawed firmware logic and unsafe network services.
Solving these challenges will teach participants how to:
- Analyze and exploit common vulnerabilities
- Intercept and decode home network traffic
- Apply ethical hacking principles in a safe, legal setting
Earn points for each flag captured and climb the leaderboard to prove your skills as the Defender or Invader of the House.
Rules
Rules of Engagement
/ The CTF takes place entirely on vuln.casa — no external systems may be targeted.
/ Participants may use any tools, scripts, or frameworks of their choice.
/ Be original — collaboration is encouraged, but plagiarism or sharing of flags/writeups during the event is not allowed.
/ If a lab environment needs a reset, please contact the on-site or online admin team.
/ Offensive, abusive, or unethical behavior towards other participants or organizers will result in disqualification.
/ Respect the boundaries: do not attempt to interact with any infrastructure outside of the designated challenge scope.
/ The CTF can be played individually or in small teams (one submission account per team).
Participants who complete all challenges may enter a special raffle for limited-edition vuln.casa swag.
PRIZES
TBD
REGISTRATION
TBD
