What is it?

FortID CTF is a competitive hacking event, similar to IOI or ICPC, but in the domain of cybersecurity. Teams face challenges in cryptography, binary reverse engineering and exploitation, web vulnerabilities, digital forensics, and more.

Each challenge has a clear goal (e.g., exploiting an insecure cryptographic protocol). Reaching it reveals a secret flag. Teams earn points by finding and submitting such flags, and the highest-scoring team wins.

This competition is organized by engineers behind FortID, a privacy-first, secure, and EUDI compliant identity solution.

You may also know us as organizers of TBTL CTF from previous years.

When is it?

The CTF starts on Friday, September 12th at 14:00 CEST and lasts for 48 hours.

Registrations open at least 72 hours before the contest starts.

Competition Format

The competition consists of a bunch of challenges divided into the following five categories (standard Jeopardy format):

• Web — Find vulnerabilities in insecure web apps.
• Crypto — Break weak cryptography and protocols.
• Rev — Reverse engineer binaries.
• Pwn — Exploit vulnerable remote programs.
• Misc — Forensics, oddities, and more.

Rules & Fair Play

• The standard flag format is FortID\{[A-Za-z0-9_!$]+\}
• Each team can consist of any number of members, but you may not seek any external help.
• Everyone can compete, but prizes may have eligibility rules.
• Ranking is by points, then earliest last solve.
• No brute forcing, flag sharing, or hint leaking.
• No attacking the scoreboard, infra, or other teams.

Prizes

TBD