Welcome to the FIRST 2022 CTF!

About the CTF

The FIRST Challenge is a series of technical problems designed to provide a fun opportunity to utilize creative technical problem solving abilities to solve incident response inspired challenges.

The CTF consists of a series of technical exercises where the participants must find an answer, a flag, and submit to the CTF platform. Every correct flag submitted increases a team’s score. New challenges are released daily during the event.

Categories of challenges may include:
  • network,
  • cryptography,
  • reverse engineering,
  • programming,
  • miscellaneous,
  • puzzle and others.

To participate, it is strongly recommended to build a team of up to 4 members. Teams might create their own strategies to attribute the tasks and explore the best knowledge of their players on the different areas.
The primary purposes of the CTF is to work together, challenge your knowledge, be creative, make new friends, define strategies, and have fun.

Prices will be offered to the first 3 teams who have a least one representative on-site at the conference.

Who is creating the CTF?

This year's challenge is made possible with the generous support from the FIRST SecLounge SIG volunteers and:









Day Time (UTC/GMT+1 Dublin time) Session
Monday, June 27 09:00 Opening session
Mon–Thurs, June 28 - 30 Challenge Starts: Monday @ 12:00
Challenge Ends: Thursday @ 17:00 local time
Participants can access the challenges and submit their answers until Thursday at 17:00
Friday, Jully 1 12:30 Closing session


Rank Price
1st (winner) Intel NUC devices
2nd Rasberry Pi 4
3rd Bluetooth Speaker

Collaboration and support

The hybrid nature of this year's event offers wider opportunity for participation than the usual annual conference venue. However hybrid nature of the event also means that support will be offered at the usual onsite Security Lounge and via Mattermost.

To facilitate collaboration a virtual Security Lounge is being established. The lounge is hosted on a dedicated MatterMost platform that provides features similar to Slack. It offers both an area for public information sharing among all participants and private discussion among individual teams.

After completion of registration, a seperate Virtual SecLounge account will be generated. Look for an e-mail from seclounge@firstseclounge.org which will contain login details and credentials for the Virtual SecLounge server. Should you encounter any issues accessing the platform, the SecLounge SIG team may be contacted at: seclounge@firstseclounge.org

Collaboration on MatterMost happens in entities called Teams. Individual accounts are able to create private Teams as well as private Channels on the MatterMost server. Private Teams may be utilized for team collaboration activities including chat, file sharing, etc. The public SecLounge Team will continue to be available throughout the challenge for general discussion with all participants and SecLounge SIG volunteers.

Access to the Virtual SecLounge is possible any time after registration (and, before the Challenge kick-off). This will allow for teams to be formed prior to Challenge kick-off.


Both individual and team registration are done directly through this website. When registering, individuals will have the option to create a new team or join an existing team. Once a team selection is made, changes to an individual's team membership are not possible. To register, you will need the access code provided by FIRST.org as part of your registration to the conference.

Eligible players are encouraged to register as a team of up to four players. Individuals or those teams with fewer than four players should contact a SecLounge SIG volunteer on MatterMost for assistance in forming a four-person team and we will try to match you up with other players. One of the purposes of the FIRST Challenge is to meet new people within our field. So we encourage you to sign up and make some new friends.

Physical prizes are awarded to winning teams to the first 3 teams. However, a physical presence of a least one team member is required to collect the prices at the end of the conference. Winning teams will be given an opportunity to present on their experience and how they tackled some of the more difficult challenges.

The FIRST Challenge Framework website will be the authoritative platform for current challenge standings and challenge information. The SecLounge SIG may exceptionally make modifications to scores or other elements within the framework website due to technical errors or other unforseen circumstances with the intent of ensuring a fair and fun challenge for all participants.

FIRST Challenge Details

Important annnoucements made during the challenge will be automatically pushed out in real time to all clients connected to the framework website on all pages of the website (with an audible alert). There is no need to continually refresh the page to receive notifications. All previous notifications are published on the framework website under the "Notifications" page. Participants are encouraged to monitor this page for important announcements during the challenge.

Additionally, announcements may be made via the MatterMost collaboration platform. All participants are encouraged to monitor and participate in both the public channel as well as their Team's channel(s) for relevant information related to the Challenge.

A new set of challenges will be made available daily at 09:00 UTC. This will ensure that all teams have the same amount of "daylight" (with the exception of Thursday's challenges) to solve a challenge irrespective of their timezone. Once a challenge has been released it will be made available until the completion of the challenge on Thursday June 30.

Each challenge has a point value (100-500 points) that is awarded upon successful completion. There is no bonus or penalty for the order in which challenges are solved. All teams will receive the same number of points for each solve.

Team rankings are determined first by score and then by the order in which the latest challenge was solved (e.g.: in the event of a tie). If more than one team has the same score, the team rankings will be determined by the timestamp on the latest correct challenge submission. In this case, the team with the oldest timestamp is ranked the highest.

Many challenges have hints available to assist in solving the challenge. Usage of a hint has an associated point cost. Hints may be "purchased" for the specified amount provided a team has already earned enough points by solving other challenges. The hint cost will be deducted from the team's score. In general, the higher the cost of the hint, the more helpful it is intended to be.

The FIRST Challenge will conclude on Thursday at 17:00 UTC and at that time, the team with the most total points will be deemed the winner unless there is a tie, in which case the ranking displayed on the framework website utilizing the rules outlined above will be used to determine the winner.

Be patient, persistent and don't give up! Every day we'll be releasing new and fresh challenges that will allow you to make up any points you missed on previous days. Many of these are independent challenges, meaning they don't depend on previous challenge results.


  • Pay close attention to answers to the challenges, especially regarding spaces and special characters.
  • Challenges that are multi-part may not have some parts visible until the previous part is solved (the challenge part number is inidcated in the title).
  • All challengenes are designed to be solvable using standard free or open source tools. A standard Linux workstation or forensics focused VM (such as REMNUX or SIFT) should be sufficient.
  • Any attempts at cheating, multiple registrations, brute force or malicious actions against the challenge framework and corresponding infrastructure will result in immediate exclusion from the challenge for the offending team. The intent of the challenge is to engage in the competition, not to attack the system.
  • The organisation team (SIG SecLounge) reserve the right to exclude any member engaged in an activity deemed inappropriate. Any dispute will be resolved by the SIG SecLounge members.

Have fun and good luck!