What Is This
Slush is the biggest startup event in the Nordics, held every year in Helsinki. Tickets are not cheap. But this year they run a hacker challenge — solve a series of technical puzzles and you get a free badge. The challenge covers a very good wide range of topics. Here is a recap of each stage.
Frontend Hacking
The first challenges are about poking around a web page using Chrome DevTools. Some flags are hidden in comments or buried in JavaScript variables. But the fun part is the interactive ones — there are forms with disabled submit buttons, input fields with max-length restrictions, and validation checks that only exist in the UI. You open the Elements panel, remove a disabled attribute, change a hidden field's value, or delete a client-side validation handler, and suddenly you can submit things the page is not supposed to let you submit. It is a good reminder: UI-level validation is not real validation. Anything that only lives in the browser can be bypassed in seconds. Never trust the client.
Backend — Recursive API Endpoints
This one is clever. You hit an API endpoint and it gives you a hint plus a link to the next endpoint. The problem is there are hundreds of layers, each one returning the next URL. Doing this by hand is impossible — you need to write a script that follows the chain automatically, collects all the hints, and extracts the final answer.
I throw together a quick Node.js script with a loop that fetches each endpoint, parses the response, and follows the next link. Some of the endpoints also have small injections or redirects that try to break your script. So you cannot just blindly follow — you have to handle edge cases in the response parsing.
Networking & Crypto
The challenges walk you through how HTTP works at the protocol level and how easy it is to intercept and manipulate requests when there is no encryption. Then it moves into symmetric and asymmetric encryption — you have to actually encrypt and decrypt messages to proceed.
The most fun part: they give you a hashed password and you need to crack it. I use a rainbow table and it takes seconds. That is a very effective way to understand why salted hashing matters. Reading about it in a textbook is one thing, cracking a hash in 3 seconds is another.
Encoding — The Emoji Wall
Then I open the next challenge and see... a wall of emojis. Hundreds of them. No text, no instructions, just emojis.
The trick is figuring out the encoding scheme. Each emoji maps to a character or a byte. Once you identify the pattern, you can write a decoder that translates the whole wall back into readable text. The decoded text contains a reference to The Matrix — "wake up, Neo. the matrix has you." — and the answer is the next line from the movie. Fun if you are a movie nerd.
Blockchain
The final stage is a blockchain challenge. You need to understand how blocks are chained together — hashing the previous block's data to form the next block's reference. The puzzle gives you a broken chain and you have to figure out which block is tampered with by recalculating the hashes. It is a neat way to understand the core concept of blockchain integrity without any cryptocurrency noise.
Result
One afternoon and night, all challenges cleared, free Slush ticket secured. The event itself is amazing as always.
Why This Is Fun
This whole thing is a great learning opportunity. Each stage forces you to pick up something new or revisit something you only half understand. I think as a developer you need to be T-shaped — deep in one or two areas, but wide enough to navigate everything else. This challenge is a good test for that. You do not need to be a crypto expert or a blockchain specialist, but you need to know enough to read the problem, figure out what tools to reach for, and hack your way through. The broad part of the T is what gets you through challenges like this.
I also realize this is a pretty clever way to find good candidates. Think about it — anyone who completes this challenge has just demonstrated scripting skills, security awareness, problem solving, and breadth across the stack. No resume needed. Much better signal than a typical interview question. If I ever need to hire developers, I am stealing this idea.