RatCTF
Roadmap 2026

8 Weeks. 40 Machines.
One Roadmap.

Eight themed series dropping weekly — each one a self-contained lab estate built around a real attack pattern. Full schedule below.

8 Themed Series
40 Machines
2 Months of Content
1x Per Week

Operation Switchboard

Live Now

A telecom startup exposed its internal protocol stack. Navigate legacy daemons, misconfigured services, and credential leaks through five interconnected hosts.

Switchboard FTP Switchboard Relay Switchboard Cache Switchboard Sync Switchboard Monitor
Launches Jun 20, 2026 Start Series →

Blacksite Webapp

Live Now

Blacksite built five internal web tools in a hurry. Every tool has a classic OWASP Top 10 flaw. Move through the estate extracting credentials from each.

Blacksite DB Blacksite Tools Blacksite Media Blacksite Reports Blacksite Import
Launches Jun 27, 2026 Start Series →

Pipeline Breach

4 days away

A CI/CD pipeline exposed from dev to prod. Leaked commits, environment variables, registry credentials, and build server access form a chain from source to root.

Pipeline Git Pipeline Env Pipeline Registry Pipeline Artifact Pipeline Runner
Launches Jul 4, 2026 Preview →

Exposed API

11 days away

Five microservices shipped without a security review. BOLA, mass assignment, JWT forgery, broken function-level auth, and SSRF — the OWASP API Security Top 10 distilled into a single estate.

API Users API Profile API Auth API Admin API Fetch
Launches Jul 11, 2026 Preview →

Cryptovault

18 days away

Cryptovault rolled its own crypto. Five services expose predictable tokens, crackable JWT secrets, hash length extension, padding oracles, and a factorizable RSA key.

Vault Keygen Vault Session Vault Verify Vault Encrypt Vault PKI
Launches Jul 18, 2026 Preview →

Containment Failure

25 days away

Five containers with dangerous misconfigurations — capability abuse, proc filesystem leaks, writable host mounts, Docker socket escapes, and the cgroups notify_on_release technique.

Container Caps Container Env Container Mount Container Socket Container Escape
Launches Jul 25, 2026 Preview →

Memory Lane

Coming Soon

Five SUID binaries, five memory corruption vulnerabilities. ret2win, shellcode injection, ROP chains, format string exploitation, and heap corruption — built for binary exploitation beginners.

Lane: Ret2Win Lane: Shellcode Lane: ROP Chain Lane: Format Str Lane: Heap
Launches Aug 1, 2026 Preview →

Social Engineering Sim

Coming Soon

Technical OSINT on RatCorp infrastructure. Five services leak credentials through HTTP headers, robots.txt, document metadata, debug logs, and hidden API export endpoints.

Corp Headers Corp Webcrawl Corp Docs Corp Logs Corp OSINT
Launches Aug 8, 2026 Preview →

Unlock Every Series

Premium gives you instant access to all 8 themed series, walkthroughs, and every machine the moment it goes live.

Go Premium → Browse Free Machines →