Embedded Capture the Flag
The Embedded Capture the Flag (eCTF) Competition is an attack-and-defend exercise for designing secure embedded systems
The Embedded Capture the Flag (eCTF) is an embedded security competition run by MITRE in partnership with Riverside Research that puts participants through the experience of trying to create a secure system and then learning from their mistakes. The main target is a real physical or emulated embedded device, which opens the scope of the challenge to include physical/proximal access attacks. The eCTF is a two-phase competition with attack and defense components. In the first phase, competitors design and implement a secure system based on a set of challenge requirements. The second phase involves analyzing and attacking the other teams’ designs.
2026 eCTF
In the 2026 eCTF, teams will design and implement a secure storage solution for a chip foundry. The system must allow users with various roles to access the proper data without leaking sensitive chip designs to unauthorized parties.
Early Registration Incentives:
- Register by November 5 to receive an extra dev board!
- Register by December 3 to guarantee your hardware will arrive by kickoff (international shipments may encounter delays outside our control)
- Register by January 7 to guarantee your team will be onboarded into the competition by kickoff
- January 30 is the last day to register!
Key Dates:
- January 14: eCTF kickoff!
- January 31: Last day for late team registration
- February 25: Handoff
- April 15: Scoreboard closes
- April 21: Poster session
- April 24: eCTF Award Ceremony
For more information, reach us at ectf@mitre.org.
Countdown to 2026 Kickoff!
Day(s)
:
Hour(s)
:
Minute(s)
:
Second(s)
How is the eCTF different from other competitions?
The eCTF is unique in three major ways. First, the focus is on securing embedded systems, which presents a new set of challenges and security issues that are not currently covered by traditional “online” CTFs. Second, unlike the standard attack-only CTF, the eCTF balances offense and defense by including design, build, and attack components. Finally, the eCTF runs over the majority of the spring semester through three phases, allowing time for development and for advanced attacks during the Attack Phase.
01
Focus on Embedded
02
Offense and defense
03
Extended Time
Competitor Testimonials
This CTF, although really hard, was extremely fun… [It] motivated me to dive in deeper and work that much harder to get better as an engineer. The MITRE staff was AMAZING! Thank you for this opportunity
eCTF Competitor
I had no security experience prior to this competition. The learning curve was HUGE and I LOVED that! I was forced to learn so much. I loved doing the research, designing and implementing the secure system, and reviewing and attacking other teams’ designs. It was a blast!
eCTF Competitor
This competition exposed an entirely new side of cybersecurity to me as a Computer Science major… [It] was a great learning experience and got me interested in lower-level security
eCTF Competitor
eCTF-RELATED Works
-
Kornegay, M. A., & Arafin, M. T., & Kornegay, K. (2021, July), Engaging Underrepresented Students in Cybersecurity using Capture-the-Flag(CTF) Competitions (Experience) Paper presented at 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference. 10.18260/1-2–37048 https://peer.asee.org/engaging-underrepresented-students-in-cybersecurity-using-capture-the-flag-ctf-competitions-experience
- Md Armanuzzaman, Ahmad-Reza Sadeghi, and Ziming Zhao. 2024. Building Your Own Trusted Execution Environments Using FPGA. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’24). Association for Computing Machinery, New York, NY, USA, 1584–1599. https://doi.org/10.1145/3634737.3637644
- Ma, Zheyuan & Liu, Gaoxiang & Eastman, Alex & Kaufman, Kai & Armanuzzaman, Md & Tan, Xi & Jesse, Katherine & Walls, Robert & Zhao, Ziming. (2025). “We just did not have that on the embedded system”: Insights and Challenges for Securing Microcontroller Systems from the Embedded CTF Competitions. 10.48550/arXiv.2503.08053. https://arxiv.org/abs/2503.08053
- Applegate, Justin. (2025). “MITRE eCTF memcmp() Side Channel Analysis” https://justinapplegate.me/2025/ectf-memcmp/
Do you have a paper, article, write-up, or anything else to add to this list? Let us know at ectf@mitre.org
Frequently Asked Questions
Who can participate?
Anyone! The eCTF is open to all US citizens and legal permanent residents 13 or older and most non-US citizens 18 or older (see the participant agreement for all eligiblilty information and exceptions). Students at all academic levels are welcome to participate.
Are there restrictions on team size or composition?
Team sizes are unlimited, and we have seen teams of one and teams of over thirty succeed. However, teams under 3 students may struggle with the workload and teams over 10 may require more dedicated project management to ensure everyone is engaged.
Sponsorship of a teacher or faculty member to act as a team advisor is required. We encourage advisors to help support and guide their team through the competition, but teams can also be entirely student-run and -led.
Can international students and teams compete?
We welcome international students 18 years and older to compete, with limited exceptions (see the participant agreement for details). However, prize money can only be distributed to US citizens and legal permanent residents atending US-based institutions.
Can high school teams compete?
Yes! We have had high school teams compete and succeed in the eCTF. See our talk at the 2022 NICE K12 Conference for more information (slides) (DACC Video).
The competition is only open to US citizens and legal permanent residents 13 or older and non-US citizens 18 or older.
What does MITRE provide to help?
MITRE provides teams with a reference implementation, embedded hardware (and/or hardware emulator), and technical guidance.
Does the eCTF cost anything?
Participation in the eCTF is entirely free! MITRE will provide the resources to complete the competition including one set of development boards per team. Teams may choose to purchase additional resources to aid with development or attacking.
Are there awards?
There are no cash prizes for the 2026 eCTF, although travel grants to support attendance at the Award Ceremony may be avilable. Students have used their participation in eCTF to build resumes, present at conferences, and open the door to valuable internship and career opportunities, including engineering positions at MITRE and the eCTF sponsors.
Can I earn college credits?
Most students can earn college credit. Work with your professor(s) / faculty advisor to determine how to earn credit at your institution. Remember that this is a significant time commitment, typically commensurate with the credit hours you may receive. An example syllabus is available from the eCTF organizers upon request.
Do I need to travel for the competition?
The competition can be done 100% remotely. MITRE will provide teams with hardware and/or servers to develop and compete on. Once teams have a completed design, they submit the code to MITRE for testing and MITRE will ensure that all challenge requirements are met. Once this verification process is completed, your implementation (source code and protected binaries) will be provided to all of the attacking teams.
After the competition concludes, MITRE hosts an award ceremony in April where teams are invited to share in their accomplishments, meet participants from other schools, interact with MITRE staff, and see the final standings revealed! Prior to COVID, this award ceremony was in-person at MITRE in Bedford, MA, but has been a virtual event for the past 2 years. Plans for the 2022 award ceremony will be announced at kick-off in January 2022.
What level of experience is required to compete?
We encourage teams of all levels of experience to compete in the eCTF and aim to make the eCTF accessible to students new to security and embedded systems. We do recommend an understanding of development in C and Python, as the reference design will be implmented in those languages.
However, while the competition may be approachable, the depth of embedded systems enables teams with more experience to attempt more advanced countermeasures and attacks, providing an engaging experience for students of all levels of experience.
Other questions?
Please contact the eCTF team at ectf@mitre.org
QUESTIONS? EMAIL US AT ECTF@MITRE.ORG
MITRE is a not-for-profit organization that operates research and development centers sponsored by the federal government. MITRE works with industry and academia to apply science, technology, and systems engineering that enables the government and the private sector to make better decisions. Learn more at www.mitre.org