Welcome to CybrixBastion 👋
The platform is currently in beta testing — if something behaves differently from what's described here, it's most likely a bug, not "working as intended." Report it to the admin/instructor.
1. Registration & login
Register→ enter your email and password.- A confirmation link will be emailed to you — you can't log in without verifying your email, that's intentional.
- No email after a couple of minutes? Check spam, then contact the admin.
2. How challenges work
Challenges are grouped by category (web, crypto, forensics, reverse,
pwn, misc, soc) and difficulty (easy → medium → hard → insane).
Each challenge has:
- Points that decay as more people solve it — the earlier you solve it, the more you get;
- A "first blood" bonus — extra points for whoever solves it first;
- Hints — some free, some cost points (deducted from your score the moment you open them, so open carefully);
- Files to download (logs, binaries, pcaps, etc.) — a download button right on the challenge page.
3. Submitting a flag
All flags follow this format:
cybrix{something_like_this}
Copy the whole flag (including cybrix{ and }) and paste it into the field
on the challenge page. The system:
- accepts it regardless of stray leading/trailing whitespace;
- locks you out for 5 minutes after 5 wrong attempts within the last 5
minutes — that's expected behavior, just wait and submit the right flag
instead of brute-forcing.
4. Docker challenges ("live" servers)
Some challenges (marked separately) aren't a file but a running server you interact with (a web app, a network binary, etc.):
- Click "Start" on the challenge page.
- The platform gives you a link (
/live/<port>/) automatically — nothing to construct by hand. - The instance is time-limited (usually 1 hour) — the timer is shown on the page. Ran out of time? Just start it again.
- Remember to click "Stop" when you're done — it frees the resource for your own next run and for everyone else.
5. Premium challenges
Some challenges are marked Premium — and that's not limited to the
hardest insane tier. Premium challenges show up at every difficulty level,
including easy/medium — check the "Premium" badge right on the challenge
card in the list to be sure. Without an active subscription, that
challenge's description and files won't open (the button redirects to the
subscription page). Everything else on the platform (KB, leaderboard,
non-premium challenges) is available without a subscription.
6. Where to get help if you're stuck
The Knowledge Base (/kb/) has:
- Cheatsheets (/kb/cheatsheets/) — quick command/payload references per
category (there's even a dedicated one for SOC challenges — log analysis,
phishing, Sysmon, Sigma rules);
- Articles (/kb/articles/) — deeper explanations of topics (SQLi, XSS,
reverse shells, hashcat, etc.);
- Methodologies (/kb/methodology/) — frameworks (OWASP Top 10, MITRE
ATT&CK, PTES) for a systematic approach to finding vulnerabilities.
Tip: before writing an attack script, open your category's cheatsheet — 90% of the time the command you need is already there.
7. Leaderboard & scoring
/leaderboard/ ranks every participant by total points. Points come from
solved challenges (minus whatever you spent on paid hints) — it's all
transparent and updates right after you submit a correct flag.
8. Ground rules during the beta
- Don't share flags with other participants — everyone solves it themselves;
- Don't try to brute-force/DDoS the platform itself (the challenge servers, on the other hand — attack those as much as you need, that's the whole point);
- Found a platform bug (not a challenge bug)? Report it to the admin — it helps everyone.
Happy hacking! 🚩