plfanzen CFT
What originally started as a joke at DHM has now evolved into a CTF with chall authors from all across the DACH region, and more :)
The CTF is aimed at more experienced players, but will (probably) also contain a few intro challenges, and some zaje, maybe even both :)
Plfanzen CTF is a team event for teams of any size. You can also participate on your own!
CTF will start 2026-05-08 18:00 and end 2026-05-10 (Exact end time TBD)
LLM policy
The focus of this CTF is on human creativity and problem solving, and we want to encourage participants to come up with their own solutions. We believe that there are many challenges in this CTFs that can not be easily solved with LLMs, but we also acknowledge that LLMs are getting better and better at solving CTF challenges, so we want to establish a clear policy on the use of LLMs in this CTF.
Prohibiting the use of LLMs entirely is not feasible, so we we are introducing a separate bracket for human teams that choose not to use LLMs. This way, human players do not feel discouraged or pressured by LLM-assisted solves, without us having to enforce a strict ban on LLMs, which would be difficult to enforce and could lead to conflicts.
Being in the "humans" bracket will not affect your eligibility for prizes. You can still submit human writeups for challenges if the challenge was solved without heavy LLM assistance even outside the human bracket. The separate ranking will just be a way to recognize and celebrate the achievements of human players.
For the "humans" bracket, the following rules on LLM usage apply:
-
LLMs may be used to to explain general concepts that are not
specific to a particular challenge.
Okay: How is a HTTP request structured?
Not Okay: How do I factor this formula? -
LLMs may be used to help write stumps of code you fully
understand.
Okay: Write a function that establishes a TCP connection to a given IP and port.
Not Okay: Write a function that exploits this buffer overflow. - LLMs may be used to help find the correct command line arguments for tools or as a search engine to find relevant resources and tools.
- You may not to utilize LLMs to solve specific problems directly.
- You may not to paste challenge code directly into LLM chats.
- You may not to utilize tools such as GitHub Copilot, Codex, or Claude in a way that would allow them to directly interact with challenge code/handouts.
- You may not to ask LLMs to implement a full solution based on a high-level description or a few buzzwords.
- You may not to use LLMs for writeups (for writeup prizes).
We reserve the right to disqualify teams from the "humans" bracket if we find evidence of LLM usage that violates the rules, or to disqualify teams from the writeup prizes for the same reason.
applying for the "humans" bracket
will be elaborated on in the future
Someone from your team should email us at vorstand@plfanzen.lol with a form we'll provide later. Opt-in for the "humans" bracket will apply to your whole team. We may disqualify teams from the "humans" bracket if we find evidence of LLM usage that violates the rules.
sponsors
not final, ideally we find more
PWND Labs GmbH is a cybersecurity company, founded by past and present ECSC and DEF CON Finals players, specializing in application security. We offer source code audits and secure software development consulting.
Email vorstand@plfanzen.lol if you are interested in sponsoring the CTF.prizes
not final, WIP
placement
- 25€
- 15€
- 10€
writeups
- 50€ for best writeup for windows kernel challenge
- ~200€ distrubuted among writeups for other challenges (exact distribution TBD)
state of this document
This page is not final and will be updated as we get closer to the CTF.