What is CSA XCON CTF 2026?

CSA XCON CTF 2026 is India's premier Capture The Flag cybersecurity competition held on March 11-12, 2026. It features 30+ challenges across Web Application Security, AI/ML Security, and Cloud Security categories with prizes worth Rs 3,00,000+.

What are the CTF challenge categories?

CSA XCON CTF 2026 has 3 challenge categories: 1) Web Application Security - SQL injection, XSS, SSRF, API vulnerabilities; 2) AI/ML Security - Prompt injection, adversarial attacks, LLM vulnerabilities; 3) Cloud Security - AWS/Azure/GCP misconfigurations, container escapes, IAM exploitation.

How do I register for CSA XCON CTF?

To participate in CSA XCON CTF 2026, all participants must have a valid CSA XCON 2026 Standard Pass (minimum) purchased from konfhub.com/csa-xcon-2026. This is a solo-only competition.

What are the prizes for CSA XCON CTF 2026?

CSA XCON CTF 2026 offers prizes worth Rs 3,00,000+ (approximately $3,500+ USD). The exact prize distribution for 1st, 2nd, and 3rd place will be announced closer to the event.

Can beginners participate in CSA XCON CTF?

Yes! CSA XCON CTF 2026 welcomes participants of all skill levels. Challenges range from Easy to Hard difficulty. Each category has beginner-friendly challenges to help newcomers learn while competing.

What is the CTF flag format?

The flag format for CSA XCON CTF 2026 is XCON{flag_text_here} unless otherwise specified in individual challenges.

CTF Competition 2026 | CSA XCON Capture The Flag | Web, AI/ML, Cloud Security

What is Capture The Flag (CTF)?

A Capture The Flag (CTF) competition is a hands on cybersecurity challenge where participants solve security puzzles, identify vulnerabilities, and uncover hidden “flags” to score points. Each flag is proof that a problem has been successfully solved, turning learning into a fast paced battle of logic, skill, and creativity.

Designed for both beginners and experienced professionals, our CTF features challenges across three high impact domains:

Participants can compete individually to analyze systems, think offensively, and defend strategically.

More than just a competition, a CTF is a real world simulation of cybersecurity problem solving where curiosity meets capability and every solved challenge brings you one step closer to the leaderboard.

Challenge Categories

Test your skills across cutting-edge domains of cybersecurity

Web Application

SQL injection, XSS, CSRF, authentication bypass, SSRF, API vulnerabilities, and modern web application attacks.

10+ Challenges

AI / ML Security

Adversarial attacks, model extraction, prompt injection, LLM vulnerabilities, data poisoning, and AI system exploitation.

10+ Challenges

Cloud Security

AWS/Azure/GCP misconfigurations, IAM exploitation, container escapes, serverless vulnerabilities, and cloud-native attacks.

10+ Challenges

Live Scoreboard

See where you stand against the competition

scoreboard.sh

./fetch_scoreboard --live

[*] Connecting to CTF server...

[+] Connection established

[*] Fetching live rankings...

========== TOP Players ==========

#1 CyberPhantom 4,250 pts

#2 H4ck3rElite 3,890 pts

#3 BinaryNinja 3,650 pts

#4 ZeroDay 3,420 pts

#5 Your_Score? ??? pts

Claim Your Spot

Event Timeline

Mark your calendar for these important dates

Feb 12, 2026

Registration Opens

March 10, 2026

Registration Closes

Mar 11, 2026

CTF Begins (9 AM)

Mar 12, 2026

CTF Ends (11 PM)

Mar 14, 2026

Winners Announced

Prize Pool

Compete for glory and amazing rewards

2nd Place

1,00,000

Winner

1st Place

1,50,000

3rd Place

50,000

Terms & Conditions

Please read the following terms carefully before participating

01 Individual Participation Only

This CTF competition is strictly limited to solo participants. Team participation is not permitted.

02 No Flag Sharing

Sharing flags, solutions, write-ups, or any form of challenge assistance with other participants during the competition is strictly prohibited. Any violation will result in immediate disqualification.

03 Prohibited Activities

Participants must not attempt to attack, disrupt, or interfere with the CTF platform, infrastructure, or other participants. Only the designated challenges provided within the competition scope may be targeted.

04 Flag Submission Format

All valid flags will follow the format: CSAxCON{...}
Submissions that do not adhere to this format will not be accepted.

05 Organizer Authority

All decisions made by the organizers regarding rules, scoring, and eligibility are final and binding.

View Full Rules

What is Capture The Flag (CTF)?

Challenge Categories

Web Application

AI / ML Security

Cloud Security

Live Scoreboard

Event Timeline

Prize Pool

Terms & Conditions

Ready to Hack?