Capture the Flag (CTF)
What is Capture the Flag (CTF)?
Capture the Flag (CTF)A cybersecurity competition in which teams solve security challenges to retrieve hidden tokens, used for training, hiring, and community building.
Capture the Flag (CTF) is a cybersecurity competition format where participants find hidden strings — called flags — by solving challenges in categories such as web exploitation, binary exploitation (pwn), reverse engineering, cryptography, forensics, and OSINT. Two main formats dominate: Jeopardy-style, where teams pick standalone tasks worth points, and attack-defense, where each team operates a vulnerable service and attacks others while patching their own. Long-running events like DEF CON CTF set the elite bar; HackTheBox, TryHackMe, picoCTF, and Google CTF democratize learning at all skill levels. CTFs are a staple of security education, recruiting pipelines, and certification training, and have produced many leading exploit developers.
● Examples
- 01
DEF CON CTF Finals, the premier annual attack-defense competition in Las Vegas.
- 02
picoCTF, an educational Jeopardy-style CTF aimed at middle and high-school students.
● Frequently asked questions
What is Capture the Flag (CTF)?
A cybersecurity competition in which teams solve security challenges to retrieve hidden tokens, used for training, hiring, and community building. It belongs to the Application Security category of cybersecurity.
What does Capture the Flag (CTF) mean?
A cybersecurity competition in which teams solve security challenges to retrieve hidden tokens, used for training, hiring, and community building.
How does Capture the Flag (CTF) work?
Capture the Flag (CTF) is a cybersecurity competition format where participants find hidden strings — called flags — by solving challenges in categories such as web exploitation, binary exploitation (pwn), reverse engineering, cryptography, forensics, and OSINT. Two main formats dominate: Jeopardy-style, where teams pick standalone tasks worth points, and attack-defense, where each team operates a vulnerable service and attacks others while patching their own. Long-running events like DEF CON CTF set the elite bar; HackTheBox, TryHackMe, picoCTF, and Google CTF democratize learning at all skill levels. CTFs are a staple of security education, recruiting pipelines, and certification training, and have produced many leading exploit developers.
How do you defend against Capture the Flag (CTF)?
Defences for Capture the Flag (CTF) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Capture the Flag (CTF)?
Common alternative names include: CTF competition, Security CTF.
● Related terms
- defense-ops№ 813
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.
- defense-ops№ 909
Red Team
An offensive security group that emulates real adversaries end-to-end to test how an organization detects, contains, and responds to attacks.
- vulnerabilities№ 399
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
- forensics-ir№ 926
Reverse Engineering
The process of disassembling and analyzing compiled software, firmware, or hardware to recover its design, behavior, and inner workings.