Tuwaiq Academy
REGISTER NOW
PART OF Black Hat Middle East & Africa · 2026

CAPTURE
THE FLAG

THE WORLD'S LARGEST CTF

The world's largest cybersecurity competition, hosted within Black Hat Middle East & Africa 2026 in Riyadh. Compete among the world's top cybersecurity talent.

CAPTURING…

Compete Among the World's Top Cybersecurity Talent

At Black Hat Middle East & Africa 2026 in Riyadh, elite cybersecurity professionals, students, and aspiring researchers take on advanced challenges that test real-world skills in vulnerability discovery, system analysis, and offensive and defensive security.

From the world-renowned CTF Championship to the Junior Bug Bounty Challenge and the Bug Bounty Platform Cup, participants compete at the highest level while showcasing their expertise, innovation, and problem-solving.

750+
PARTICIPANTS
150
TEAMS
3
COMPETITIONS

The Activities

MAIN EVENT

Capture The Flag
(CTF)

A global cybersecurity competition featuring a wide range of technical challenges. Officially recognized by Guinness World Records as the world's largest CTF competition.

EXPLORE CTF →
790K+
AGES 14–17 02

Junior Bug Bounty Challenge

An international cybersecurity competition for young participants focused on vulnerability discovery and developing technical skills.

LEARN MORE →
SAUDI NATIONALS ONLY 03

Bug Bounty Platform Cup

A specialized competition for partner organizations and security researchers to identify vulnerabilities in real-world systems and applications.

LEARN MORE →
CAPTURE THE FLAG 2026

The Ultimate Cybersecurity
Championship

The flagship competition of Black Hat Middle East & Africa — where the world's elite teams converge to prove their skills.

REGISTER YOUR TEAM →
#1

World's Largest CTF Competition

Officially recognized by Guinness World Records.

MEA

The Region's Premier Cybersecurity Event

Hosted within Black Hat Middle East & Africa 2026.

150

Elite Finalists

Only 150 teams earn a place in the live finals from thousands of competitors worldwide.

Grand Prizes

Winner Podium

TOP 5 OVERALL TEAMS
790,000+
· IN TOTAL AWARDS
4
4TH PLACE
60,000
2
RUNNER-UP
200,000
1
CHAMPION
300,000
3
THIRD PLACE
100,000
5
5TH PLACE
40,000

Local Team Awards

EXCLUSIVE TO KSA-BASED TEAMS
90,000+
· IN TOTAL AWARDS
01 LOCAL
Top Local Team TOP LOCAL
40,000
02 LOCAL
Second Local Team SECOND LOCAL
30,000
03 LOCAL
Third Local Team THIRD LOCAL
20,000

The Competition in Numbers

RIYADH · KINGDOM OF SAUDI ARABIA
Dotted map of the Kingdom of Saudi Arabia with Riyadh highlighted
Riyadh
RIYADH
LIVE · ON-SITE FINALS 24.71°N · 46.67°E
15 Online Challenges
40 On-Site Challenges
3 Days of Live Competition
750+ Participants
150 Teams from Around the World

Competition Structure

Two stages. One mission. From global online qualifiers to the ultimate on-site showdown in Riyadh.

01 STAGE
15 CHALLENGES

Online Qualification Round

A 24-hour global competition designed to identify and qualify the top 150 teams for the finals.

24 HOURS GLOBAL TOP 150 QUALIFY
02 STAGE
40 CHALLENGES

Riyadh Finals (On-Site)

A three-day on-site competition featuring progressively advanced cybersecurity challenges across multiple difficulty levels, from beginner to expert.

3 DAYS RIYADH BEGINNER → EXPERT
COMPETITION DETAILS
PLATFORM
Flag Yard
CHALLENGE FORMAT
Jeopardy
TEAM COMPOSITION
3–5 Members per Team

The Road to the Challenge

Five milestones stand between registration and the winner's podium.

01

Registration

3 JUN – 29 AUG

Register and join the competition.

02

Registration Closes

29 AUG

Final deadline for team registration and participation.

03

Online Qualifiers

29 AUG

A 24-hour global competition featuring 15 challenges. Teams compete for a place among the top 150 finalists.

