2026 Edition
The third edition of the Jeanne d’Hack CTF took place from January 30th at 9 AM to January 31st at 4 PM, and it was a memorable experience! With 130 participants on site and over 1000 online, the energy was palpable! This year, participants from different countries joined the event, with some even attending in person, making it our first “international” edition.
This year, there were no introductory courses, but a series of workshops led by experts in Web, Android, and Reverse Engineering. An introductory workshop on CTF was also offered for beginners, allowing several of them to dive into the world of cybersecurity challenges.
|
|
The theme chosen for this edition delighted everyone: video games. Numerous nods to legendary franchises such as Pokémon, League of Legends, Space Invaders, and many others entertained the geek lurking (or not) in each of us. One of the new features of this edition was the creation of two rankings: one for students and one for professionals, allowing for a better adaptation of the experience to each participant.
Here is the final score table for professionals and students:
Professionals scoreboard
Students scoreboard
For those who wish to explore further, the CTF’s GitHub is available at this address.
Infrastructure handling
On the technical side, managing the infrastructure was an exciting challenge. To host the challenges and the CTFd platform, we deployed several machines. Here is an overview of their specifications:
| Machine | vCores | Memory | Storage |
|---|---|---|---|
| CTFd | 16 | 64GB | 350 GB |
| Web1 | 8 | 24GB | 200 GB |
| Web2 | 8 | 24GB | 200 GB |
| Web3 | 8 | 24GB | 200 GB |
| Pwn / Rev / Crypto | 8 | 24GB | 200 GB |
| ctf101 | 8 | 24GB | 200 GB |
The CTFd platform was proxied via Cloudflare, which greatly reduced the load thanks to their caching system while providing protections against DDoS attacks. In total, 743.53k requests were recorded on the platform, and the infrastructure handled the load without any issues.
However, we noticed after the event that some machines were under-utilized, while others were constantly in demand. This is an area for improvement for future editions!
The Day the Machine Beat the Human
This year, it was impossible to overlook: AI was omnipresent during the competition. This point was raised multiple times in the meetings leading up to the event by the challenge creators. We were all in favor of using AI, especially for beginners who often feel lost during their first CTFs. That’s why there was no rule mentioning the prohibition of using any kind of AI.
While for many it was a fantastic productivity booster, we also observed a trend that deserves reflection: for certain teams, AI was more than just an assistant; it became a complete replacement for the human element, completing as much as 98% of the challenges just a few hours after the competition began.
We do not question the victory or merit of these teams (thanks to them for their transparency regarding their usage), but we simply raise the question of relevance. If every CTF is destined to be solved solely by AI, what’s the point of participating and organizing events?
Will there come a time, perhaps a decade from now, when no human will participate because they’re faced with a machine far more competitive than they are?
We spent nearly a year designing, imagining, and testing challenges to ensure they were fun, engaging, and educational for participants; all this effort just for some people to validate the challenges without even needing to read the titles.
It may be time to redefine our approach and reinforce the essence of CTFs: knowledge sharing, enjoyment, and the satisfaction of overcoming challenges.
Our CTF is designed by humans, for humans; let’s not allow the tool to overshadow the craftsman!
Merci, Merci et encore Merci!
Les organisateurs tiennent à exprimer leur sincère gratitude aux sponsors qui ont rendu cet événement possible: . Leur soutien est crucial pour la promotion de l’éducation et de l’engagement dans le domaine de la cybersécurité.
The organizers would like to express their sincere gratitude to the sponsors who made this event possible: XMCO, Quarkslab, PentesterLab, Torii Security, Olympe Cyber Défense, and Tumar.One. Their support is crucial for promoting education and engagement in the field of cybersecurity.
A special thanks goes to the University of Rouen Normandy for their warm welcome, especially to Magali Bardet and Bruno Macadré, as well as to all the volunteers whose support contributed to making this event a success: Florian Husson, Ali Hammoudi, Kaci Hammoudi, Richard Dufour, Louka Boivin, Laurent Laubin, Elise Pons, Benoît Forgette, Aldo Moscatelli, Tom Chambaretaud, Dihia Azzedine, Sami Babigeon.
Everyone was incredible!
Finally, a heartfelt thank you is extended to all the participants for their energy and sportsmanship. They made this CTF an unforgettable experience.
|
|
|
|
