Booth target catalog
Attack surfaces go live on signal.
The catalog is organizer-controlled across the three-day booth run. Targets can appear, pause, and rotate without changing the player workflow: inspect the service, prove the exploit, submit the flag, and move.
-- active targetsWeb / API / AI / Crypto / PwnTelemetry live
Before
Static lists do not measure how modern agents actually attack.
This event is built around realistic exploit flow. Some targets are browser-first, some expose API behavior, and some are designed to test whether a human or agent can chain observations into a reproducible win.
01 / inspectRead the prompt, open the target, and map what is exposed.
02 / exploitProve impact inside the sandbox. Do not touch platform infrastructure.
03 / submitCapture the flag, submit once, and watch the signal board move.
--
Active targets
6+
Attack surfaces
LIVE
Telemetry