Google CTF

Google Capture the Flag competition

  • About

    About

    "Capture The Flag" (CTF) competitions, in the cybersecurity sense, are not related to playing outdoor running or traditional computer games. Instead, they consist of a set of computer security puzzles, or challenges, involving reverse-engineering, memory corruption, cryptography, web technologies, and more. When players solve them they get a "flag," a secret string which can be exchanged for points. The more points a team earns, the higher up it moves in rank.

    In 2020, Google will run the competition in two stages: an online 48 hour long first-stage competition and an additional speed-running stage for the best 16 teams. The first stage competition has $31,337 USD in prizes. The best three teams of the first-stage will win $13,337 USD for the first place, $7,331 USD for the second place, and USD $3,133.7 USD for the third place. In addition to the grand prizes, some of the best and most creative write-ups that we receive during the qualifying round will be rewarded as well. The second stage consists of a series of problems that participants have to solve in a limited amount of time. The additional prizes for the top four teams of the speedrunning stage are 3,000, 2,000, 1,000, and 500 USD.

    At Google, we believe that CTFs are not just a good way for security pros to get better at what they do, but also a fun way to get into the cybersecurity field. That’s why along with the main Google CTF competition there will also be some beginner tasks for folks who want to get started. In addition, the speed-running competition will be recorded, narrated, and presented online.

  • FAQ

    FAQ

    What is a CTF? "Capture The Flag" (CTF) competitions, in the cybersecurity sense, are not related to playing outdoor running or traditional computer games. Instead, they consist of a set of computer security puzzles, or challenges, involving reverse-engineering, memory corruption, cryptography, web technologies, and more. When players solve them they get a "flag," a secret string which can be exchanged for points. The more points a team earns, the higher up it moves in rank.

    Watch @LiveOverflow's video on the topic to learn more.

    Where do I register? Registrations aren't open yet. You'll be able to register a few days before the event starts. To be notified as soon as registration opens, please subscribe to our Google group.

    Can you show me an example challenge? Of course! There are countless write-ups on challenges on the CTF scene — for example, here are some from the Google CTF 2017 Qualification round created by the contestants:

    Can I play after the competition is over? Yes! The challenges will stay up after the competition is over.

    How does it work?

    1. Once the CTF has started, navigate to the scoreboard (the website will be communicated beforehand)
    2. Create a team
    3. Invite others to your team (if you like)
    4. Solve the challenges presented in the various categories (e.g. Pwnables, Web, Reversing, Cryptography, Hardware, Sandbox)
    5. At the end of each challenge there is a flag (text token) that usually looks like this — CTF{SomeTextHere} — enter it next to the challenge on the Google ctf website to score points!

    How can I get a team for the Google CTF? If you don't have a team, try to get a friend, classmate, or colleague to play and learn with you. We have listed some places where you can start learning below. You can also play alone or consider joining an existing CTF team. If you want to join an existing local CTF team, click here to see a list of the top CTF teams and their country of origin (if any).

    Note that not all teams are looking for new members. One of the CTF teams that is always looking for new members is the OpenToAll team.

    How can I prepare for this competition? In previous years we ran a "Beginners Quest" that was meant as an introduction to CTFs. You can find them here:

    If you want even more, there is also a long list of sites that offer security-related wargames on WeChall. You can also find the write-ups of previous year's Google CTFs on CTFtime.org (e.g. 2019 quals).

    Why is Quebec excluded from the CTF? Local laws and regulations make it extremely challenging for us to run a competition open to residents of Quebec. We are truly sorry about this, and hope to change this in the future if possible.
    Do I have to be online the whole time? Nope. Don't forget to eat and sleep.

    What are the tax implications of the prizes? This is up to you to figure out according to your local laws.

    Where can I ask more questions? Email us at google-ctf@google.com.