An attack-and-defend exercise for designing secure embedded systems.

Collegiate eCTF 2018


New! We are gearing-up now for the 2018 Collegiate eCTF! Check back here for more information soon!

MITRE's eCTF (embedded capture-the-flag) is an embedded security competition that puts participants through the experience of trying to create a secure system and then learning from their mistakes. The main target is a real physical embedded device, which opens the scope of the challenge to include physical/proximal access attacks. The eCTF is a two-phase competition with attack and defense components. In the first phase, competitors design and implement a secure system based on a set of challenge requirements. The second phase involves analyzing and attacking the other teams’ designs.


2018.01.17:  Start eCTF Phase 1 (secure design)
2018.03.01:  System handoff. Secure designs are due. Start Phase 2 (attack)
2018.04.13:  Competition concludes
2018.04.19:  Award ceremony and debrief

Past competitions and results

Collegiate eCTF 2017

  • First Place Overall: Firmware Dogs --University of Connecticut, advised by John Chandy
  • Mass Attack Winner: Team Sprite --Northeastern University, advised by Guevara Noubir
  • Iron Flag Winners:
    • Firmware Dogs --University of Connecticut, advised by John Chandy
    • pgm_read_flag() --Carnegie Mellon University, advised by Martin Carlisle
    • Snorlax --University of Massachusetts- Amherst, advised by Dan Holcomb

Collegiate eCTF 2016

  • First Place Overall: We're Probably Insecure --Worcester Polytechnic Institute, advised by Thomas Eisenbarth
  • Most Flag Points: WillHax4Snacks --Northeastern University, advised by Yunsi Fei
  • Iron Flag: Tufts eCTF --Tufts University, advised by Ming Chow


Please contact the MITRE eCTF team at