NEXUS is a portable and immersive CTF system where you face off against a conversational AI embodying a "final boss". Solve cybersecurity challenges while NEXUS reacts to your every move in real time.
NEXUS merges a classic technical CTF with an interactive narrative driven by an adaptive AI.
In practice:
- You identify yourself via an NFC badge (Mifare Classic 1K)
- NEXUS challenges you through multiple Dockerized challenges (web, crypto, reverse, pwn, steganography, prompt injection, lockpicking…)
- Every action that impacts the system triggers a reaction from NEXUS: tone shift, ASCII art change, difficulty adjustment
- A real-time scoreboard tracks your progress and ranks you against other players
The AI adapts across 3 difficulty levels and will never give you hints, it's here to defeat you.
- Raspberry Pi 5 (8 GB RAM)
- Touchscreen connected via micro-HDMI
- NFC reader + Mifare Classic 1K badges
- Docker & Docker Compose installed on the Pi
Start each challenge level individually using Docker Compose:
# Level 1 — Web panel (port 5000)
docker compose -f levels/level1/docker-compose.yml up -d
# Level 2 — SSH escalation (port 2222) + SQL injection panel (port 5001)
docker compose -f levels/level2/docker-compose.yml up -d
# Level 3 — NEXUS CIPHER multi-vulnerability chain (port 5002)
docker compose -f levels/level3/docker-compose.yml up -dChallenge structure
levels/
├── level1/ ← Web panel — XSS & SQLi (port 5000)
│ ├── Dockerfile
│ ├── docker-compose.yml
│ └── app/
├── level2/
│ ├── ssh/ ← SSH + privilege escalation (port 2222)
│ └── sqli/ ← SQL injection vault (port 5001)
└── level3/ ← NEXUS CIPHER — Path Traversal, JWT Forgery, Blind SQLi & SSTI chain (port 5002)
├── Dockerfile
├── docker-compose.yml
└── app/
Each level directory contains a writeup (.md) describing the vulnerability chain and solution.
You're invited to join this project! Check out the contributing guide.
If you're interested in how the project is organized at a higher level, please contact the current project manager.
Developers
![]() Aurélien Schirmann |
![]() [Developer's name] |
|---|
Manager
![]() Timothée Pasteau-Berthaud |
|---|
🚀 Don't hesitate to follow us on our different networks, and put a star 🌟 on
PoC'srepositories
Made with ❤️ by PoC


