pwnEd
7 . < Edinburgh University's flagship CTF & conference />
SIGINT Logo

About

SIGINT is proud to present pwnEd 7, the 7th edition of our infosec conference and CTF for UK university students. The CTF will follow a quals/finals format, where qualifying teams will be invited to the in-person finals hosted at our Edinburgh campus.

Combining a highly technical conference together with a CTF across two days, with two tracks of talks from industry leading professionals, researchers, academics and top CTF players, pwnEd is the perfect opportunity to learn, network and compete.

Whether you're a seasoned CTF player, new to the game, or just simply looking to solve a challenge, you won't want to miss it.

Tickets are now live!

Get your conference ticket here

In-Person Finals and Conference

The event will consist of our Capture the Flag (CTF) finals on day one, followed by the conference on day two.

Bringing together industry experts and top students from across the country, pwnEd 7 presents a great opportunity for networking with top notch professionals and diving deeper into highly technical cybersecurity fields.

When?

CTF Finals
Date: 2026-03-14
Time: 10:30:00

Conference
Date: 2026-03-15
Time: 10:00:00

Where?

In-person on our
Edinburgh campus at the Nucleus building.

Who?

The conference is open to all.
Only qualifying teams will be able to attend the CTF finals.

Online Qualifiers

The qualifiers have now ended. Congratulations to our finalists:

  1. cheese (University of Warwick)
  2. MEOW MEOW MEOW MEOW MEOW (University of Cambridge)
  3. R0073R5 (Coventry University)
  4. The Pwntipines (University of Edinburgh)
  5. Tarot Triad Tron (University of Bristol)
  6. DMUHackers (De Montfort University)
  7. hackchester (The University of Manchester)
  8. UCL (University College London)

Stay tuned for the finals, and join us for next year!

Talks

Doom on a Printer!? - Exploiting the Lexmark CX532adwe
Joseph B Interrupt Labs

We've done paperclips, now what?
Viktor CTFbazaar

Hacking the hackers, Vulnerabilities in Open Source C2 Frameworks
Laurence Tennant Co-founder of Cryptohack

Sigils in Silicon, Networks of Wizards, and the Descent into Esoteric Madness
Alistair Bugcrowd

Hacking in the age of vibecoding (Workshop)
Michael Debono OtterSec
Vibecoding is now producing multi-million-line codebases. To demonstrate how to hack such software, I vibecoded a blockchain node! Blockchain nodes are among the densest demonstrations of interdisciplinary engineering, combining Cryptography, Consensus, VMs, Databases, Game Theory, Networking, and more. Try to keep a vibecoded blockchain node up while the lecturer exploits it every few minutes. Longest-running node gets a prize!

A single bug can liquidate billions of dollars in an instant. No cringe, silly smart contracts, only low-level knowledge!

From Exploit to Alert: A Detection Engineer's Guide to Threat Intel
Steve Cooper DetectionFlow
A threat actor exploits a known vulnerability, gets evicted, then returns 18 days later to deploy ransomware in under 90 minutes. Using a real DFIR report, this talk walks through how detection engineers turn threat intelligence into detections that actually work.

Application Security in the age of cloud automation
Simardeep Singh Warwick University
Web application vulnerabilities are often viewed as isolated issues with limited impact. In modern cloud environments, this assumption no longer holds true. As organizations increasingly rely on automation-driven web applications to manage infrastructure, deploy services, and perform routine operational tasks, application flaws can directly translate into cloud-wide compromise. This talk examines how common web application weaknesses can escalate beyond the application layer and break critical cloud security boundaries. Through four focused attack scenarios identity and token exposure, internal service abuse via SSRF, CI/CD deployment trust exploitation, and cloud-native persistence mechanisms the session illustrates how trust assumptions introduced during application design and implementation are abused in real-world environments. Rather than showcasing isolated exploits, the presentation focuses on systemic design and implementation failures that emerge as applications take on greater responsibility for automation and control within cloud platforms. It highlights why traditional threat models often underestimate the resulting blast radius and how these risks are amplified by automated workflows. The session concludes with practical, application-first defensive strategies, helping teams design and deploy web applications that limit cloud impact when failures occur, ensuring that a single web bug does not become a cloud breach.

Hacking Satellites: Cybersecurity in the Space Domain
Ciara Brown PhD Student at the University of Edinburgh
Have you ever wondered how to defend the final frontier from cyber-attacks? This talk will immerse you in the space domain and explain why protecting space is important. We’ll go through some real-world attacks (aka hacking satellites) and the implications, following through to best practice protection and going through a space-oriented cyber defensive framework We’ll wrap up speaking about training pathways and how you can get involved.

Many thanks to our event sponsors:

Gold

Silver

Bronze