Overview
Join us for the National Cybersecurity Challenge, happening online from Wednesday, 1st April 2026 18:00 CEST to Friday, 1st May 2026 18:00 CEST. The objective of this competition is to foster a culture of information security, to educate and ultimately to have fun.
Participants will compete individually in solving different challenges, including reverse engineering, binary exploitation, cryptography and web security.
This Capture-The-Flag (CTF) event is open to participants of all skill levels, from aspiring enthusiasts to seasoned professionals. Not only will this competition offer valuable experience and knowledge, but you will also be in the chance to win prizes. The top 3 contestants will receive €700, €500 and €300 in vouchers, respectively.
To take part, participants need to register on https://play.cscg.live/ through a Discord account. During registration, in the Bracket please select ‘Malta’. It is recommended to join the CSCG Discord Server as the infrastructure for this CTF is hosted by the Germany organisers for a very similar National Cybersecurity challenge going on at the same time. Communication, announcements, and discussions related to the platform will be shared through this communication channel.
In the meantime, it is important to register in the form below to be eligible to win the prizes.
This competition is open to individuals that are:
- Maltese Nationals or Permanent Maltese Residents
- Passionate for cybersecurity and hungry for challenges
During the competition, direct hints regarding solutions are taboo, but as soon as you solve a challenge, you automatically get access to the Solved channel.
The scoring is dynamic – tasks that are solved more often are worth fewer points.
-
- One account per player for the challenge.
- Email confirmation required; winners will be contacted via registered email addresses.
- Collaboration with other players is prohibited. This includes (but is not limited to) sharing hints, exploits or flags.
- Use of automatic scanning tools and excessive traffic generators is prohibited.
- Attacking other participants or challenge infrastructure is strictly prohibited.
- Altering challenge behaviour or generating excessive load is not allowed.
- Asking privately for hints (to organisers or players) is prohibited. This is valid for both asking and giving hints.
- Only points from the Challenges of the Second Cycle will be eligible for the Malta National Cybersecurity Challenge 2026. These will be clearly tagged as SECOND_CYCLE within the Tasks page (https://play.cscg.live/tasks/). Any task done from the FIRST_CYCLE will NOT contribute to the final scores of the Malta National Cybersecurity Challenge 2026 scoreboard. FIRST_CYCLE tasks can still be attempted for practice purposes but are purely optional. For clarification, the valid SECOND_CYCLE task names will be listed hereunder within 48 hours of being published.
- The list of tasks for the SECOND_CYCLE are the following (MITA-NCC is not the author, but the full names of the authors can be found on the platform.):
Name Difficulty Categories Release .NETT hier Medium Misc second_cycle Barely on Time Hard Reverse Engineering, Crypto second_cycle Bloatware Medium Pwn second_cycle Cafe Latte Hard Reverse Engineering second_cycle Gloomweaver Medium Reverse Engineering second_cycle Innovation at Work Easy Web second_cycle Intro Crypto 1 Easy Crypto second_cycle Intro Crypto 2 Easy Crypto second_cycle Intro Crypto 3 Easy Crypto second_cycle Intro Forensics 1 Easy Forensics second_cycle Intro Forensics 2 Easy Forensics second_cycle Intro Forensics 3 Easy Forensics second_cycle Intro Reverse Engineering 1 Easy Reverse Engineering second_cycle Intro Reverse Engineering 2 Easy Reverse Engineering second_cycle Knowledge Base Medium Web second_cycle mystical Easy Reverse Engineering, Misc second_cycle One Bit Medium Misc second_cycle qemu-system-cris Hard Pwn second_cycle quantosaurus Hard Crypto second_cycle String SaaS Medium Misc, PWN second_cycle Table Madness Medium Misc second_cycle this-is-art Hard Pwn second_cycle ZIPPER Easy Crypto second_cycle - Organisers reserve the right to interview participants about their challenge approaches.
- Prizes for the Malta Cyber Security Challenge 2026 are strictly redeemable upon presentation of proof meeting the eligibility criteria.
- The scoreboard from the CSCG challenge is not the official scoreboard for the National Cybersecurity Challenge 2026. The official scoreboard will be published on the MITA-NCC.
- Results for the National Cybersecurity Challenge 2026 will be published within two weeks after the end of the Challenge. These will be available on the website and on the MITA-NCC social media channels.
