Welcome to the
Mastercard Capture the Flag Series 2026!
Presented by the National Cybersecurity Consortium
CYBER RANGE POWERED BY ENFOCOM
Event Details
Date: Saturday, January 17, 2026
Time: 9:00 AM – 4:00 PM (Mountain Time)
Location: 📍Remote
Schedule Overview
All times above are in Mountain Time (MT).
What is This Capture the Flag All About?
This Capture the Flag (CTF) is a fun and educational cybersecurity competition for students from Canadian post-secondary institutions. Teams will tackle challenges in ethical hacking, cryptography, digital forensics, and online safety.
It’s a safe environment to explore real-world concepts, build confidence, and grow your skills while working together and having fun.
Challenge Format
The event runs on the CTFd platform and features challenges in:
- Cryptography (Crypto)
- Digital Forensics (Forensics)
- Reverse Engineering (Rev)
- Website Security (Web)
- Binary Exploitation (Pwn)
- Miscellaneous (Misc)
Solve problems, uncover hidden flags, and earn points—while tracking your progress and standings against other teams on the scoreboard.
Team Info
Teams must consist of 2 to 4 students from the same Canadian post-secondary institution.
Rules & Code of Conduct
The event's Code of Conduct and full set of Rules are provided for review and adoption.
Additionally, there are clear etiquette and conduct expectations for engaging within the CTFd and competition.
CTF Etiquette
You may only attack the challenges provided. The following actions are strictly prohibited:
- DDoS attacks
- Scorched Earth tactics (e.g., deleting challenge files)
- Modifying or deleting flag files
- Brute-forcing the infrastructure (not required for any challenge)
Example: In a SQL injection challenge, altering, dropping, or creating tables is forbidden as it may impact other participants’ experience. Please be considerate and play fair.
Permitted Tools: All tools are allowed as long as they are used to solve challenges and not to interfere with the platform or other participants. Tools should only be used when relevant to a specific challenge.
If you're unsure whether a domain, IP, or server is part of the CTF
environment—or if you have any other technical questions—please ask in
the official NCC CTF Discord
before interacting with it.
For more details on the Discord server, see the
FAQ.
Team Conduct
- All challenge solutions must originate from within your team—collaboration with other teams or outside parties is not permitted.
- Sharing flags, hints, or any challenge-related information with other teams is strictly prohibited.
- Flags must never be posted publicly or disclosed to other teams, including during or after events. If you’re unsure whether a flag is correct, open a private support ticket via Discord. Unauthorized sharing may lead to disqualification or removal from the event.
- Use of AI tools (e.g., ChatGPT) is allowed for learning purposes only—not for generating full solutions, scripts, or exploits.
- Participants are expected to understand the techniques they use and should not rely solely on AI-generated content.
Rule Enforcement
The organizers reserve the right to enforce these rules at their sole discretion. All decisions made regarding disputes, challenge validity, and participant conduct are final. See the Rules.
Violations of these rules, by an individual or a team, may result in disciplinary action, including disqualification from the competition and loss of prize eligibility. Teams are fully responsible for the conduct of all their members.
Prizes
Top-performing teams from post-secondary institutions will be rewarded for their skills and teamwork. Prizes are listed on the Mastercard CTF Series 2026 Presented by the National Cybersecurity Consortium Website: Link
Ready to Begin?
To get started, navigate to the “Challenges” page and log in. Good luck!
Questions? Visit the FAQ for help with rules, tools, troubleshooting, and more.