eCTF
Embedded Capture the Flag Competition
The Competition
The Embedded Capture the Flag (eCTF) Competition is an attack-and-defend exercise for designing secure embedded systems
The Embedded Capture the Flag (eCTF) is an embedded security competition run by MITRE in partnership with Riverside Research that puts participants through the experience of trying to create a secure system and then learning from their mistakes. The main target is a real physical or emulated embedded device, which opens the scope of the challenge to include physical/proximal access attacks. The eCTF is a two-phase competition with attack and defense components. In the first phase, competitors design and implement a secure system based on a set of challenge requirements. The second phase involves analyzing and attacking the other teams’ designs.

The 2022 eCTF has ended!
See you in September!
Day(s)
:
Hour(s)
:
Minute(s)
:
Second(s)

Past eCTF Competitions
How is the eCTF different from other competitions?
The eCTF is unique in three major ways. First, the focus is on securing embedded systems, which presents a new set of challenges and security issues that are not currently covered by traditional “online” CTFs. Second, unlike the standard attack-only CTF, the eCTF balances offense and defense by including design, build, and attack components. Finally, the eCTF runs over the majority of the spring semester through three phases, allowing time for development and for advanced attacks during the Attack Phase.
01
Focus on Embedded

02
Attack / Defend

03
Extended Time

Competitor Testimonials
Frequently Asked Questions
Who can participate?
Anyone! Students at all academic levels are welcome to participate. Team sizes are unlimited (although a minimum of 3 students is recommended). Sponsorship of a faculty member to act as a team advisor is strongly preferred.
However, to be eligible for prizes, students must abide by the following clause:
What does MITRE provide to help?
MITRE provides teams with a reference implementation, embedded hardware (and/or hardware emulator), and technical guidance.
Does the eCTF cost anything?
Participation in the eCTF is entirely free. MITRE will provide the resources to complete the competition, however teams may choose to purchase additional resources to aid with development or attacking.
Are there awards?
Winning teams receive a cash prize, publicity from MITRE, and typically earn accolades from their university as well. The prize amount for 2023 will be announced at the kickoff, though the 2022 eCTF awarded $5,000 in prizes. Students have used their participation in eCTF to build resumes, present at conferences, and open the door to valuable internship and career opportunities, including engineering positions at MITRE and Riverside Research.
Can I earn college credits?
Most students can earn college credit. Work with your professor(s) / faculty advisor to determine how to earn credit at your institution. Remember that this is a significant time commitment, typically commensurate with the credit hours you may receive. An example syllabus is available from the eCTF organizers upon request.
What level of experience is required to compete?
We encourage teams of all levels of experience to compete in the eCTF and aim to make the eCTF accessible to students new to security and embedded systems. We do recommend an understanding of development in C and Python, as the reference design will be implmented in those languages.
However, while the competition may be approachable, the depth of embedded systems enables teams with more experience to attempt more advanced countermeasures and attacks, providing an engaging experience for students of all levels of experience.
How do I sign up?
When team registration opens in September, work with your faculty advisor to fill out this form.
Individual competitor regitration will open in December.
Do I need to travel for the competition?
The competition can be done 100% remotely. MITRE will provide teams with hardware and/or servers to develop and compete on. Once teams have a completed design, they submit the code to MITRE for testing and MITRE will ensure that all challenge requirements are met. Once this verification process is completed, your implementation (source code and protected binaries) will be provided to all of the attacking teams.
After the competition concludes, MITRE hosts an award ceremony in April where teams are invited to share in their accomplishments, meet participants from other schools, interact with MITRE staff, and see the final standings revealed! Prior to COVID, this award ceremony was in-person at MITRE in Bedford, MA, but has been a virtual event for the past 3 years. Plans for the 2023 award ceremony will be announced at kick-off in January 2023.
Other questions?
Please contact the eCTF team at ectf@mitre.org
QUESTIONS? EMAIL US AT ECTF@MITRE.ORG
MITRE is a not-for-profit organization that operates research and development centers sponsored by the federal government. MITRE works with industry and academia to apply science, technology, and systems engineering that enables the government and the private sector to make better decisions. Learn more at www.mitre.org
Riverside Research is a not-for-profit organization advancing scientific research in the interest of National Security. Through the company's Open Innovation Center (OIC), it invests in multi-disciplinary research and development and encourages collaboration to accelerate innovation and advance science. Research areas include: AI/ML, Trusted and Resilient Systems, Optics, Electromagnetics, Commercial ISR, and Collection Planning. Learn more at www.riversideresearch.org