ContinuumCon CTF (CCCTF) 2026 !

ENVELOPE: The ContinuumCon CTF

June 12 (6PM EST) to June 14 (5PM EST). Live Windows VMs. Real malware. Real C2.

NOW EXTENDED UNTIL June 15 12PM EST !!

Prizes and badges

Ranked badge based on your final score, plus prizes from both JHT and Level Effect:

🥇 1st place: Choice of 1 Path or Bundle on JHT + 3 months Guardian (or your own DE&TH) on Level Effect
🥈 2nd place: Choice of 2 Single Courses on JHT + 2 months Guardian on Level Effect
🥉 3rd place: Choice of 1 Single Course on JHT + 1 month Guardian on Level Effect
Top 25: 30% off 1 month on Level Effect
Top 50: 25% off 1 month on Level Effect
Top 100: 15% off 1 month on Level Effect
All players: 10% off 1 month on Level Effect
The 1-month Level Effect discount can be applied to Guardian or Adventurer, your choosing.

And every ContinuumCon attendee, whether you play in the CTF or not, gets 10% off JHT with coupon code "CC10".

Participation badge for everyone who competes.

Scenario

A Finance user clicked the wrong shortcut. What looked like a Q2 remittance PDF was a more like a loader, now we're dealing with persistence, and outbound activity.

Now it's your turn to hunt through the box, find what landed where, and rip the implant apart.

What You'll Do

A hands-on incident response and reverse engineering challenge running alongside ContinuumCon 2026 workshops and AMAs.

Every player gets a pre-compromised Windows workstation with artifacts. You investigate, and solve the challenges.

The technical investigation:

• Trace initial access from the phishing ZIP
• Find what landed on disk and the multiple ways it survives reboot
• Reverse engineer the implant
• Triage any binaries found and any C2 activity you may find
• Hunt indicators of compromise across

The analytical writeup:

• Short-answer questions on threat intelligence and MITRE ATT&CK mapping
• Short-answer questions on detection engineering, including Sigma and YARA rule authoring
• Short-answer questions on governance, risk, and compliance
• An incident report with executive summary, technical analysis, and remediations

This challenge scales with you.

• Beginners can capture IOCs from the artifacts and write the report
• Intermediate players will dig into persistence, dropper analysis, and detection authoring
• Advanced players will reverse the malware, and capture every flag the live C2 has to offer

Skills covered

• LNK and PowerShell analysis
• Windows persistence hunting
• Reverse engineering and string deobfuscation
• Custom protocol analysis
• Live C2 interaction
• Detection engineering
• Threat intelligence reasoning
• GRC analysis considerations
• Incident response writing

VM hours

Every player gets time on a live Windows VM. Unused hours stay in your Foundry account for use on any content you have access to.

• Free players get 5 VM hours
• ContinuumCon Defender pass holders get 20 VM hours
• ContinuumCon Guardian pass holders get 30 VM hours
• Additional hours available for purchase in any tier