Top 20 Annual Online Cybersecurity Hackathons and CTFs

KnightCTF Kicking off the year strong, KnightCTF is an international student-focused Jeopardy-style CTF that’s been running annually since its inception, drawing thousands of participants worldwide. Expect challenges in web, crypto, and forensics, all designed for collaborative team play. It’s completely free, with a 48-hour window to rack up points. Benefits include mentorship from industry pros, swag drops, and archived challenges for post-event practice—perfect for building that first portfolio writeup. (Prize pool: Free entry with swag and mentorship perks; no cash prizes specified).

Insomni’hack Hosted by Swiss security enthusiasts, Insomni’hack’s online qualifiers have become a staple since 2012, blending intermediate-level puzzles in reverse engineering, hardware hacking, and web vulns. The event spans 48 hours and is free for all, attracting over 1,000 teams. Standout perks: Up to €10,000 in prizes, live streams with expert commentary, and a vibrant Discord community for ongoing skill-sharing across streams like IoT and crypto.

BSides SF CTF Tied to the renowned BSides security conference, this free online CTF has evolved into an annual February fixture since 2010, emphasizing practical defenses in threat hunting and incident response. With 24-48 hour challenges covering forensics and networking, it’s ideal for mid-level players. Participants rave about the networking—post-event job leads are common—and the swag packs that include tools like custom USB drives. (Prize pool: Free entry with swag packs like custom USB drives; no cash prizes specified).

picoCTF (Carnegie Mellon University) The granddaddy of beginner-friendly CTFs, picoCTF returns every March as the world’s largest free hacking comp, courtesy of CMU’s CyLab. Over 400 challenges span all streams, from misc puzzles to pwn, with built-in tutorials for newcomers. The 14-day event offers up to $10,000 in prizes, swag, and even a CMU campus visit for top scorers. It’s a resume goldmine, with alumni landing roles at FAANG companies.

HackTheBox Cyber Apocalypse HackTheBox’s flagship annual CTF, Cyber Apocalypse, unleashes a multi-stage RPG-themed extravaganza in spring, free for all platform users. Since 2021, it’s grown to 50+ challenges in cloud, web, and binary exploitation, playable solo or in teams over five days. With a $95,000+ prize pool in 2025, plus HTB Academy credits and badges for LinkedIn, it’s a hotspot for practical, job-relevant learning.

DEF CON CTF Qualifier The DEF CON CTF Qualifier, an annual cornerstone since 1996, runs in April as a 48-hour online Jeopardy-style prelude to the August onsite finals in Las Vegas, drawing 1,000+ global teams to tackle elite challenges in web, crypto, reverse engineering, and pwn, organized by top hacker collectives like Order of the Overflow. Open to all skill levels, it qualifies the top 20 teams for DEF CON, blending academic and professional talent in a high-stakes digital arena. As a yearly tradition, it’s renowned for pushing cybersecurity boundaries with novel exploits shared post-event. The prize pool for qualifiers is modest (~$5,000 USD in swag and travel stipends), but the real reward is a shot at DEF CON’s prestigious black badges. With transparent rules on ctf.defcon.org (no team size limits, anti-cheat enforced), it’s a resume-defining gateway to elite hacking circles. Participants often leverage write-ups for roles at firms like Microsoft, making it a must-play annually.

PlaidCTF (MIT) MIT’s brainchild since 2014, PlaidCTF is the academic powerhouse of annual CTFs, held online in late spring with advanced research-oriented challenges across every stream imaginable. Free entry means no barriers to tackling novel problems in crypto and reverse engineering. Prizes top $20,000, and the event’s debriefs often lead to publications or grad school nods—networking with MIT profs is the real jackpot.

IERAE CTF Japan’s IERAE (International Environment Research and Assessment Event) CTF, annual since 2015, focuses on GMO Cybersecurity themes with free online quals in forensics and crypto. The 24-hour format suits busy pros, and with global participation, it’s a cultural bridge for diverse teams. Benefits? Insightful post-mortems and ties to enterprise sponsors for certs like CompTIA Security+. (Prize pool: Free entry with certs like CompTIA Security+; no cash prizes specified).

Google CTF Alphabet’s high-stakes annual showdown, Google CTF, drops in midsummer with quals and finals that mirror real Google-scale threats in pwn, forensics, and networking. Free and fully online since 2016, it pulls in elite teams for 48-hour battles. Beyond $30,000+ prizes and exclusive swag, top finishers get recruiter spotlights, making it a launchpad for Big Tech careers.

No Hack No CTF A summer staple since 2018, this free Jeopardy CTF from the No Hack No Conference crew emphasizes fun, fast-paced challenges in web and misc streams over two days. It’s online, open to all levels, and has seen steady growth to hundreds of teams. Perks include community-voted swag and writeup contests, fostering that collaborative spirit essential for long-term cyber growth. (Prize pool: Free entry with community-voted swag; no cash prizes specified).

