Announcing Facebook CTF 2019

By Gulshan Singh, Facebook Security Engineer

May 14, 2019

We’re excited to announce that Facebook will host its first global Capture the Flag (CTF) competition June 1-3, 2019. As part of the competition, participants will be tasked with solving various security challenges to earn points using skills like cryptography, reverse engineering, binary exploitation, web exploitation and more.

The challenges will range in complexity and are crafted for players at all levels—from those participating in their first CTF to others who are veterans several times over. We've included a few challenges in the competition that are based off of bugs we've come across through our bug bounty program.

We will award the following prizes to the top three teams that score the most points:

Third place: $1,000

Second place $2,000

First place: $3,133.70

For many of us on Facebook’s security team, participating in CTF competitions is what initially sparked our interest in security and these events have been a big part of our lives. In fact, the challenges in our CTF were designed by various members of our security team, including our Malware Analysis, Product Security and Red teams.

We see the upcoming CTF as an opportunity for our security team to pay it forward and share the fun we've had taking part in CTFs, encourage more people to try their hand at these competitions, and hopefully, participate in our bug bounty program. Since 2011, our bug bounty program has helped us keep Facebook safe and improve the security of our services thanks in large part to the collective talent of the global security community.

We hope you join us! You can sign up for the event at and you can find our CTFtime event at Happy hunting!

NO PURCHASE NECESSARY. Void where prohibited. Begins at 00:00:00 UTC on Saturday, June 1, 2019. Ends at 00:00:00 UTC on Monday, June 3, 2019. Subject to full Official Rules (available here:

Terms of Use | Copyright © 2002 - 2019 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement