Overview and structure

The competition runs in two different classes, Open and Student, with an open online qualifier and a finals event on-site in Stockholm.

The Open class is open to everyone and the Student class is targeted towards students from Sweden and the Baltic Sea EU countries.

The format is standard Jeopardy style CTF with familiar categories such as web, pwn, reversing and crypto.


The Open class is open to teams from anywhere in the world. The top seven teams of each class respectively proceed to the finals in Stockholm. In the Student class, four of the seven finals spots are reserved for teams from Swedish universities while the remaining three are reserved for teams from the Baltic Sea 8 EU countries (SE, FI, EE, LT, LV, PL, DE, DK). Furthermore, the top participants from the Swedish Championships in Security (High school) are invited to the finals.

In the qualifiers, there is no limit on team size. In the finals, each team may field five participants with no help from the outside world. In addition, the Student teams are allowed one on-site mentor. To be eligible for the Student class, each team member must be a current student born 1996 or later. One team member may be appointed mentor and is excepted from this rule.

To qualify for the finals, teams may be asked to submit write-ups on challenges they solved. Keep this in mind while solving challenges and keep notes and exploits for write-ups.

Qualifying teams will receive reimbursement for certain travel expenses and lodging facilities throughout the finals weekend.

The best performing teams in the finals will be awarded prizes.


These are the preliminary official rules. Make sure to check this page before the competition to see the latest version of the rules.

If any member of your team is found breaking any of these rules it will lead to the disqualification of the whole team from both the qualifiers and finals.

1. Use common sense
If you feel like what you're doing is disrupting the competition in any way, STOP doing it.
2. Don't share flags or solutions
Each team should solve each challenge themselves. Using internet resources for help on general aspects is allowed but specifics of a challenge may not be shared with other teams.
3. Don't disrupt
Don't attack other teams, and don't attack the contest infrastructure for any reason, including circumventing the challenge, preventing others from solving problems or submitting flags.
We/KTH, will log events on the challenge servers and the network traffic for research purposes.
4. One account per team
Each group of people participating should use exactly one account for submitting flags. Creating multiple accounts for any reason is not allowed.
5. Organisers decisions are final
There might arise situations which are not covered by these rules in which case the decision is up to the organisers and any decisions made are final.

Flag format

The flags that you find will usually follow the format midnight{flag}. This way, you will know you have the flag when you find it. Problems that don't follow this format will indicate that they don't follow the format next to their problem statement. If you believe you've found a flag but the scoring server is not accepting it, please contact the competition organisers.


In Midnight Sun CTF, we use a dynamic scoring system. Each challenge will start out being worth the same. The more teams solve a challenge the less points it is worth. Your team's total score is the sum of the points you obtain from every problem you solve. Teams are ranked in order by the number of points they have. Ties are broken by who solved their latest problem first, i.e. the team which last submitted a flag loses the tie breaker.


If you have any further questions, please send an e-mail to the organisers at contact@midnightsunctf.se