Meet Alex, a second-year computer science student at TAD College. While most of his classmates are buried in textbooks or focused on acing their exams, Alex’s true passion lies elsewhere — in understanding how systems really work under the hood.
From an early age, Alex found himself curious about how websites, databases, and networks communicated. But unlike traditional academic paths, he preferred hands-on exploration. Instead of studying for quizzes, he would often spend hours inspecting his college’s internal systems, testing for flaws and tracing how data flowed behind the scenes.
His main focus? The TAD platform — the core system powering everything from student profiles and staff accounts to course schedules and grade management. For Alex, this wasn’t just an admin dashboard — it was a challenge, a puzzle begging to be solved.
This CTF simulates Alex’s journey as he dives deeper into TAD, uncovering vulnerabilities one layer at a time. Each challenge you solve brings Alex closer to exposing the secrets of the system — and sharpening your skills in the process.
Embark on Alex's first mission: begin your journey into the heart of the TAD system's security.
CTF (Capture The Flag) challenges are a type of cybersecurity competition where participants solve various tasks to find hidden "flags." These flags are typically unique strings of text (e.g., FLAG{this_is_your_first_flag}) that prove you've successfully exploited a vulnerability or solved a specific puzzle.
This platform provides hands-on challenges in a safe, isolated environment, designed to simulate real-world web application vulnerabilities like Insecure Direct Object Reference (IDOR), Cross-Site Scripting (XSS), SQL Injection, and more.
FLAG{...}. This is your goal!All challenges are meant for educational purposes only. You’re encouraged to take your time, experiment responsibly, and build real-world offensive security skills through practice within this isolated TAD environment.