27:
124:
in the worldwide position. These include "Plaid
Parliament of Pwning", "More Smoked Leet Chicken", "Dragon Sector", "dcua", "Eat, Sleep, Pwn, Repeat", "perfect blue", "organizers" and "Blue Water". Overall the "Plaid Parliament of Pwning" and "Dragon Sector" have both placed first worldwide the most with three times each.
123:
Many CTF organizers register their competition with the CTFtime platform. This allows the tracking of the position of teams over time and across competitions. These competitions can be community, government or corporate. Since CTFtime began in 2011, there have been eight teams who have ranked as #1
81:
The exercise involves a diverse array of tasks, including exploitation and cracking passwords, but there is little evidence showing how these tasks translate into cybersecurity knowledge held by security experts. Recent research has shown that the
Capture the Flag tasks mainly covered technical
53:
programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants (attack/defense-style CTFs) or from organizers (jeopardy-style challenges). A mixed competition combines these two styles.
77:
Two popular CTF formats are jeopardy and attack-defense. Both formats test participant’s knowledge in cybersecurity, but differ in objective. In the
Jeopardy format, participating teams must complete as many challenges of varying point values from a various categories such as cryptography, web
106:
supported pwn.college. Beyond educational CTF events and resources, CTFs has been shown to be a highly effective way to instill cybersecurity concepts in the classroom. CTFs have been included in undergraduate computer science classes such as
Introduction to Information Security at the
199:
Corporations and other organizations sometimes use CTFs as a training or evaluation exercise. The benefits of CTFs are similar to those of using CTFs in an educational environment. In addition to internal CTF exercises, some corporations such as
156:
In addition to conference organized CTFs, many CTF clubs and teams organize CTF competitions. Many CTF clubs and teams are associated with universities, such as the CMU associated Plaid
Parliament of Pwning, which hosts PlaidCTF, and the
152:
hosted
Cybersecurity Awareness Worldwide (CSAW) CTF is one of the largest open-entry competitions for students learning cybersecurity from around the world. In 2021, it hosted over 1200 teams during the qualification round.
585:
78:
exploitation, and reverse engineering. In the attack-defense format, competing teams must defend their vulnerable computer systems while attacking their opponent's systems.
1079:
847:
149:
54:
Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the
132:
Every year there are dozens of CTFs organized in a variety of formats. Many CTFs are associated with cybersecurity conferences such as DEF CON, HITCON, and
136:. The DEF CON CTF, an attack-defence CTF, is notable for being one of the oldest CTF competitions to exist, and has been variously referred to as the "
66:
Capture the Flag (CTF) is a cybersecurity competition that is used to test and develop computer security skills. It was first developed in 1996 at
181:
862:
699:
Vykopal, Jan; Švábenský, Valdemar; Chang, Ee-Chien (2020-02-26). "Benefits and
Pitfalls of Using Capture the Flag Games in University Courses".
1181:
675:
630:
98:. There are many examples of CTFs designed to teach cybersecurity skills to a wide variety of audiences, including PicoCTF, organized by the
1166:
887:
111:. CTFs are also popular in military academies. They are often included as part of the curriculum for cybersecurity courses, with the
726:
346:
17:
823:
276:
108:
49:
is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully-
191:-sponsored Hack-a-Sat CTF competition included, for the first time, a live orbital satellite for participants to exploit.
83:
533:
184:
1171:
1133:
224:
177:
115:
organized Cyber
Exercise culminating in a CTF competition between the US service academies and military colleges.
188:
50:
992:
246:, a Chinese television series, is based around training for and competing in highly stylized CTF competitions .
158:
112:
103:
400:
271:
1176:
1043:
408:
99:
74:, Nevada. The conference hosts a weekend of cybersecurity competitions, including their flagship CTF.
937:"Cybercompetitions: A survey of competitions, tools, and systems to support cybersecurity education"
478:"Cybercompetitions: A survey of competitions, tools, and systems to support cybersecurity education"
732:
704:
681:
636:
448:
436:
374:
352:
231:
1127:
1087:
974:
956:
863:"CMU Hacking Team Wins Super Bowl of Hacking for 6th Time - News - Carnegie Mellon University"
841:
751:"National Security Agency/Central Security Service > Cybersecurity > NSA Cyber Exercise"
722:
671:
626:
515:
497:
342:
256:
46:
1116:(Drama, Romance, Sport), Zi Yang, Xian Li, Mingde Li, Shanghai GCOO Entertainment, 2019-07-09
964:
948:
714:
663:
618:
505:
489:
458:
334:
55:
26:
558:
223:, a qualification round for the DEF CON CTF competition is depicted in the season 3 opener
421:
133:
235:, a CTF is depicted in the opening scene of the series as a recruitment exercise used by
750:
70:, the largest cybersecurity conference in the United States which is hosted annually in
1080:"'Some staff work behind armoured glass': a cybersecurity expert on The Undeclared War"
969:
936:
510:
94:
CTFs have been shown to be an effective way to improve cybersecurity education through
662:. SIGITE '17. New York, NY, USA: Association for Computing Machinery. pp. 47–52.
