This CTF is designed to let mostly technical people (software developers, product managers, technical consultants, etc) explore enterprise (B2B) software security. Most of the challenges are based on real-world exploits I've seen in enterprise applications/APIs.

Some details on each challenge:

• Each of the flags is in the format eski{flag_value}, unless explicitly stated otherwise. You would then submit the flag as flag_value without the eski{} wrapper
• Most challenges have at least 1 hint, which "cost" you points. So if the challenge is 500 points and a hint is listed as 200 points, if you use it and then solve the challenge, you'll only be awarded 300 points, for example
• Once you find a flag, you can access https://ctf.sha.ne/flags/flag_value which will have additional background on the exploit: where I've seen it in the real-world, and what the real-world impact has been that I've seen