pwnEd
7 . < Edinburgh University's flagship CTF & conference />
SIGINT Logo

About

SIGINT is proud to present pwnEd 7, the 7th edition of our infosec conference and CTF for UK university students. The CTF will follow a quals/finals format, where qualifying teams will be invited to the in-person finals hosted at our Edinburgh campus.

Combining a highly technical conference together with a CTF across two days, with two tracks of talks from industry leading professionals, researchers, academics and top CTF players, pwnEd is the perfect opportunity to learn, network and compete.

Whether you're a seasoned CTF player, new to the game, or just simply looking to solve a challenge, you won't want to miss it.

Tickets are now live!

Get your conference ticket here

In-Person Finals and Conference

The event will consist of our Capture the Flag (CTF) finals on day one, followed by the conference on day two.

Bringing together industry experts and top students from across the country, pwnEd 7 presents a great opportunity for networking with top notch professionals and diving deeper into highly technical cybersecurity fields.

When?

CTF Finals
Date: 2026-03-14
Time: 10:30:00

Conference
Date: 2026-03-15
Time: 10:00:00

Where?

In-person on our
Edinburgh campus at the Nucleus building.

Who?

The conference is open to all.
Only qualifying teams will be able to attend the CTF finals.

Online Qualifiers

The qualifiers have now ended. Congratulations to our finalists:

  1. cheese (University of Warwick)
  2. MEOW MEOW MEOW MEOW MEOW (University of Cambridge)
  3. R0073R5 (Coventry University)
  4. The Pwntipines (University of Edinburgh)
  5. Tarot Triad Tron (University of Bristol)
  6. DMUHackers (De Montfort University)
  7. hackchester (The University of Manchester)
  8. UCL (University College London)

Stay tuned for the finals, and join us for next year!

Talks

Doom on a Printer!? - Exploiting the Lexmark CX532adwe
Joseph B Interrupt Labs
Joesph will be talking about the vulnerability research and exploit development process at Interrupt Labs, and their pwn2own submission for the Lexmark CX532adwe.

We've done paperclips, now what?
Viktor Former SIGINT
Join Viktor as he talks about his journey from touching a game console for the first time, to learning how to microsolder and unlock new features in proprietary firmware

Hacking the hackers, Vulnerabilities in Open Source C2 Frameworks
Laurence Tennant Co-founder of Cryptohack
As open-source command-and-control (C2) frameworks like Sliver, Havoc, and Mythic surge in popularity, their surprisingly large attack surfaces are creating unique opportunities for "hack back" exploits against offensive operators themselves. We will explore the architecture of these tools and demonstrate a series of vulnerabilities ranging from auth bypasses to a SSRF-to-RCE chain that allows a compromising an agent and pivoting straight into the team server. We will conclude by analysing the architectural root causes behind these flaws and exploring what the evolving landscape of offensive tooling means for both practitioners and defenders.

Hacking in the age of vibecoding (Workshop)
Michael Debono OtterSec
Vibecoding is now producing multi-million-line codebases. To demonstrate how to hack such software, I vibecoded a blockchain node! Blockchain nodes are among the densest demonstrations of interdisciplinary engineering, combining Cryptography, Consensus, VMs, Databases, Game Theory, Networking, and more. Try to keep a vibecoded blockchain node up while exploits are getting thrown at it every few minutes. Longest-running node gets a prize!

From Exploit to Alert: A Detection Engineer's Guide to Threat Intel
Steve Cooper DetectionFlow
A threat actor exploits a known vulnerability, gets evicted, then returns 18 days later to deploy ransomware in under 90 minutes. Using a real DFIR report, this talk walks through how detection engineers turn threat intelligence into detections that actually work.

Application Security in the age of cloud automation
Simardeep Singh Warwick University
In today's highly automated cloud environments web vulnerabilities can quickly escalate beyond the application layer and into a devastating cloud-wide compromise. Join me as we scrutinize broken security boundaries through the lens of identity exposure, SSRF, CI/CD exploitation, and cloud-native persistence. We'll wrap-up with defensive strategies to help teams build resilient applications to prevent a web bug becoming a catastrophic cloud breach.

Hacking Satellites: Cybersecurity in the Space Domain
Ciara Brown PhD Student at the University of Edinburgh
Have you ever wondered how to defend the final frontier from cyber-attacks? This talk will immerse you in the space domain and explain why protecting space is important. We’ll go through some real-world attacks (aka hacking satellites) and the implications, following through to best practice protection and going through a space-oriented cyber defensive framework We’ll wrap up speaking about training pathways and how you can get involved.

Many thanks to our event sponsors:

Gold

Silver

Bronze