1160:
736:
145:
685:
640:
356:
261:
242:
137:
95:
435:Švábenský, Valdemar; Čeleda, Pavel; Vykopal, Jan; Brišáková, Silvia (March 2021).
656:"Using Capture-the-Flag to Enhance the Effectiveness of Cybersecurity Education"
338:
952:
610:
493:
462:
326:
162:
141:
1091:
960:
701:
Proceedings of the 51st ACM Technical
Symposium on Computer Science Education
660:
Proceedings of the 18th Annual
Conference on Information Technology Education
501:
477:
718:
667:
266:
219:
71:
978:
622:
519:
993:"These grad students want to make history by crushing the world's hackers"
655:
437:"Cybersecurity knowledge and skills taught in capture the flag challenges"
1111:
1066:
327:"Defcon Capture the Flag: Defending vulnerable code from intense attack"
325:
Cowan, C.; Arnold, S.; Beattie, S.; Wright, C.; Viega, J. (April 2003).
281:
205:
67:
31:
331:
Proceedings DARPA Information Survivability Conference and Exposition
201:
615:
2016 49th Hawaii International Conference on System Sciences (HICSS)
709:
453:
174:
25:
236:
1153:- an archive of historic, current, and future CTF competitions.
375:"Introduction To 'Capture The Flags' in CyberSecurity - MeuSec"
301:
888:"Hacker tournament brings together world's best in Las Vegas"
798:
911:
609:
McDaniel, Lucas; Talvi, Erik; Hay, Brian (January 2016).
586:"Wanted: hackers. Reward: the best may get a spot at CMU"
824:"Cyberteams duke it out in the World Series of hacking"
1150:
774:
173:
Governmentally supported CTF competitions include the
102:, which is oriented towards high school students, and
559:"picoCTF aims to close the cybersecurity talent gap"
1017:
935:Balon, Tyler; Baggili, Ibrahim (Abe) (2023-02-24).
476:Balon, Tyler; Baggili, Ibrahim (Abe) (2023-02-24).
654:Leune, Kees; Petrilli, Salvatore J. (2017-09-27).
401:"Learning Obstacles in the Capture The Flag Model"
1044:"Moonlighter space-hacking satellite is in orbit"
611:"Capture the Flag as Cyber Security Introduction"
822:Producer, Sabrina Korber, CNBC (2013-11-08).
8:
846:: CS1 maint: multiple names: authors list (
208:host publicly accessible CTF competitions.
30:A team competing in the CTF competition at
56:traditional outdoor sport of the same name
968:
708:
509:
452:
302:"CTFtime.org / What is Capture The Flag?"
82:knowledge but lacked social topics like
333:. Vol. 1. pp. 120–129 vol.1.
293:
1125:
1067:https://capturetheflag.withgoogle.com/
941:Education and Information Technologies
839:
482:Education and Information Technologies
417:
406:
7:
580:
578:
399:Chung, Kevin; Cohen, Julian (2014).
394:
392:
390:
368:
366:
148:", of hacking by media outlets. The
1018:"European Cybersecurity Challenge"
14:
169:Government-supported competitions
86:and awareness on cybersecurity.
18:Capture the flag (disambiguation)
277:Cybersecurity in popular culture
195:Corporate-supported competitions
185:European Cybersecurity Challenge
109:National University of Singapore
373:Says, Etuuxzgknx (2020-06-10).
1:
1182:Computer science competitions
1078:Woodward, Alan (2022-07-07).
886:Siddiqui, Zeba (2022-08-18).
1167:Hacking (computer security)
1042:Hardcastle, Jessica Lyons.
339:10.1109/DISCEX.2003.1194878
225:"eps3.0_power-saver-mode.h"
1198:
953:10.1007/s10639-022-11451-4
861:Noone, Ryan (2022-08-15).
534:"ASU's cybersecurity dojo"
494:10.1007/s10639-022-11451-4
463:10.1016/j.cose.2020.102154
23:Computer security exercise
15:
262:Cyberwarfare preparedness
441:Computers & Security
104:Arizona State University
90:Educational applications
912:"CSAW Capture the Flag"
719:10.1145/3328778.3366893
668:10.1145/3125659.3125686
590:Pittsburgh Post-Gazette
272:Competitive programming
1132:: CS1 maint: others (
623:10.1109/HICSS.2016.677
617:. pp. 5479–5486.
416:Cite journal requires
128:Community competitions
35:
178:Cyber Grand Challenge
100:Carnegie Mellon CyLab
29:
703:. pp. 752–758.
