UofTCTF 2026
CTFTIME DISCORD

UofTCTF 2026

The competition has ended.

UofTCTF 2026

UofTCTF 2026 is the annual capture-the-flag competition organized by the UofTCTF team.

It will be a jeopardy-style CTF with classic categories like web exploitation, reverse engineering, binary exploitation, OSINT, cryptography, forensics and more.

Prizes

Open Division

  • 1st: $1337 USD + Offsec Course + Cert Bundle
  • 2nd: $777 USD + Binary Ninja License
  • 3rd: $512 USD
  • Writeups: 5 x $50 USD

UofT Division

  • 1st: $350 CAD + Binary Ninja License
  • 2nd: $250 CAD
  • 3rd: $100 CAD

Sponsors

Rules

Introduction

By participating in the UofTCTF 2026 (the “Competition”), you are agreeing to fully comply with the Competition Rules. If you do not agree to the terms as stated, you must discontinue participating in the Competition.

Ammendments

The organizers of the Competition may modify the Competition Rules at any time and with immediate effect. In the event of a modification, the organizers will announce such changes through the event notification system and/or the Discord server.

Competition Eligibility

Individuals participating in the Competition (the “Participant”) shall:

  • Form a team alone or with up to any number of Participants (“Teams”); and
  • Have an account registered on the CTF platform at play.uoftctf.org.

Divisions

There are two divisions, the "Open" and the "University of Toronto" (UofT) divisions. Teams are enrolled by default into the Open division. In order to enroll in the UofT division, each Participant in the Team must be formally enrolled at the University of Toronto (Toronto, Ontario, Canada). The organizers reserve the right to verify the enrollment status of any Participant at any time during the Competition.

Prize Eligibility

Teams in the Open division are eligible for prizes in that division. Teams in the UofT division are eligible for prizes in both the UofT and Open divisions. If a UofT division team wins a prize in the Open division, they will receive the Open division prize, and the UofT division prize will be awarded to the next highest-ranking UofT team.

Competiton Rules

  • The flag format is uoftctf{...} unless otherwise specified.
  • Do not share or post any flags or solutions publicly during the CTF.
  • Attacking event infrastructure (DoS/DDoS) is strictly prohibited.
  • Brute-forcing flags on the event website is prohibited.
  • Automated fuzzing tools (e.g. dirbuster) are not allowed for challenges unless explicitly permitted.
  • Cross-team collaboration is not allowed. Do not discuss challenges with members from other teams.
  • Do not interfere with other teams by attacking their machines or other undesignated targets.

Any violation of the rules will result in immediate disqualification of the Team. The organizers reserve the right to disqualify teams if they are suspected of breaking the rules.

FAQ

What is a CTF?

A cybersecurity competition wherein users find hidden strings called 'flags' that are used to obtain points.

Who can participate?

We have an open division for anybody with interest in security to participate! UofT students only get their own prize category.

Is there a team size limit?

There is no team size restriction.

Is the competition online?

The competition is completely online. We will have a small opening ceremony to as well to greet online participants.

Contact

@ 2026 UofTCTF. All Rights Reserved.