Love at First Breach 2026 - Advanced Track
Go deeper into TryHeartMe's web of lies.
hard
1337 min
Team room
7,421
To access material, start machines and answer questions login.
Welcome to the Advanced Track of Love at First Breach! You've proven your skills in the preliminary rounds, and now it's time to test whether your passion for security runs deep enough to crack the most challenging defenses we've prepared. In this track, the hearts we're targeting aren't made of chocolate. They're hardened systems, encrypted secrets, and vulnerabilities hiding in plain sight. The competition heats up from here, so grab your favorite caffeinated beverage, fire up your terminals, and let's see if you can make these systems fall head over heels. Good luck, and may your exploits be as elegant as they are effective!
What is a CTF?
A Capture The Flag event is a competition where you and your team will have to solve cyber security challenges in diverse areas of knowledge. The challenges are completely practical and will allow you to put your skills to the test. Each challenge has one or more flags you'll need to retrieve to score points.
A flag is a string of text hidden in each challenge that will serve as proof that you've achieved the expected goal. Flags for this competition will follow the following format:
THM{some_text_here}
Who Can Join?
Anyone! This CTF has no limits for participants.
Where Are the Challenges?
The advanced track of this competition will run from February 15th at 16:00 (GMT) until February 16th at 16:00 (GMT). The challenges will be made available in this room when the competition starts.
Read the Rules of the CTF!
We'd love to say that everything is permitted during your search to stop the attacker, but you can't go berserk here. Remember, you can attack the target machines, but not the TryHackMe platform.
This means:
- Do not attack TryHackMe's infrastructure.
- Do not attack other users' machines; only use your IP and/or the target machines' IP.
- Don't share flags with other teams.
- Don't ask for hints during the event.
- Do not brute force flags on the TryHackMe platform.
- The maximum team size is 2.
If you have questions or need support from us, please join our Discord channel and open a ticket.
Search for a Teammate
While playing solo is definitely possible, you can find a team mate by going to the event's matchmaker here.
I have read the rules and joined the Discord server.
Set up your virtual environment
TryHackMe
To
You
This Valentine's Day, an employee at Cupid Corp received a heartfelt e-card from a secret admirer, but romance wasn't the only thing in the air. Initial findings reveal that multiple attacker-controlled domains are tied to the campaign, each serving a distinct role in a highly sophisticated, multi-stage payload delivery chain.
The threat actor behind this operation appears to be exceptionally meticulous, with infrastructure configured to serve payloads only to genuine targets, specifically Windows users, effectively staying under the radar of automated analysis tools and casual investigation. However, it was eventually discovered that this specific campaign points all domains to MACHINE_IP.
Your mission: Trace the full attack chain, reverse-engineer the payloads, and recover the stolen data before the trail goes cold.
To get started, investigate the email in this archive to identify the infection's origin.
Zip password: happyvalentines
Chief Inspector Valentine 💕
What is the value of the flag?
Set up your virtual environment
TryHackMe
To
You
Spread the love this Valentine's Day with CupidCards - the web app that lets you create personalised Valentine cards! Upload a photo, add a heartfelt message, and generate a custom card for that special someone.
Chief Inspector Valentine 💕
What is the first user flag?
What is the second user flag?
What is the third flag?
Set up your virtual environment
TryHackMe
To
You
This Valentine's Day, someone is waiting to be swept off their feet. Break through the barriers and reach what's most desired.
Prove it with the Administrator flag, and remember on Valentine's day outbund traffic is not allowed.
Use this credential to access via RDP:
User: andrea
Password: Cupid@2026!
Chief Inspector Valentine 💕
What's the Administrator flag?
Set up your virtual environment
TryHackMe
To
You
NovaDev Solutions is a software development house known for building secure enterprise platforms for clients across multiple countries and industries. Recently, NovaDev Solutions rolled out a new customer interaction feature on their website to improve communication between clients and developers.
Shortly after deployment, NovaDev began experiencing unusual traffic patterns and minor service disruptions. Internal developers suspect that something in the latest udpate may have exposed more than intended.
Chief Inspector Valentine 💕
What is the flag.txt?
TryHackMe
To
You
This Valentine's Day, Cupid has gone digital with Cupid's Arrow - a revolutionary web application that lets users shoot virtual arrows across a world map to forge connections between people. But Cupid has had a change of heart.
Tired of playing matchmaker, the legendary deity has gone rogue and twisted their own creation into something sinister. What was meant to spread love is now being weaponized to break relationships apart. Couples worldwide are mysteriously drifting apart after their locations are targeted on the map, and Cupid is watching gleefully from above.
Your mission: Investigate the Cupid's Arrow application, discover how this fallen angel is manipulating the system, and find the flag hidden in Cloud Nine - Cupid's secret administrative sanctuary where all relationships are controlled.
Can you outsmart a rogue deity and stop this Valentine's Day catastrophe? Or will you fall victim to Cupid's corrupted arrows?
http://54.205.77.77:8080/
Chief Inspector Valentine 💕
What is the value of FLAG1?
What is the value of FLAG2?
What is the value of FLAG3?
TryHackMe
To
You
Swiper is the app that really said "who needs a match when you can just bombard someone's profile with poetry?" Forget flowers and dinner, nothing says romance like a stranger reading "I must be a snowflake, because I've fallen for you" from someone they've never met. It's not stalking, it's literature. Find a person you like based on a 5-word description and share your favourite love quotes, no dating or chatting required.
Download the APK attached to this challenge and analyse it to answer the questions below.
Chief Inspector Valentine 💕
Get a premium membership. What's your premium subscription ID?
Figure out who is the user whose email is [email protected]. What is their password?
Login as the user you found on the previous question. What's the flag in their private quotes?
Thanks to everyone for participating. We hope you enjoyed the event and found love! We will leave the CTF room open for the week so you can finish the challenges, but points and the scoreboard will be disabled.
Here are the top 10 winning teams. Please ensure your emails are up to date so we can contact you for your prizes:
1st - KimJongs Men
2nd - The babychus
3rd - Love at First Breach
4th - water boy
5th - hackermens
6th - AllByMyself1
7th - valgrind
8th - Nevada
9th - Cosmic Sorcerers
10th - SploitMeBaby
Until next time, my dear hackers!
GG, well played!
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in