Another Record-Breaking Year: 5th Annual Dragos Capture the Flag (CTF) Results

It’s hard to believe our fifth annual Dragos Capture the Flag (CTF) is already behind us. Each year, this event continues to grow, drawing cybersecurity professionals from around the world to put their OT and ICS skills to the test. The global participation and diversity of talent never cease to amaze us—this year’s event was no exception, featuring players from 90 countries and 1,115 different cities, along with many returning teams who’ve made the Dragos CTF part of their yearly tradition.

Capture the Flag (CTF) is a cybersecurity competition designed to challenge participants’ technical skills through hands-on problem-solving. In a CTF, individuals or teams compete to find and “capture” hidden digital flags, unique strings of text that serve as proof of successfully completing a challenge. Each challenge typically simulates a real-world cybersecurity scenario, such as identifying vulnerabilities, decoding encrypted messages, analyzing PCAPs, or exploiting weaknesses in a system.

Ultimately, a CTF is more than just a competition. It’s an engaging, gamified way to build real-world cybersecurity skills while fostering collaboration and innovation across the global security community.

The Dragos CTF is a one-of-a-kind competition focused on industrial control systems (ICS) and operational technology (OT) security. It’s designed to challenge participants at every level, whether you’re just getting started or you’re a seasoned veteran in the field. Through a mix of real-world scenarios and hands-on challenges, participants gain valuable experience with both fundamental and advanced tactics, techniques, and procedures (TTPs) used in OT environments.

At Dragos, we believe that the best defenders understand how attackers think. That’s why our CTF combines the perspectives of both the Blue Team (defenders) and the Red Team (attackers). The Red Team pushes the limits, probing networks, domains, and configurations to uncover vulnerabilities while the Blue Team learns to detect, defend, and respond to those same threats in real time.

By experiencing both sides of the cybersecurity battle, participants walk away with deeper insight, stronger defensive instincts, and a renewed appreciation for the critical role of cybersecurity in protecting industrial environments.

Building a competition that challenges nearly 2,000 players across 90 countries doesn’t happen overnight. Here’s how the Dragos CTF team brings this event to life each year.

The Dragos CTF wouldn’t be possible without the incredible team behind it. The creative minds who craft the story, design and develop the challenges, and spend countless hours testing and refining every detail to make sure the game runs flawlessly. Each member of our CTF team volunteers their time and talent to bring this event to life, and their dedication is nothing short of inspiring. A huge thank you to everyone who went above and beyond to make this year’s CTF an unforgettable success.

This year, we set out to deepen participants’ understanding of the SANS ICS 5 Critical Controls. Dragos accomplished this through an exciting lineup of hands-on, real-world scenarios. Each challenge was designed to test players from both offensive and defensive perspectives, pushing their technical skills and strategic thinking to the next level.

Building on last year’s success, we once again leveraged the MITRE ATT&CK® for ICS framework and the ICS Kill Chain, incorporating both Stage 1 and Stage 2 to create a more immersive and authentic experience.

We also introduced challenges rarely seen in traditional CTF events, which often focus solely on IT environments. Participants followed the mischievous fictitious adversary, Ember Jackals, as they executed a full-scale attack from initial access (via Phishing) and discovery, all the way through collection, lateral movement, and the ultimate pivot into the ICS environment.

The final phase of building the CTF was all about precision and quality, validating and verifying every single challenge before launching. As more Dragos professionals joined the effort, the team meticulously reviewed challenge descriptions, artifacts, hints, and flags to ensure everything was accurate, fair, and solvable.

After carefully reviewing all 33 challenges, the team moved into deployment and conducted one final round of rigorous testing to make sure everything was ready for game day. Reaching this final milestone marked a major achievement, the moment we knew it was go-time for competitors around the world to jump in and put their skills to the test.

To keep communication seamless and fair, Dragos leveraged Discord to connect directly with individual participants, ensuring hints and solutions stayed private for those who requested them. Depending on the challenge’s difficulty and each participant’s progress, the Dragos CTF support team provided guidance ranging from subtle nudges in the right direction to clarifications on answer formats and strategic tips on how to approach a problem.

