Competition (CTF)

May 16-17-18, 2025

About

Our applied security contest (also called "Capture The Flag") opposes 100 teams of 8 people trying to obtain the most points by capturing flags.

Those flags typically are secret messages hidden in different challenges.

The Challenges will be available to teams through a web portal on their own private contest network. Teams are not authorized to attack each other (it's not a red/blue team type of contest). They compete to have the most points on the leaderboard.

2025 will be, to our knowledge, the biggest in-person CTF in the World!

BUY TICKETS

2024 Edition

We are happy to announce that this year's CTF will be on-site first experience.

Back to teams of 8 people.

The return of the physical track!

The return of the hardware badge!

At any point, we will comply with Quebec government's sanitary measures and adjust our rules to make sure the CTF is both competitive and enjoyable.

If you have any questions, please ask them in #ctf on our Discord.

Challenges

Challenges proposed will be from multiple security fields including:
networking, web application, binary reverse engineering, data forensics, hardware hacking, and more.

Electronic Badges

We add more items to your Internet of Things by providing hackable electronic badges that shine. It runs on programmable micro-controllers and features multiple I/Os. Examples from past years include USB, Bluetooth LE, OLED screen, several LEDs and buttons. Everything the badge team does is open source software and open hardware.

Our team is still working out the details for this year. Stay tuned for more details!

Discord

During the pandemic when we were remote, we built what is probably the most feature-rich CTF-focused Discord bot out-there. Our intention is to keep innovating with our bot as it greatly simplifies participants' experience. Discord is used as a platform to facilitate text and voice communication between teams and our staff. Furthermore, it has critical meme-sharing capabilities.
Check out https://nsec.io/discord for more information.

Getting prepared

Here are few resources to help you prepare for the competition:

Practice

RingZer0Team: Many challenges from NorthSec previous editions are hosted on this platform

OWASP Vulnerable Web Application Directory: List of vulnerable web applications to test online or offline

MontréHack: Monthly workshop about solving CTF challenges. Hosted in Montreal.

Learning

MontréHack Learning Resources: A curated list of pointers to sharpen your skills

CTF Write-ups Archive: Great source of inspiration for methodologies and tools based on actual CTF puzzle solving

Physical Track

Running an on-site CTF, we have the unique opportunity to leverage physical access. Every year we try to innovate with a dedicated physical track that combines several disciplines. Electronic voting, kiosk hacking, smartcard, lock-picking, UEFI boot tampering, etc. wrapped around a tiny layer of social engineering.

Hacker Jeopardy

To relax after several hours of non-stop CTF action we provide a social break in the shape of a friendly Hacker Jeopardy competition. Enjoy a beer while watching your peers failing at easy questions because of "stage fright".

46 Internet Simulations

1 per team

92 Windows Virtual Machines

2 per team

12,543 Linux Containers

272 per team

11,244 BGP Router

244 per team

3,647,800 IPv6 routing table entries

79300 per team

100+ Challenges

Changing every year