Embedded Capture the Flag:
Helping students experience the creation of a secure embedded system

Young curly hair woman discussing with man in classroom. Classmates are working together through laptop. They are wearing casuals.

Invaluable Hands-on Experience for the Future Cybersecurity Workforce

MITRE’s Embedded Capture the Flag (eCTF) competition provides participants with the invaluable experience of creating secure systems and then learning from their mistakes.
The program sets itself apart from traditional online-focused challenges by focusing on embedded systems, which present distinct security issues. It runs over the majority of the spring semester and includes Design and Attack phases to balance offense and defense. This allows time for development and for advanced attacks during the Attack Phase.

Download the Competition Flyer

Watch the 2023 Award Ceremony


Explore the Award Ceremony Presentation Deck

eCTF Takes a Unique Competition Approach

Unlike traditional CTF’s, MITRE’s eCTF presents a two-phase challenge with attack and defense factors. During the first phase, students design and apply a secure system based on a set of competition requirements. In the second phase, students analyze and attack the designs of competing teams.

Design, Handoff, and Attack Phases

Opportunities to Participate

Students & Educators

University-affiliated teams of 3-20 students compete for a cash prize and publicity. (A faculty advisor is required.) The competition is free and split into two 6-week phases starting Jan. 18, 2023. This year teams will design and implement a secure key fob system for a car door lock.


eCTF sponsorship gives your organization exposure and access to the next generation of embedded security professionals – an in-demand demographic that is notoriously difficult to recruit. Multiple sponsorship tiers allow you to choose your level of involvement and visibility.

eCTF Over the Years


Pin Door Lock System

In the inaugural eCTF, teams designed a secure pin door lock system.


Bootloader for a Self-Driving Car

Teams designed a secure bootloader for a self-driving car.


ATM-Bank System

Teams designed a secure ATM-bank system.


Video Game Console

Teams designed a secure video game console on the Digilent Arty Z7. The system had to attempt to protect the intellectual property of game designers, prevent users from loading their own software, and allow verified users to install and play games that they have purchased.


Audio Digital Rights Management Module

Teams designed a secure audio digital rights management (DRM) module for a next-generation multimedia player on the Digilent Cora Z7. The system had to be secure to prevent users from playing pirated music, support region locking, and prevent the creation of cloned bootleg players.


UAV Package Delivery System

Teams designed a secure communications system for an unmanned aerial vehicle (UAV) package delivery system. The system had to be secure to prevent attackers from gaining access to the network to spy on and disrupt the UAV system.


Secure Avionic Device

Teams secured an avionic device by designing a secure firmware update system and bootloader. The system must protect intellectual property and aircraft mission secrets in an untrusted environment, and ensure firmware protection and integrity in the face of supply-chain threats such as hardware trojans.


Secure Key Fob

This year teams will design and implement a secure key fob system for a car door lock. Teams are tasked with creating systems that must protect against an adversary with physical access to the devices. Deliverables include car firmware, fob firmware and software tools for interacting with and controlling the devices.

2023 eCTF Winners

  • First Place Overall: Plaid Parliament of Pwning – Carnegie Mellon University, advised by Maverick Woo, Anthony Rowe, and Patrick Tague
  • Second Place Overall: SlugSec – University of California, Santa Cruz, advised by Alvaro Cardenas
  • Third Place Overall: sigpwny – University of Illinois Urbana Champaign, advised by Kirill Levchenko

  • Additional Awards:
    • Best Write-Up: ret2rev – University of New Haven, advised by Aladin Sabanovic and Christopher Martinez
    • Best Poster: b01lers – Purdue University, advised by Antonio Bianchi, Aravind Machiry, and Santiago Torres-Arias
    • Hardware Hacker: Plaid Parliament of Pwning – Carnegie Mellon University, advised by Maverick Woo, Anthony Rowe, and Patrick Tague

Stay informed

Sign up for news about MITRE Engenuity and the critical technical challenges facing our nation and world.

Subscribe to updates