Throughout the event, our dedicated support team stayed busy, responding to hundreds of support requests. Their commitment and responsiveness helped participants stay engaged, motivated, and on track, ensuring everyone had the best possible CTF experience.

Enough overview, let’s get down to business—the Dragos CTF 2025 results. Let’s look at who participated in our CTF competition this year and get a breakdown of how well all participants performed and who were the top 5 leaders.

OT security is a global topic that is represented by our players. Dragos identified participants competing from around the world, specifically 90 countries and 1,115 cities, encompassing over 5,000 public IP addresses. In addition to the expected strong competition from North America, Europe, and Asia, Dragos noted that other continents (Australia, Africa, and South America) put forward a strong showing, demonstrating their skills across all challenges.

At the end of the 48-hour challenge, three teams succeeded in completing all challenges in the competition. Many teams showed impressive motivation and exceptional skills in solving our challenges, and the feedback shows that we hit the mark (not too easy, not too hard, and not unfair). An overall good mix that our players enjoyed.

At Dragos, we strive to create a balanced and inclusive competition, one that’s equally rewarding for newcomers exploring offensive security for the first time and for seasoned professionals leading red teams. Achieving that balance is no small feat, but it’s one we’re deeply committed to.

To make it happen, we design our CTF challenges across five levels of difficulty (Easy, Normal, Moderate, Hard, and Extreme) ensuring there’s something for everyone, from learners to experts. Players aren’t penalized for incorrect answers, allowing beginners to experiment, learn, and grow without fear of losing points.

For Easy, Normal, and Moderate challenges, hints are free to encourage exploration and problem-solving. However, for the Hard and Extreme categories, we deduct one point per hint, a way to recognize and reward those who truly rise to the top of the leaderboard. Let’s breakdown each category and see where the bottleneck was during the competition.

The 2025 Dragos CTF was a record-breaking event, our biggest and most competitive yet. Each year, participation continues to grow, and this year was no exception. Nearly 2,000 players registered to take on the challenge, forming over 1,200 teams from around the world.

Out of all those teams, only three managed to conquer all 33 challenges, an incredible accomplishment that highlights just how tough (and rewarding!) this year’s competition was.

These results showcase the incredible skill and determination required to master OT security challenges:

• 1^st Place: Gr1dGuardi4ns (Australia) completed all 33 challenges, only taking one hint. They completed the competition with 19,899 points.
• 2^nd Place: hxteam (Saudi Arabia) completed all 33 challenges but took one more hint than Gr1dGuardi4ns. They completed the competition with 19,898 points (a game of inches!).
• 3^rdPlace: OTóż.to (Poland) completed all 33 challenges but took two more hints than hxteam. They completed the competition with 19,886 points.
• 4^th Place: Adamastor (Portugal) completed 32 of the 33 challenges. They completed the competition with 18,900 points.
• 5th Place: TugaPwners (Portugal) also completed 32 of the 33 challenges. They finished the competition with the same points as Adamastor, with 18,900 points.

The Dragos CTF team extends a huge thank you to everyone who dedicated their work week to participate in this year’s competition. Your time, energy, and enthusiasm mean the world to us. We love seeing both newcomers and seasoned players dive into the challenges, collaborate, and push their skills to new heights.
Whether you solve one challenge or all 33, the real victory is in learning something new and gaining a deeper understanding of OT-specific TTPs along the way. Your curiosity and determination are what make this event so special.

Thank you all for playing—We’re proud to continue building this global community of passionate OT defenders and can’t wait to see what Dragos CTF 2026 brings.

1. As an OT asset owner and operator, strengthening your OT cybersecurity posture begins with understanding where you and your organization stand today. Start by exploring the SANS ICS 5 Critical Controls, organizations can establish a structured framework for assessing and improving defenses.
2. Download our free benchmarking guide to assess your current OT environment. Benchmarking your current OT environment against these controls can help identify strengths, gaps, and next steps to reduce risk and enhance resilience.
3. Finally, to support your ongoing learning, the Dragos OT-CERT program offers free resources, tools and guidance, empowering industrial organizations to apply proven practices and build a stronger, more secure operational foundation.