Competition (CTF)

May 16-17-18, 2025

Hackathon

About

Our applied security contest (also called "Capture The Flag") opposes 100 teams of 8 people trying to obtain the most points by capturing flags.

Those flags typically are secret messages hidden in different challenges.

The Challenges will be available to teams through a web portal on their own private contest network. Teams are not authorized to attack each other (it's not a red/blue team type of contest). They compete to have the most points on the leaderboard.

2025 will be, to our knowledge, the biggest in-person CTF in the World!


BUY TICKETS

Hackathon

2024 Edition

We are happy to announce that this year's CTF will be on-site first experience.

Back to teams of 8 people.

The return of the physical track!

The return of the hardware badge!

At any point, we will comply with Quebec government's sanitary measures and adjust our rules to make sure the CTF is both competitive and enjoyable.

If you have any questions, please ask them in #ctf on our Discord.

Hackathon

Challenges

Challenges proposed will be from multiple security fields including:
networking, web application, binary reverse engineering, data forensics, hardware hacking, and more.

Hackathon

Electronic Badges

We add more items to your Internet of Things by providing hackable electronic badges that shine. It runs on programmable micro-controllers and features multiple I/Os. Examples from past years include USB, Bluetooth LE, OLED screen, several LEDs and buttons. Everything the badge team does is open source software and open hardware.

Our team is still working out the details for this year. Stay tuned for more details!

Hackathon

Discord

During the pandemic when we were remote, we built what is probably the most feature-rich CTF-focused Discord bot out-there. Our intention is to keep innovating with our bot as it greatly simplifies participants' experience. Discord is used as a platform to facilitate text and voice communication between teams and our staff. Furthermore, it has critical meme-sharing capabilities.
Check out https://nsec.io/discord for more information.

Hackathon

Getting prepared

Here are few resources to help you prepare for the competition:

Practice

  • RingZer0Team: Many challenges from NorthSec previous editions are hosted on this platform
  • OWASP Vulnerable Web Application Directory: List of vulnerable web applications to test online or offline
  • MontréHack: Monthly workshop about solving CTF challenges. Hosted in Montreal.
  • Learning

  • MontréHack Learning Resources: A curated list of pointers to sharpen your skills
  • CTF Write-ups Archive: Great source of inspiration for methodologies and tools based on actual CTF puzzle solving
  • Hackathon

    Physical Track

    Running an on-site CTF, we have the unique opportunity to leverage physical access. Every year we try to innovate with a dedicated physical track that combines several disciplines. Electronic voting, kiosk hacking, smartcard, lock-picking, UEFI boot tampering, etc. wrapped around a tiny layer of social engineering.

    Hackathon

    Hacker Jeopardy

    To relax after several hours of non-stop CTF action we provide a social break in the shape of a friendly Hacker Jeopardy competition. Enjoy a beer while watching your peers failing at easy questions because of "stage fright".

    46 Internet Simulations

    1 per team

    92 Windows Virtual Machines

    2 per team

    12,543 Linux Containers

    272 per team

    11,244 BGP Router

    244 per team

    3,647,800 IPv6 routing table entries

    79300 per team

    100+ Challenges

    Changing every year