Our applied security contest (also called "Capture The Flag") opposes 100 teams of 10 people trying to obtain the most points by capturing flags.
Those flags typically are secret messages hidden in different challenges.
The Challenges will be available to teams through a web portal on their own private contest network. Teams are not authorized to attack each other (it's not a red/blue team type of contest). They compete to have the most points on the leaderboard.
2022 is a special hybrid edition where participants are served the same awesome format whether they are on-site or online with dedicated VPN access to the contest network.
We are happy to announce that this year's CTF will be hybrid. With that being said, the CTF will be an online first experience. The goal is to allow as many people as possible to participate remotely, while providing on-site access to those who would prefer that.
To accomodate this new approach, we will limit the team's capacity to 10 people. It is also important to note that the on-site access to the CTF will be sold as an add-on on top of the CTF ticket. The access on site does not provide any advantage to the team, which mean some members of a team could decide to be on-site while others are remote. This also means that the floor plan will not be pre-determined, meaning we cannot guarantee where you'll be sitting.
The quantity of on-site tickets will be limited and based on the predictions of Quebec's government sanitary measures. Tickets will be sold on a first come first served basis and we reserve the right to refund any tickets that exceeds the government limitations at the time the event takes place.
If you have any questions, please ask them in #ctf on our Discord.
Challenges proposed will be from multiple security fields including:
networking, web application, binary reverse engineering, data forensics, hardware hacking, and more.
We add more items to your Internet of Things by providing hackable electronic badges that shine. It runs on programmable micro-controllers and features multiple I/Os. Examples from past years include USB, Bluetooth LE, OLED screen, several LEDs and buttons. Everything the badge team does is open source software and open hardware.
Our team is still working out the details for this year. Stay tuned for more details!
Being an hybrid CTF in 2022, we have the unique opportunity to leverage Discord as a platform to facilitate text and voice communication between teams and our staff.
Check out https://nsec.io/discord for more information.
Here are few resources to help you prepare for the competition:
Practice
Learning
N/A in 2022! When running the on-site CTF, we have the unique opportunity to leverage physical access. Every year we try to innovate with a dedicated physical track that combines several disciplines. Electronic voting, kiosk hacking, smartcard, lock-picking, UEFI boot tampering, etc. wrapped around a tiny layer of social engineering.
In the event of an hybrid CTF, we will be looking into organizing special on-site activities, but they will not be counting towards the CTF to avoid giving advantages to those who can be present in person.
To relax after several hours of non-stop CTF action we provide a social break in the shape of a friendly Hacker Jeopardy competition. Enjoy a beer while watching your peers failing at easy questions because of "stage fright".
46 Internet Simulations
1 per team92 Windows Virtual Machines
2 per team12,543 Linux Containers
272 per team11,244 BGP Router
244 per team3,647,800 IPv6 routing table entries
79300 per team100+ Challenges
Changing every year