04

Riyadh Finals (On-Site)

1–3 DEC

The Top 150 teams qualify for the Riyadh Finals, featuring 40 on-site challenges over 3 days, with progressive difficulty levels ranging from beginner to expert. Teams consist of 3–5 members.

Champions

3 DEC

Winners will compete for prizes exceeding 790,000.

Choose Your Challenge

Six categories. Real-world challenges.

01

Web Exploitation

Break authentication, exploit injection flaws and bypass server-side logic.

02

System Exploitation (Pwn)

Smash the stack, build ROP chains and gain remote code execution.

03

Digital Forensics

Carve artifacts from memory dumps, network captures and disk images.

04

Reverse Engineering

Disassemble binaries and decode the logic hidden inside compiled code.

05

Cryptography

Crack weak ciphers, exploit broken implementations and recover hidden keys.

06

AI Systems Hacking

Probe and exploit machine-learning systems, prompts and model pipelines.

The World's Largest CTF Starts Here

Build Your Team. Take the Challenge.

REGISTER NOW →
AGES 14–17

Junior Bug Bounty Challenge 2026

Level Up Your Skills and Make Your Mark in Cybersecurity

A global cybersecurity competition designed for young talents aged 14 to 17, providing participants with hands-on experience in vulnerability discovery and cybersecurity research.

The competition offers opportunities to qualify for major cybersecurity events and rewards outstanding participants with recognition and incentive prizes.

REGISTER AND COMPETE NOW →
GRAND PRIZES
27,500 in Total Awards
1ST PLACE 10,000
2ND PLACE 7,000
3RD PLACE 5,000
MOST CRITICAL VULN 3,000
BEST REPORT 2,500
SAUDI NATIONALS ONLY

Bug Bounty Platform Cup 2026

Find Vulnerabilities. Make a Real-World Impact.

A competition that connects organizations with cybersecurity researchers to discover and responsibly report vulnerabilities, helping strengthen digital security through a structured and rewarding framework.

REGISTER NOW →
GRAND PRIZE
300,000
Bug Bounty Platform Cup Award

Organized By

Tahaluf

Hosted By

Saudi Federation for Cybersecurity, Programming and Drones Tuwaiq Academy
Tuwaiq Academy
PART OF Black Hat · 2026

CAPTURE
THE FLAG

WORLD'S LARGEST CTF

The world's largest cybersecurity competition, hosted within Black Hat Middle East & Africa 2026 in Riyadh. Compete among the world's top cybersecurity talent.

REGISTER YOUR TEAM → DOWNLOAD GUIDELINES
CAPTURING…

Compete Among the World's Top Cybersecurity Talent

At Black Hat Middle East & Africa 2026 in Riyadh, elite professionals, students, and aspiring researchers take on advanced challenges that test real-world skills in vulnerability discovery, system analysis, and offensive and defensive security.

From the world-renowned CTF Championship to the Junior Bug Bounty Challenge and the Bug Bounty Platform Cup, participants compete at the highest level.

750+
PARTICIPANTS
150
TEAMS
3
EVENTS

The Activities

MAIN EVENT

Capture The Flag
(CTF)

A global cybersecurity competition featuring a wide range of technical challenges. Officially recognized by Guinness World Records as the world's largest CTF competition.

EXPLORE CTF →
790K+
AGES 14–17 02

Junior Bug Bounty Challenge

An international cybersecurity competition for young participants focused on vulnerability discovery and developing technical skills.

LEARN MORE →
SAUDI NATIONALS ONLY 03

Bug Bounty Platform Cup

A specialized competition for partner organizations and security researchers to identify vulnerabilities in real-world systems and applications.

LEARN MORE →
CAPTURE THE FLAG 2026

The Ultimate Cybersecurity Championship

The flagship competition of Black Hat Middle East & Africa — where the world's elite teams converge to prove their skills.

REGISTER YOUR TEAM →
#1

World's Largest CTF Competition

Officially recognized by Guinness World Records.

MEA

The Region's Premier Cybersecurity Event

Hosted within Black Hat Middle East & Africa 2026.

150

Elite Finalists

Only 150 teams earn a place in the live finals from thousands of competitors worldwide.

