logo
        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.

          Subscribe

Embedded Capture the Flag:
Team Advisor Info

eCTF COMPETITION FORMAT

Over each Spring semester, hundreds of students compete in MITRE’s Collegiate Embedded Capture the Flag (eCTF) competition.

MITRE’s eCTF is unique from other CTF competitions. First, the focus of the eCTF is on embedded systems, which present a new set of challenges and security implications. Second, the eCTF balances offense and defense by testing and awarding both sets of skills.

The competition is split into two six-week phases: “design” and “attack”. In the design phase, students develop a secure embedded system that meets a provided set of requirements. In the attack phase, students compete to break the security of other teams’ designs.

Our students tend to gravitate towards pentesting, red-teaming, and blue-team areas, so designing and building a system like this from the ground up is somewhat new and challenging for them. It’s not something they otherwise get a ton of experience in.

2022 Faculty Advisor

%

Learned More About Embedded System Security

Spend 2 months to design and implement a “secure” system, which is hacked in 4 hours by other teams. No better way to teach the students security is brutal.

2022 Faculty Advisor

%

Enjoyed Participating in the eCTF

WHAT STUDENTS GET OUT OF THE ECTF 

Throughout the competition, students have the opportunity to learn hard and soft skills not often taught in the classroom. 

During the design phase, students grapple with designing and building a realistic, large-scale system and meeting complex security requirements without sacrificing functionality. This open-ended task promotes problem-solving and offers what are many students’ first experiences in project management, cybersecurity, and embedded systems. Students also gain an in-depth understanding of cryptography through the design and implementation of their secure protocols. 

During the attack phase, students learn hands-on, real-world attacks in an unparalleled experience. Since the designs being attacked are created by other teams, students search for and encounter real, unintended vulnerabilities, rather than pre-canned challenges that are often used in other CTFs. 

THE ECTF AS A COURSE 

Many schools offer the eCTF as a for-credit course, often as a special topics course, seminar, or independent study. We strongly recommend this route as it helps students commit time for the competition and recognizes and awards students for their efforts. 

An example syllabus is available upon request. 

The eCTF challenge defines several artifacts and deliverables that universities can use as course assignments. These include design documents, offensive and defensive write-ups, and the system implementation/code itself. 

Of course, faculty may also choose to augment the competition with additional lectures or readings. 

Thanks so much for the time spent to host an awesome competition, and especially one that works as a capstone opportunity. Making the timeline roughly match the university semester meant I was able to use this for class and engage with it more thoroughly than I would have been able to if it was just a time-intensive extracurricular activity.

2022 eCTF Competitor

75%

Of teams that made it the 2022 attack phase were offered college credit.

300%

More likely for a team that was offered college credit to make it to the attack phase.

30%

Higher average self-reported learning outcomes by students who were offered college credit.

NEXT STEPS

If you are interested in the eCTF, please reach out to ectf@mitre.org to join our email list for updates about the competition. You may also want to begin the process of creating a for-credit course for your team next semester. 

During the fall semester, you should begin reaching out to potential student competitors. Good avenues for finding interested students include reaching out to relevant student clubs or groups, announcing the competition in related classes, and posting flyers in public areas (example flyer here).

Beginning in September, advisors will be able to register your intent to field a team.

Beginning in December, individual competitor registration will open up, which each student on your team will need to complete before the competition begins in mid-January.

Timeline diagram showing event schedule: Team Registration Opens in Sep, Individual Competitor Registration Opens in Dec, eCTF Kickoff in Mid-Jan, Attack Phase Begins in Late Feb, Attack Phase Ends in Early Apr, and Award Ceremony in Mid-Apr.

Stay informed

Sign up for news about MITRE Engenuity and the critical technical challenges facing our nation and world.

Subscribe to updates