Deploy Now - Beta Access

BSides Ahmedabad WarGames: Rules of Engagement, Rewards & The Arena

WarGames: Live Hacking for Talent

Welcome to BSides Ahmedabad 2025 WarGames.

How to Play?

  1. Scan QR on Standee
  2. Find us to get the Event code
  3. Register/Login
  4. Begin the Hunt

Join Us

The Arena

This is not a CTF. This is a WarZone.
Your target is a live, full-scope Corporate Environment. It is a complex ecosystem of multiple integrated applications, including portals, administrative dashboards, API endpoints and more. It was designed to mimic the chaos, complexity, and critical nature of a real-world Organization’s infrastructure. The induced vulnerabilities are replicas of issues found both by our team and the community, in real world Pentests and Bug Bounties - in Fortune 500 companies and beyond. This is as real as it gets.
There are NO Flags.
Your job is not to solve a puzzle. Your job is to find the flaws that a real attacker would exploit.

Mission Objectives

    Your primary objective is to identify and report vulnerabilities within the defined scope. Your secondary objective is to do so with the professionalism and methodology of an elite Security practitioner.
    Success is not just measured by Speed. More than that, it is measured by the quality of your reports and the impact of your findings.

Rules of Engagement

This is a professional engagement. Act like a professional. Violation of these RoE will result in immediate and permanent disqualification.

  • In-Scope: All assets and applications ONLY within the Event: “Bsides Ahmedabad 2025” on the Platform.
  • Out-of-Scope (Zero Tolerance):
    • *.barracks.army (strictly off-limits)
    • Denial of Service (DoS/DDoS) of any kind
    • Spamming, phishing, or any form of social engineering against our staff or other participants.
    • Accessing or modifying the data of other participants.
    • Public disclosure of vulnerabilities. This is exclusively created for you. Keep this unfair advantage to yourself
    • Automated scanning tools that produce a high volume of traffic. Use your judgment. If you think it might be disruptive, it is out of scope.
    • We’ll try to be as fair as possible. But that isn’t always the ideal scenario. So In case of any and all disputes, we’ll be more than happy to try and resolve it but the final say and decision will remain with us.

We are not here to hold your hand. Act like you've been here before.

The War Board

This is not a game of one winner. We recognize and reward excellence in all its forms. The War Board tracks the five primary Field Honors. These are the highest accolades of the WarGames.

  • The Flash: Awarded for the first valid, high-impact vulnerability submitted.
  • The Ghost: Awarded for the most creative, unexpected, or "unintended" vulnerability.
  • The Strategist: Awarded for the first valid report detailing a complex exploit chain.
  • The Trailblazer: Awarded to the first practitioner to reach the 1200-point threshold on the leaderboard.
  • The High Roller: Awarded for a rapid, overwhelming assault of five or more high-impact reports within a three-hour window.

And since you proved your worth, we have reserved some Exclusive Swag for all 5 of you.
You Focused when it mattered, now let the Focus be on You.

Each one of them will also receive One Month of Barracks Pro as well.

Dozens of other Commendations might be awarded post-event for specific skills.

The Arsenal (Prizes)

Credibility is the ultimate Prize. But the right tools are a close second. The following is the declassified list of prizes for top contenders.

  • Grand Prize:

    The Flipper Zero. A Master key for the Master of the Game.

  • Career Opportunities:

    Paid internships with our Elite Talent Partners - prominent, high-growth Companies in the Security space. This is your direct path into the Industry

  • Trophies:

    The Top 3 Ranked Hackers on the Leaderboard will earn the ergonomic hardware that separates the Amateurs from the Professionals, including the Sit-to-Stand Desk and the MX Master 3s.

  • Exclusive Swag:

    From Tshirts to Mousepads to Stickers, we’re packed with Swags. And Practice what we Preach. So you’ll get a chance to earn your Swag.

Triage Protocol

Every report submitted is triaged and overlooked by a team of seasoned Security Professionals, including ex-HackerOne triagers and active, top-tier Bug hunters.
We do not care about the volume of your findings. We care about the quality. A single, well-written report for a critical vulnerability is worth more than a dozen low-effort submissions. This is a meritocracy. Your work will be judged on its impact, its clarity, and its professionalism.

Comms Channel

The Public feed is for announcements. The War Room is where the actual intel gets dropped.
All Live updates, Rule clarifications, and Surprise drops will happen in our private Discord first. If you're serious, this isn't optional.

Join the War Room on Discord

Conclusion

The Arena is ready. The Rules are set.
Brace yourselves.