Grand Prizes

Winner Podium

TOP 5 OVERALL TEAMS
700K+
SAR TOTAL
1
CHAMPION
300,000
2
RUNNER-UP
200,000
3
THIRD PLACE
100,000
4
4TH PLACE
60,000
5
5TH PLACE
40,000

Local Team Awards

EXCLUSIVE TO KSA-BASED TEAMS
90K+
SAR TOTAL
01
Top Local Team
40,000
02
Second Local Team
30,000
03
Third Local Team
20,000

The Competition in Numbers

RIYADH · KINGDOM OF SAUDI ARABIA
15 Online Challenges
40 On-Site Challenges
3 Days of Live Competition
750+ Participants
150 Teams from Around the World
Dotted map of the Kingdom of Saudi Arabia with Riyadh highlighted
Riyadh
RIYADH
LIVE · ON-SITE FINALS 24.71°N · 46.67°E

Competition Structure

Two stages. One mission. From global online qualifiers to the ultimate on-site showdown in Riyadh.

01 STAGE
15CHALLENGES

Online Qualification Round

A 24-hour global competition designed to identify and qualify the top 150 teams for the finals.

24 HOURS GLOBAL TOP 150 QUALIFY
02 STAGE
40CHALLENGES

Riyadh Finals (On-Site)

A three-day on-site competition featuring progressively advanced cybersecurity challenges across multiple difficulty levels, from beginner to expert.

3 DAYS RIYADH BEGINNER → EXPERT
COMPETITION DETAILS
PLATFORM
Flag Yard
CHALLENGE FORMAT
Jeopardy
TEAM COMPOSITION
3–5 Members per Team

The Road to the Challenge

Five milestones stand between registration and the winner's podium.

01

Registration

3 JUN – 29 AUG

Register and join the competition.

02

Registration Closes

29 AUG

Final deadline for team registration and participation.

03

Online Qualifiers

29 AUG

A 24-hour global competition featuring 15 challenges. Teams compete for a place among the top 150 finalists.

04

Riyadh Finals (On-Site)

1–3 DEC

The Top 150 teams qualify for the Riyadh Finals — 40 on-site challenges over 3 days, beginner to expert. Teams of 3–5 members.

Champions

3 DEC

Winners will compete for prizes exceeding 790,000.

Choose Your Challenge

Six categories. Real-world challenges.

01

Web Exploitation

Break authentication, exploit injection flaws and bypass server-side logic.

02

System Exploitation (Pwn)

Smash the stack, build ROP chains and gain remote code execution.

03

Digital Forensics

Carve artifacts from memory dumps, network captures and disk images.

04

Reverse Engineering

Disassemble binaries and decode the logic hidden inside compiled code.

05

Cryptography

Crack weak ciphers, exploit broken implementations and recover hidden keys.

06

AI Systems Hacking

Probe and exploit machine-learning systems, prompts and model pipelines.

The World's Largest CTF Starts Here

Build Your Team. Take the Challenge.

REGISTER NOW →
SECONDARY 01
AGES 14–17

Junior Bug Bounty Challenge 2026

Level Up Your Skills and Make Your Mark in Cybersecurity

A global cybersecurity competition designed for young talents aged 14 to 17, providing hands-on experience in vulnerability discovery and cybersecurity research.

The competition offers opportunities to qualify for major cybersecurity events and rewards outstanding participants with recognition and incentive prizes.

GRAND PRIZES
27,500 in Total Awards
1ST PLACE 10,000
2ND PLACE 7,000
3RD PLACE 5,000
MOST CRITICAL VULN 3,000
BEST REPORT 2,500
REGISTER AND COMPETE NOW →
SECONDARY 02
SAUDI NATIONALS ONLY

Bug Bounty Platform Cup 2026

Find Vulnerabilities. Make a Real-World Impact.

A competition that connects organizations with cybersecurity researchers to discover and responsibly report vulnerabilities, helping strengthen digital security through a structured and rewarding framework.

GRAND PRIZE
300,000
Bug Bounty Platform Cup Award
REGISTER NOW →

Organized By

Tahaluf

Hosted By

Saudi Federation for Cybersecurity, Programming & Drones Tuwaiq Academy