Post

CSEAN CTF 2026

Posted Updated
Preview Image
By Mark Uchechukwu
2 min read
CSEAN CTF 2026

CSEAN CTF 2026

Overview

The (CSEAN) held its annual Cyber Secure Nigeria 2026 Conference in Abuja on May 6th and 7th, 2026. As part of the conference, the third edition of the CSEAN Capture The Flag (CTF) competition was conducted online, bringing together cybersecurity enthusiasts and professionals.

I was also part of the core team responsible for moderating and coordinating the competition.

How it happened

Going back to 2023, when the first edition of the event took place, I participated alongside a few friends and we ended up securing first place.

Since then, I’ve been involved in authoring challenges for the subsequent editions.

Last year, the event didn’t hold due to certain circumstances. However, @password ensured that it made a return this year.

Thankfully, it did take place, and overall, it went really well.

Remarks

I started out thinking I would build something interesting. At the time, I already had a few ideas, mostly in the easy to medium range.

Initially, my plan was to focus only on pwn and reverse engineering challenges, since I was quite busy with school during the first few months, and also preparing to qualify with Team Error for the ECOWAS regional hackathon.

My original target was to create 6 pwn challenges and 6 reverse engineering challenges. However, it turned out that only @password and I were actively contributing to challenge development.

Because of that, I decided to change direction and poured all my remaining ideas into challenge creation instead.

In total, I was able to create 50 challenges:

  • Cryptography (2)
  • Web Exploitation (9)
  • Pwn (11)
  • Reverse Engineering (8)
  • Misc (10)
  • Forensics (10)

On the other hand, @password created 20 challenges:

  • Security Operations 1 (12)
  • Security Operations 2 (4)
  • Security Operations 3 (4)

A few additional challenges didn’t make it to release and 4 broke during testing haha:

  • CSP Me (web) - A CSP bypass challenge chained with another vulnerability
  • Old Days (web) - A vulnerability in an older version of Maarch Courier (no public CVE)
  • Music Manager (pwn) - A standard userland heap exploitation challenge
  • Kernel Odyssey (pwn) - A kernel heap exploitation challenge

All things considered, I think it was a solid outcome.

Here are some stats:

statistics
Statistics
secops1 secops1 secops1
Challenges Authored by @password
pwn re web misc
Challenges Authored by @h4cky0u (yes, that's me lol)

The teams did really well overall, although I’d say most of the pwn challenges got a bit “slopped” 😭 (lmao).

Still, I put a lot of effort into them.

Shoutout to:

  • @s33noevil for clearing all the reverse engineering challenges in a very limited amount of time.
  • @proflamyt for first blood on Stack Guard.
  • @gr33pp for first blood on CNotes.
  • @securedviki for first blood on OhMyVm.

… and honestly, the list goes on.

End

We did experience some downtime on the CTF platform, but @password managed to get it fixed in time despite his busy schedule, which was really appreciated.

Overall, the event was a blast. See you at the next edition…hopefully with even better challenges (if AI hasn’t taken over the world by then 😂).

The challenges will be uploaded here.

And perharps, the writeups too :D

(Writeups may also be coming soon on my blog 👀)

ありがとうございます!😊

CTF
blog events
This post is licensed under CC BY 4.0 by the author.