- In case of any difficulties, please feel free to get in touch through [email protected].
1. Definitions
1.1. “Challenge” means the Malta National Cyber Security Challenge 2026 including all rounds, events and activities;
1.2. “Communication Channel” means the official communication Discord channel designated by the Organiser as an official medium for all Challenge related communications;
1.3. “Organiser” means Malta Information Technology Agency;
1.4. “Participant” means any individual who is participating in the Challenge;
1.5. “Platform” means the digital platform, system, infrastructure, network and digital environment including all of the underlying code and intellectual property rights in connection with the Challenge;
2. Eligibility and Registration
2.1. Participation is open to all individuals who satisfy the eligibility criteria published by the Organiser.
2.2. The Organiser reserves the right to verify the eligibility of any Participant at any stage and to disqualify the Participant who does not satisfy the eligibility criteria.
2.3. The Organiser may disqualify a Participant who provides false or misleading information.
3. Official Communication Channel
3.1. The Organiser has designated the Communication Channel for the purpose of disseminating all Challenge related information and to enable community interaction among the Participants.
3.2. Participation in the Communication Channel shall be on a voluntary basis. If a Participant decides to participate in the Communication Channel, the Participant accepts to do so subject to these Terms and Conditions and any other channel-specific rules as may be established by the Organiser.
3.3. The Organiser does not moderate the Communication Channel in real time and cannot guarantee that all content posted therein is accurate, complete, lawful or appropriate.
3.4. The Organiser shall not be responsible for any content, information or opinions posted by Participant or any third parties, irrespective whether or not such content relates to the Challenge.
3.5. Participants shall not use the Communication Channel to:
3.5.1. post any content that is offensive, defamatory, discriminatory or otherwise unlawful;
3.5.2. distribute or share malware, malicious links or any harmful code;
3.5.3. engage in unsolicited advertising, spam or solicitation; and
3.5.4. disclose any personal data of other Participants;
3.6. The Organiser reserves the right to remove any Participant content posted on the Communication Channel and the Organiser may remove or ban any Participant from the Communication Channel at its sole discretion without prior notice.
3.7. The Organiser accepts no responsibility for any unofficial channels, groups or platforms created by the Participants or third parties.
4. Terms and Conditions
4.1. The Participant shall only interact with the Platform as expressly indicated as part of the Challenge. Participants shall not attempt to exploit, disrupt or misuse the Platform associated with the Challenge.
4.2. Participants shall conduct themselves professionally and with integrity at all times when interacting with the Platform and the Communication Channel. Harassment, intimidation or discrimination against any the Organiser or any other Participant or individual shall not be tolerated and may result in immediate disqualification.
4.3. All knowledge or skills gained through the Challenge, including but not limited to offensive security techniques, exploitation methods, vulnerability identification or reverse engineering, is provided solely for the purpose of education and the promotion of cyber security.
4.4. Each Participant shall not use any knowledge or skills gained through or in connection with the Challenge for any purpose that is in contravention of the laws of Malta or unethical. Breach of this clause may, in addition to disqualification from the Challenge, give rise to civil and/or criminal liability.
4.5. The Challenge, the Platform and all associated content and data are provided on an “as is” basis and without any warranty of any express or implied kind.
4.6. The Organiser, its officers, employees and agents and the Platform and its services providers shall not be liable for any loss of direct or indirect damages arising out of or in connection with the Challenge and Platform. The Participants shall hold harmless the Organiser, its officers, employees and agents and the Platform and its services providers against any claim, liability, loss, damage, cost or expense arising from the Participant’s breach of these Terms.
4.7. The Organiser reserves to right to disqualify any Participant, at its sole discretion, for a breach of any of these Terms and Conditions, conduct which is prejudicial to the integrity of the Challenge or any conduct that the Organiser considers unethical, unlawful or contrary to the spirit of the Challenge.
4.8. The Organiser shall not be held liable nor assume responsibility for any actions or omissions or other performance by any Participant of the Challenge, whether intentional or unintentional, that may result or are perceived to have resulted from any information or knowledge shared throughout the Challenge.
4.9. These Terms and Conditions may be amended by the Organiser at any time. Participants will be notified of material changes. Continued participation following notification of changes constitutes acceptance of the amended Terms.
4.10. These Terms and Conditions shall be governed by and construed in accordance with the laws of Malta.
