Competition (CTF)

May 20-21-22, 2022



Our applied security contest (also called "Capture The Flag") opposes 100 teams of 10 people trying to obtain the most points by capturing flags.

Those flags typically are secret messages hidden in different challenges.

The Challenges will be available to teams through a web portal on their own private contest network. Teams are not authorized to attack each other (it's not a red/blue team type of contest). They compete to have the most points on the leaderboard.

2022 is a special hybrid edition where participants are served the same awesome format whether they are on-site or online with dedicated VPN access to the contest network.



2022 Edition

We are happy to announce that this year's CTF will be hybrid. With that being said, the CTF will be an online first experience. The goal is to allow as many people as possible to participate remotely, while providing on-site access to those who would prefer that.

To accomodate this new approach, we will limit the team's capacity to 10 people. It is also important to note that the on-site access to the CTF will be sold as an add-on on top of the CTF ticket. The access on site does not provide any advantage to the team, which mean some members of a team could decide to be on-site while others are remote. This also means that the floor plan will not be pre-determined, meaning we cannot guarantee where you'll be sitting.

The quantity of on-site tickets will be limited and based on the predictions of Quebec's government sanitary measures. Tickets will be sold on a first come first served basis and we reserve the right to refund any tickets that exceeds the government limitations at the time the event takes place.

If you have any questions, please ask them in #ctf on our Discord.



Challenges proposed will be from multiple security fields including:
networking, web application, binary reverse engineering, data forensics, hardware hacking, and more.


Electronic Badges

We add more items to your Internet of Things by providing hackable electronic badges that shine. It runs on programmable micro-controllers and features multiple I/Os. Examples from past years include USB, Bluetooth LE, OLED screen, several LEDs and buttons. Everything the badge team does is open source software and open hardware.

Our team is still working out the details for this year. Stay tuned for more details!



Being an hybrid CTF in 2022, we have the unique opportunity to leverage Discord as a platform to facilitate text and voice communication between teams and our staff.
Check out for more information.


Getting prepared

Here are few resources to help you prepare for the competition:


  • RingZer0Team: Many challenges from NorthSec previous editions are hosted on this platform
  • OWASP Vulnerable Web Application Directory: List of vulnerable web applications to test online or offline
  • MontréHack: Monthly workshop about solving CTF challenges. Hosted in Montreal.
  • Learning

  • MontréHack Learning Resources: A curated list of pointers to sharpen your skills
  • CTF Write-ups Archive: Great source of inspiration for methodologies and tools based on actual CTF puzzle solving
  • Hackathon

    Physical Track

    N/A in 2022! When running the on-site CTF, we have the unique opportunity to leverage physical access. Every year we try to innovate with a dedicated physical track that combines several disciplines. Electronic voting, kiosk hacking, smartcard, lock-picking, UEFI boot tampering, etc. wrapped around a tiny layer of social engineering.

    In the event of an hybrid CTF, we will be looking into organizing special on-site activities, but they will not be counting towards the CTF to avoid giving advantages to those who can be present in person.


    Hacker Jeopardy

    To relax after several hours of non-stop CTF action we provide a social break in the shape of a friendly Hacker Jeopardy competition. Enjoy a beer while watching your peers failing at easy questions because of "stage fright".

    46 Internet Simulations

    1 per team

    92 Windows Virtual Machines

    2 per team

    12,543 Linux Containers

    272 per team

    11,244 BGP Router

    244 per team

    3,647,800 IPv6 routing table entries

    79300 per team

    100+ Challenges

    Changing every year