UTCTF

March 14-16, 2025 |

contest website

subscribe to the mailing list for updates

join the discord

view the event on CTFtime

For additional contest or sponsorship information, please contact us at contact@isss.io.

What is a CTF?

A CTF, or "Capture the Flag" competition, is a type of computer security contest. Strings of text, referred to as "flags," are hidden or encrypted in a series of challenges. During the competition, participants try to decrypt, hack, reverse-engineer, or exploit the challenges in order to gain access to the flag. For each flag retrieved, the team gets a certain number of points, and teams with the most points win.

How will UTCTF be run?

UTCTF will consist of several dozen problems that gradually increase in difficulty (and point value). The categories will include Binary Exploitation, Networking, Reverse Engineering, Cryptography, Web, and more. Some problems can be solved in a matter of minutes, while others may take hours. The source code and problem solutions will be released after the competition has ended.

Who can compete? Who can win prizes?

Prizes: TBA

When?

5 PM CDT on March 14th, to 5 PM CDT on March 16st, 2025.

Where?

The competition will be completely free, and run entirely online - the only materials teams will need are a working computer with internet access and the ability to run desktop applications. Competitors should register online to form a team - registration will be opened soon, and can be done at any point before or during the contest.

How will the writeup contest work?

Writeup submissions will be accepted during UTCTF, and up to 48 hours after the contest ends. Then, the ISSS officer team will judge the writeups. We will be giving out prizes for "Most well written", "Most technically interesting", and "Best unintended solution."

What is allowed?

• Competitors can use search engines, Wikipedia, GitHub, books, etc. to try to solve the challenges.
• If they get stuck (or something is wrong with the challenge), competitors can ask the challenge authors for a hint, but this hint will be shared publicly on the Discord in the interest of fairness.
• Competitors can ask other competitors for small hints.

What is not allowed?

• Sharing of flags or explicit solutions is not allowed.
• Competitors are not allowed to directly attack UTCTF infrastructure or use tools that would overwhelm the infrastructure. This includes tools like dirbuster, ffuf, and other high-volume scanning/fuzzing tools.
• Attacking or exploiting the server, other teams, or machines not explicitly designated as targets within the problems is against the rules. This includes both breaking into such machines and denying others access to them (for example, by altering a key or ping-flooding).
• Engaging in any of these activities will result in your team being disqualified.

Who is running UTCTF?

UTCTF is being run by students at The University of Texas at Austin within the Information & Systems Security Society (ISSS).