top of page
Capture the Flag Biohacking Village

Capture the Flag

A scenario-driven Capture the Flag contest, pits teams of participants against adversaries and a clock, to protect human life and public safety. Participants compete against each other on both real and simulated medical devices, integrated into the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. 

Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.


CTF Challenge 2023

Adversaries have gained a foothold in your local hospital and are increasing control over clinical systems and medical devices. They soon make it clear they’re not after patient records or financial information, but instead hope to disrupt care delivery, putting patients lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary and, above all else, protect patient lives. This years CTF storyline is a digital twin hospital with challenges related to:

  • OT/IT

  • Medical devices

  • Hospital infrastructure

  • Regulatory and international affairs

  • Robotics

  • Data

  • Gameplay begins on August 11th at 10a Pacific with fun times for all!

To participate sign up here.



  • Participants may only register once for this challenge. If participants register for this challenge more than once, the whole teams with a participant that registered multiple times will be disqualified

  • By registering, participants agree that their accounts may be rejected or terminated and all submissions by them and/or their Team may be disqualified if any of the information in their account is incorrect.

  • Participants must agree to and abide by the Code of Conduct while participating in the Biohacking Village Capture the Flag. Anyone who will conduct themselves against the CoC will be eliminated from competition and banned forever


  • After participants register individually, they may work alone (team of one) or on one team with other challenge participants. To work on a team, they may either create a new team or join one that is pre-existing ( if a participant wishes to join a team or offer others to join, they can do so in the #ctf-st-elvis-teambuilding Discord Channel)

  • The maximum number of team members is five (5).

  • All teams must designate a Team Captain. A Team Captain serves as the official contact person for a team: this person should provide accurate and complete contact information to ensure that CTF organizers can reach their team if needed.

  • Each member of the team must be a registered participant in the CTF.

  • If participants choose to join a team, then they may not simultaneously participate as an individual or another team. 


  • All submissions must be received during the Challenge period. Submissions posted after the posted time frame will be disqualified.

  • Participants may get an answer but it will forfeit their points for that challenge. Even if the flag they tried before was similar. The decision to get the answer is final for zero points.


  • Each submission has set value known beforehand in the challenge description

  • The winning teams will be decided based on the number of the accumulated points during the CTF timeframe. In case two teams accumulate the same amount of points, the team that reached the amount of points in question faster will be the winner.


  • Whole team gets disqualified if any of the following applies:

    • One or multiple team members have registered more than once

    • One or multiple team members will not follow Code of Conduct (applies to any of the Biohacking village platforms or social media)

    • Any offensive behaviour such as attacking the Biohacking Village infrastructure, denial of service, or escaping the boundaries set by the CTF or Device Lab environment


  • Unless stated otherwise on the mainsite, we do not share any information about participants with anyone. Some events or conferences might have/require other rules, in that case it will be noted on the CTFd site.

Tips, Tricks and Tools


Security training for developers

"Hack real, vulnerable web applications to learn how security exploits work."

Awesome CTF


Check your skill level!


bottom of page