DownUnderCTF DownUnderCTF, Australia’s premier annual online Jeopardy CTF since 2020, runs in July for 48 hours, hosted by a community-led team, drawing 1,500+ global participants with beginner-to-advanced challenges in web, crypto, pwn, and forensics, per downunderctf.com guidelines (teams up to 4, no restrictions). Its inclusive design includes educational streams and post-event write-ups, fostering skill development. As a yearly event, it strengthens the Asia-Pacific hacking scene with culturally infused puzzles. The prize pool offers $10,000 USD, with $3,000 for first, plus swag and cert vouchers. Its CTFtime weight (80+) reflects strong engagement and quality. Participants praise its mentorship and networking, making it an annual resume booster.

HITCON CTF HITCON CTF, Taiwan’s flagship annual Jeopardy-style event since 2005, hosted by HITCON and CHROOT, runs in August with 48-hour online qualifiers (leading to October finals), attracting 700+ teams worldwide with high-caliber challenges in reverse engineering, web, crypto, and pwn, per hitcon.org rules (teams up to 5, ethical hacking enforced). Its yearly prominence lies in Asia’s growing cybersecurity influence, with live-streamed solves. The prize pool is ~$15,000 USD, with $7,000 for first, plus exclusive swag and conference invites. Known for innovative puzzles, it draws elite teams like PPP. Archives and write-ups fuel ongoing learning, ideal for pros eyeing regional tech roles. Its consistent CTFtime ranking (90+) cements its annual must-play status.

CSAW CTF (NYU) NYU’s Cyber Security Awareness Week CTF has been a fall favorite since 2009, offering free online quals and finals packed with mobile, IoT, and web challenges. The multi-stage event builds team skills over 48 hours. With $15,000 prizes, job fairs, and certifications, it’s engineered for career acceleration—many winners credit it for their first pentest gig.

Huntress CTF Tailored for threat hunters, Huntress’s annual October CTF (free since 2020) dives deep into endpoint security and incident response with 24-hour online scenarios. Beginner-to-pro tiers ensure inclusivity across streams. Gadget prizes and access to Huntress’s MDR community make it a stealthy way to snag ethical hacking paths and resume fodder.

Hack.lu CTF Europe’s Hack.lu conference spawns this free annual online CTF, running since 2005 with Jeopardy challenges in reverse and hardware. October’s 48-hour window draws 500+ teams. The real draw? Embedded talks and mentorship, turning it into a mini-con for streams like forensics, plus swag that doubles as toolkit essentials. (Prize pool: Free entry with swag and toolkit essentials; no cash prizes specified).

CrewCTF TheHackersCrew’s veteran event, CrewCTF, has been dishing free online Jeopardy fun annually since the early 2010s, covering broad streams in a flexible 72-hour format. It’s community-driven, with writeup bounties and Discord hangs. Low-pressure vibes yield high learning—past participants often parlay it into open-source contribs. (Prize pool: Free entry with writeup bounties; no cash prizes specified).

N1CTF A rising star since 2020, N1CTF’s free November online bash targets intermediates with crypto and web-heavy challenges over 48 hours. Small but mighty (20+ teams), it shines in detailed feedback loops. Perks include swag and progression tracking, ideal for chaining skills toward advanced events like DEF CON. (Prize pool: Free entry with swag; no cash prizes specified).

SECCON CTF Japan’s SECCON, annual since 2011, wraps the year with free online quals in December, spanning all streams in a high-energy 24-hour sprint. With 30+ teams and ties to the IPA (Japan’s cybersecurity agency), it offers cert pathways and prizes. It’s a reflective closer, with archives fueling year-round prep for the cycle anew.

BlackHat MEA CyberSecurity Event The Black Hat MEA CTF Final 2025, hosted during the Black Hat Middle East & Africa conference (Dec 2-4, 2025, Riyadh), is a high-stakes Jeopardy-style cybersecurity showdown organized with SAFCSP and FlagYard, drawing 125 prequalified teams (500+ participants) for 48 hours of intense challenges in web, crypto, pwn, reverse engineering, and forensics. Following a 24-hour online qualifier on Sep 7, 2025, it offers a 700,000 SAR (~$187,000 USD) prize pool, with 300,000 SAR for first, plus certifications and elite networking. This event, set amid 45,000+ attendees and 250+ hours of briefings, bridges academia and industry, fostering innovative defenses and career-defining connections.

ASIS CTF Final ASIS CTF Final, a globally revered annual Jeopardy-style event since 2013, hosted by Iran’s ASIS academic team, concludes in December with a 24-hour online showdown for 50 pre-qualified teams (post-September quals), featuring research-grade challenges in malware analysis, network security, and crypto. Fully remote, it draws 1,000+ participants in quals, with finals focusing on team strategy (1–5 players, per asisctf.com rules). As a yearly fixture, it bridges academia and industry, emphasizing ethical hacking and detailed write-ups. The prize pool exceeds $5,000 USD, with $3,000 for first, plus swag and certs, boosting winners’ profiles. Its perfect CTFtime weight (100) reflects massive engagement and rigorous puzzles. Competitors value its Discord community and recruiter ties, cementing its status as an annual career springboard.