The International Capture The Flag (iCTF) is a distributed, wide-area security exercise, which aims to test the security skills of the participants. It is the world’s largest and longest-running educational hacking competition that integrates both attack and defense aspects in a live setting.

The iCTF 2018 is being organized by Giovanni Vigna and Shellphish, as well as Adam Doupé and pwndevils.


You should register your team on the ShellWePlayAGame website and join iCTF 2018 before 23:59 anywhere-on-earth, March 14, 2018. You cannot join or leave the game after the deadline. Instructions on how to play the game will be sent via email to each team before the game starts.

If you don’t have an account yet:


Here is how you join iCTF 2018 after login.


The iCTF 2018 will happen at 8 AM PT on Friday, March 16th, 2018, until 5 PM PT on the same day.


This year the iCTF is open to both educators and the general public.

Points of Contact

For support queries before and during the competition, please email [email protected].


The iCTF competition is multi-site, multi-team hacking contest where a number of teams compete independently against each other.

In the iCTF competition, each team has two goals. The first goal is to maintain a set of services such that they remain available and uncompromised throughout the competition. The second goal is for each team to capture the their opponents’ flags by using their security knowledge to find and exploit the other teams’ systems.

At the start, the teams are given access to identical copies of a virtual host that contains vulnerable services. The teams explore their services to find and fix vulnerabilities. Once a vulnerability is discovered, the teams can use that vulnerability to exploit the other teams’ services and “capture the flag.” However, they must also patch their own services to protect their flag while simultaneously keeping their services up and running.

History and Background

The UCSB iCTF evolved from a number of previous security “live exercises” that were carried out locally at UCSB, in 2001 and 2002. The first wide-area edition of the UCSB CTF was carried out in December 2003. In that CTF, fourteen teams from around the United States competed in a contest to compromise other teams’ network services while trying to protect their own services from attacks. The contest included teams from UCSB, North Carolina State University, the Naval Postgraduate School in Monterey, the West Point Academy, Georgia Tech, University of Texas at Austin, and University of Illinois, Urbana-Champaign.

In 2004, the UCSB CTF evolved into an international exercise (hence, the name “iCTF”), which included teams from the United States and Austria, Germany, Italy, and Norway.

Through out the years, new competition designs have been introduced that innovated the more “traditional” designs followed in the 2003-2007 competitions.

More precisely, in 2008 the iCTF featured a separate virtual network for each team. The goal was to attack a terrorist network and defuse a bomb after compromising a number of hosts.

In 2009, the participants had to compromise the browsers of a large group of simulated users, steal their money, and create a botnet.

In 2010, the participants were part of a coalition that had to attack the rogue nation of Litya, ruled by the evil Lisvoy Bironulesk. A new design forced the team to attack the services supporting Litya’s infrastructure only at specific times, when certain activities were in progress. In addition, an intrusion detection system would temporarily firewall out the teams whose attacks were detected.

In 2011, the participants had to “launder” their money through the execution of exploits, which had some risks associated with them. This created an interesting exercise in evaluating the risk/reward trade-offs in network security.

In both 2012 and 2013, teams had to “weaponize” their exploit and give them to the organizer, who would then schedule their execution. This last design was a first step towards the creation of a “cyber-range” where interesting network datasets can be created to support security research.

In 2014, the competition was used as a way to publicize the iCTF Framework. To this end, the vulnerable virtual machine contained 42 services from previous iCTF editions, which forced the participants to effectively triage their efforts.

In 2015, the iCTF followed a novel design: in order to participate, the teams had to provide a vulnerable service that would become part of the competition. As a result, the 2015 iCTF featured 35 new services (and 35 teams) and tested a new set of skills, in addition to attack and defense: the ability to create a well-balanced vulnerable service.

In 2016, the we decided to permanently move the competition to March (and since the decision was made in October, there was no iCTF event in that year).

In March 2017, the iCTF was run using Amazon Web Services (Amazon’s cloud). All components were run in an enclave, and the competition was open to the world, resulting in more than 280 teams participating. The competition was also a DEF CON CTF qualifier.


This competition is based upon work supported by the National Science Foundation under Grant No. (NSF-DGE-1623269). Any opinions, findings, and conclusions or recommendations expressed in this competition are those of the organizers and do not necessarily reflect the views of the National Science Foundation.