February 14, 2025 • 24 Hours • Online • Mixed Difficulty
"The name itself - Latin for 'love of death' - set the tone: a dark, intense competition where players embraced the thrill of breaking systems rather than building them."
On February 14, 2025 - Valentine's Day - Cybercom launched Amor Mortis CTF, a 24-hour online Capture The Flag competition open to security enthusiasts, students, and professionals worldwide.
The event drew 200+ participants competing solo or in teams across 26 challenges spanning 8+ categories. Challenges ranged from beginner-accessible entry points to expert-level problems rooted in real-world CVEs and cutting-edge AI exploitation techniques.
Amor Mortis was built to challenge players across the full spectrum of offensive security. The difficulty distribution was intentional - every category had at least one easy entry point and one challenge that pushed even experienced players, ensuring the scoreboard stayed dynamic throughout the full 24 hours.
One of the standout challenges in Web Exploitation was built around a real-world CVE. Rather than fabricating an artificial vulnerability, we reproduced the actual disclosed bug in a controlled environment.
Why CVE-based? Real CVEs carry real context. When a player exploits a CVE-based challenge, they're not just solving a puzzle - they're understanding an actual attack vector that hit real infrastructure.
react2shell required players to research the CVE, understand the root cause, and craft a working exploit - not just run a public PoC blindly. The challenge rewarded players who took time to read the advisory and adapt their approach.
Amor Mortis featured a first-of-its-kind challenge category for our platform: AI/LLM exploitation. The challenge had a Valentine's Day twist that fit the event theme perfectly.
These challenges tested a new dimension of offensive thinking - understanding how LLMs process context and boundaries.
Amor Mortis ran entirely on Cybercom's own infrastructure - no third-party CTF platforms, no rented scoring engines. Every layer from challenge deployment to player management was built and managed in-house. Challenges ran as shared containerized services across the Docker Swarm cluster.
HTTPS termination and DDoS protection at the edge
Challenge container orchestration across the cluster
Session management with TTL-based automatic cleanup
Elastic capacity to absorb traffic spikes at event start
Competition was fierce from the opening hour. The top teams demonstrated deep cross-category versatility. With 26 challenges on the board, the winning team solved 16 - a strong performance that still left 10 challenges unbeaten at the top.
| Rank | Team | Solves | Points |
|---|---|---|---|
| 01 | 0xfun | 16 / 26 | 4850 |
| 02 | ShaZ Team | 14 / 26 | 4320 |
| 03 | Knull Team | 12 / 26 | 3780 |
| Challenge | Team | Time (HH:MM:SS) |
|---|---|---|
valentine_warmup Miscellaneous | Knull Team | 00:03:05 |
react2shell Web Exploitation | 0xfun | 00:15:42 |
prompt_injection AI / LLM | ShaZ Team | 00:22:10 |
smart_contract_vuln Web3 / Blockchain | ShaZ Team | 02:45:18 |
heap_overflow Binary Exploitation | 0xfun | 04:12:30 |
Cybercom handles the infrastructure, challenge design, and operations end-to-end to ensure absolute precision.
Get in Touch →Cybercom's AI Sales Bot. How can I help you today?