
Jun 24, 2010
How to Hack your Way to BlackHat Vegas
Cyber Hacking Challenge – HSIYF 2 by Offensive Security
This past weekend Offensive Security ran its second cyber hacking challenge, “How Strong is Your Fu – Hacking for Charity“.
We first separated the contestants into groups of 10 and each had 48 hours to hack into our 5 evil machines that were conjured up by the VM gremlins of the Offensive Security Team.
The challenge started out by giving a false sense of security, but slowly progressed into a slow and painful event. The prizes that were offered were a free BlackHat Vegas, 2010 conference ticket, and a CTP online course and believe us, we didn’t let those prizes slip out of our hands easily.
Contestants had to fuzz, reverse, knock, develop exploits and stand constant abuse through the IRC channel by the Offensive Security Team. For surviving that – well done to you all.
We have announced the winners of the challenge in the HSIYF blog, where you will also find their documentation.
We would like to thank EVERYONE involved for this successful event. Till next time, sharpen your claws and strengthen your Fu, we will be back.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read