16:For other uses, see
1113:Qin ai de, re ai de
1048:www.theregister.com
947:(9): 11759–11791.
799:"CTFtime rankings"
488:(9): 11759–11791.
232:The Undeclared War
212:In popular culture
84:social engineering
36:
1172:Computer security
677:978-1-4503-5100-3
632:978-0-7695-5670-3
563:www.cylab.cmu.edu
257:Wargame (hacking)
47:computer security
1189:
1138:
1137:
1131:
1123:
1122:
1121:
1108:
1102:
1101:
1099:
1098:
1075:
1069:
1064:
1058:
1057:
1055:
1054:
1039:
1033:
1032:
1030:
1028:
1014:
1008:
1007:
1005:
1004:
989:
983:
982:
972:
932:
926:
925:
923:
922:
908:
902:
901:
899:
898:
883:
877:
876:
874:
873:
858:
852:
851:
845:
837:
835:
834:
819:
813:
812:
810:
809:
803:CTFtime Rankings
795:
789:
788:
786:
785:
771:
765:
764:
762:
761:
747:
741:
740:
712:
696:
690:
689:
651:
645:
644:
606:
600:
599:
597:
596:
582:
573:
572:
570:
569:
555:
549:
548:
546:
545:
530:
524:
523:
513:
473:
467:
466:
456:
432:
426:
425:
419:
414:
412:
404:
396:
385:
384:
382:
381:
370:
361:
360:
322:
316:
315:
313:
312:
298:
39:Capture the Flag
1197:
1196:
1192:
1191:
1190:
1188:
1187:
1186:
1157:
1156:
1147:
1142:
1141:
1124:
1119:
1117:
1110:
1109:
1105:
1096:
1094:
1077:
1076:
1072:
1065:
1061:
1052:
1050:
1041:
1040:
1036:
1026:
1024:
1016:
1015:
1011:
1002:
1000:
991:
990:
986:
934:
933:
929:
920:
918:
910:
909:
905:
896:
894:
885:
884:
880:
871:
869:
860:
859:
855:
838:
832:
830:
821:
820:
816:
807:
805:
797:
796:
792:
783:
781:
773:
772:
768:
759:
757:
749:
748:
744:
729:
698:
697:
693:
678:
653:
652:
648:
633:
608:
607:
603:
594:
592:
584:
583:
576:
567:
565:
557:
556:
552:
543:
541:
532:
531:
527:
475:
474:
470:
434:
433:
429:
415:
405:
398:
397:
388:
379:
377:
372:
371:
364:
349:
324:
323:
319:
310:
308:
300:
299:
295:
290:
253:
214:
197:
187:. In 2023, the
171:
130:
121:
92:
64:
24:
21:
12:
11:
5:
1195:
1193:
1185:
1184:
1179:
1174:
1169:
1159:
1158:
1155:
1154:
1146:
1145:External links
1143:
1140:
1139:
1103:
1070:
1059:
1034:
1009:
984:
927:
903:
878:
853:
814:
790:
766:
742:
727:
691:
676:
646:
631:
601:
574:
550:
525:
468:
427:
418:|journal=
386:
362:
347:
317:
292:
291:
289:
286:
285:
284:
279:
274:
269:
264:
259:
252:
249:
248:
247:
239:
227:
213:
210:
196:
193:
189:US Space Force
170:
167:
129:
126:
120:
117:
91:
88:
63:
60:
22:
13:
10:
9:
6:
4:
3:
2:
1194:
1183:
1180:
1178:
1175:
1173:
1170:
1168:
1165:
1164:
1162:
1152:
1149:
1148:
1144:
1135:
1129:
1115:
1114:
1107:
1104:
1093:
1089:
1085:
1081:
1074:
1071:
1068:
1063:
1060:
1049:
1045:
1038:
1035:
1023:
1019:
1013:
1010:
998:
997:Yahoo Finance
994:
988:
985:
980:
976:
971:
966:
962:
958:
954:
950:
946:
942:
938:
931:
928:
917:
913:
907:
904:
893:
889:
882:
879:
868:
864:
857:
854:
849:
843:
829:
825:
818:
815:
804:
800:
794:
791:
780:
776:
770:
767:
756:
752:
746:
743:
738:
734:
730:
728:9781450367936
724:
720:
716:
711:
706:
702:
695:
692:
687:
683:
679:
673:
669:
665:
661:
657:
650:
647:
642:
638:
634:
628:
624:
620:
616:
612:
605:
602:
591:
587:
581:
579:
575:
564:
560:
554:
551:
539:
535:
529:
526:
521:
517:
512:
507:
503:
499:
495:
491:
487:
483:
479:
472:
469:
464:
460:
455:
450:
446:
442:
438:
431:
428:
423:
410:
402:
395:
393:
391:
387:
376:
369:
367:
