Skip to main content

Internal CTF development

CTF stands for 'Capture-The-Flag' - the most popular type of information security competitions. CTF competitions were modeled around traditional military exercises, however even further gamified. As a matter of fact, military and government institutions, as well as private companies regularly organize such events.


The goal of a CTF is generally to raise awareness of security issues and to increase knowledge of the information security domain while keeping a game-like experience that helps increase cooperation and mutual education on the topics. The efficiency and effectiveness of organizing internal company CTFs is widely acknowledged and many leading IT companies regularly undertake such efforts - for example, Google has a (public) CTF competition, Facebook has developed an entire open-source platform for running them and most companies with an interest in information security either host their own (internal or public) CTF, or sponsor one of the many public online CTF events, available throughout the year (see here for a rather complete list).


CyResLab has a long and extensive history in organizing CTF events. Our courses in the Sofia University also include CTF exercises as a grading component. Among the other CTFs we have hosted are:

  • OpenCTF (an introductory offline CTF competition)
  • CTF*BG (our CTF brand)
  • The yearly CryptoBG Summer School CTF (branded as CTF*BG)

As such, we are the perfect fit for your organization's need for an internal CTF competition.


Service includes:

  • Infrastructure setup (CyResLab or client-provided equipment, public or private cloud)
  • A set of CTF problems in a variety of categories, aligned with the client's business, including:
    • Web application security
    • Mobile application security
    • Forensics
    • Networking
    • (Binary) Reverse-engineering
    • (Binary) Exploitation
  • A written solution (a.k.a. 'write-up') of the problems, along with Proof-of-Concept code, where applicable
  • Results breakdown and analysis


Ideal for: Clients that are interested in improving the information security knowledge and skills of their employees.