Insomni'hack hosts two main security-related contests: a traditional attack-oriented jeopardy-style CTF, as well as the defence-oriented Splunk Boss Of The SoC. In addition to those and as a prequel to the CTF, an online Teaser is organized a couple of months before the event.

CTF Teaser (online)

The CTF Teaser is traditionally held around 2 months before the main event. As usual, the exact dates and any additional information will be provided through our Twitter account.

The Teaser's Top 3 teams will receive free accommodation (hotel, 2 nights) in Geneva in order to participate at the onsite CTF as well as free entrance for Insomni'hack conference.

CTF (onsite)


The main Insomni'hack CTF contest - one of the largest onsite CTFs in the world - is held on the last day of the conference (Friday). It starts shortly after the end of the talks and extends through the night until 4 AM. Teams are limited to 8 participants, onsite only. Participation to the CTF is free of charge, however due to the limited number of available seats (approx. 500), prior registration is required.

Student teams from technical schools and universities are welcome to the onsite CTF. They will benefit from a dedicated ranking in order to compete against each other. Each school team is also limited up to 8 players (including a maximum of 2 professors/teaching assistants).

Please contact ctf [at] for additional details or questions.

Practical information

Source code, resources and some solutions from previous editions challenges can be found on our GitHub repository.

For the onsite event, make sure to bring power adapters and outlets, as well as a network cable for each participant.


As crypto-currencies can't be trusted, we provide real, old-fashioned silver for the top 3 teams.

The top 3 student teams will receive dedicated prices and swag.

Boss Of The SoC (onsite)

Starting from 2018, Insomni'hack is also the host of the Splunk Boss of The SOC (BOTS) contest.

BOTS is a blue-team CTF where participants use Splunk - and other tools - to answer a variety of questions about security incidents that have occurred in a realistic but fictitious enterprise environment. It's designed to emulate how real security incidents look like and the type of questions analysts have to answer. You’ll be endorsing the role of an incident responder, facing down an adversary at all stages of an attack.

The event takes place on the Thursday and lasts approximately 4 hours. You will play in a team of 1-4 people and compete against other participants. Each team is presented with a list of questions of varying difficulty through an automated BOTS scoring server. Each correct answer will be rewarded with an amount of points proportional to the question's difficulty. All questions require you to use Splunk to search, but not all questions can be answered without the help of other open source intelligence resources. Just like in the real world.

So what's next?

You don’t know Splunk yet? No problem! Check out "Hunting with Splunk: The Basics", which has been created specifically to prepare teams for what they will face in BOTS.