363:
358:
354:
350:
348:0-7695-1897-4
344:
340:
336:
332:
328:
321:
318:
307:
303:
297:
294:
287:
283:
280:
278:
275:
273:
270:
268:
265:
263:
260:
258:
255:
254:
250:
245:
244:
240:
238:
234:
233:
228:
226:
222:
221:
216:
215:
211:
209:
207:
203:
194:
192:
190:
186:
183:
179:
176:
168:
166:
164:
160:
154:
151:
147:
143:
139:
135:
127:
125:
118:
116:
114:
110:
105:
101:
97:
89:
87:
85:
79:
75:
73:
69:
61:
59:
57:
52:
48:
44:
40:
33:
28:
19:
1177:Cyberwarfare
1118:, retrieved
1112:
1106:
1095:. Retrieved
1084:The Guardian
1083:
1073:
1062:
1051:. Retrieved
1047:
1037:
1025:. Retrieved
1021:
1012:
1001:. Retrieved
999:. 2016-08-04
996:
987:
944:
940:
930:
919:. Retrieved
915:
906:
895:. Retrieved
891:
881:
870:. Retrieved
866:
856:
831:. Retrieved
827:
817:
806:. Retrieved
802:
793:
782:. Retrieved
778:
769:
758:. Retrieved
754:
745:
700:
694:
659:
649:
614:
604:
593:. Retrieved
589:
566:. Retrieved
562:
553:
542:. Retrieved
540:. 2021-02-15
537:
528:
485:
481:
471:
444:
440:
430:
409:cite journal
378:. Retrieved
330:
320:
309:. Retrieved
305:
296:
243:Go Go Squid!
241:
230:
218:
198:
172:
155:
138:World Series
131:
122:
119:Competitions
96:gamification
93:
80:
76:
65:
42:
38:
37:
1151:ctftime.org
867:www.cmu.edu
755:www.nsa.gov
306:ctftime.org
161:associated
1161:Categories
1120:2023-08-15
1097:2023-07-18
1053:2023-07-18
1003:2023-09-02
921:2022-11-02
897:2023-07-18
872:2023-07-18
833:2023-07-18
808:2023-08-18
784:2023-08-18
760:2023-07-18
710:2004.11556
595:2023-07-18
568:2023-07-18
544:2023-07-18
454:2101.01421
447:: 102154.
380:2022-11-02
311:2023-08-15
288:References
267:Hackathons
163:Shellphish
150:NYU Tandon
51:vulnerable
1092:0261-3077
961:1360-2357
775:"CTFtime"
737:211519195
502:1573-7608
220:Mr. Robot
144:", and "
142:Superbowl
72:Las Vegas
1128:citation
979:36855694
842:cite web
686:46465063
641:35062822
538:ASU News
520:36855694
357:18161204
251:See also
146:Olympics
62:Overview
1027:13 June
970:9950699
892:Reuters
779:CTFtime
511:9950699
282:Privacy
206:Tencent
68:DEF CON
32:DEF CON
1090:
977:
967:
959:
735:
725:
684:
674:
639:
629:
518:
508:
500:
355:
345:
202:Google
134:BSides
733:S2CID
705:arXiv
682:S2CID
637:S2CID
449:arXiv
353:S2CID
182:ENISA
175:DARPA
45:) in
1134:link
1088:ISSN
1029:2024
1022:ECSC
975:PMID
957:ISSN
916:CSAW
848:link
828:CNBC
723:ISBN
672:ISBN
627:ISBN
516:PMID
498:ISSN
422:help
343:ISBN
237:GCHQ
204:and
180:and
140:", "
965:PMC
949:doi
715:doi
664:doi
619:doi
506:PMC
490:doi
459:doi
445:102
335:doi
229:In
217:In
159:ASU
113:NSA
43:CTF
1163::
1130:}}
1126:{{
1086:.
1082:.
1046:.
1020:.
995:.
973:.
963:.
955:.
945:28
943:.
939:.
914:.
890:.
865:.
844:}}
840:{{
826:.
801:.
777:.
753:.
731:.
721:.
713:.
680:.
670:.
658:.
635:.
625:.
613:.
588:.
577:^
561:.
536:.
514:.
504:.
496:.
486:28
484:.
480:.
457:.
443:.
439:.
413::
411:}}
407:{{
389:^
365:^
351:.
341:.
329:.
304:.
165:.
58:.
34:17
1136:)
1100:.
1056:.
1031:.
1006:.
981:.
951::
924:.
900:.
875:.
850:)
836:.
811:.
787:.
763:.
739:.
717::
707::
688:.
666::
643:.
621::
598:.
571:.
547:.
522:.
492::
465:.
461::
451::
424:)
420:(
403:.
383:.
359:.
337::
314:.
41:(
20:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.