Review of the 2026 FLAG WARS CTF event

Successful CTF 2026 event at the IBM Garage for Defence in Bonn

On 28 March 2026, the IBM Garage for Defense in Bonn once again became the meeting place for the German cybersecurity community: Laokoon Security, together with IBM and CGI, hosted the fourth edition of its Capture The Flag (CTF) event - continuing the success story of a format that has long since established itself as a permanent fixture.

Strong demand and diverse participants

Around 100 participants were selected from over 200 applications to compete against each other in teams of up to four people. The diversity of the participants reflected the breadth of the cybersecurity landscape: students from universities and colleges in Bonn, Cologne, Bochum, Aachen, Esslingen, Munich, Berlin and Hamburg met with representatives from companies, critical infrastructures, authorities and teams from the German Armed Forces. This mix not only made for an exciting competition, but also for an intensive exchange of different perspectives.

20 challenges, 6 hours, maximum focus

Under this year's motto „Flag Wars“ - inspired by the iconic Star Wars saga - a total of 20 challenges had to be solved within six hours. The tasks covered a broad spectrum: from OSINT and forensics, PWN and cryptography to steganography, web security and reversing. Technical expertise, creativity and, above all, teamwork were required.

First-hand insights: cyber operations and real-life cases

Even before the actual competition, the event offered valuable insights into cybersecurity practice. The partner companies presented themselves as potential employers and provided insights into their day-to-day work. Particularly impressive was the presentation by Captain Sven Janssen, commander of the Centre for Cyber Operations. He provided a rare glimpse behind the scenes of the Bundeswehr's offensive cyber capabilities and spoke openly about the emotional dimension of his work. The confrontation with personal data in the context of cyber operations is a particular burden for many operators - an aspect that impressively illustrated the human side of this often technically dominated discipline.

Afterwards, the IBM X-Force in a practical presentation on how OSINT and incident response can be effectively combined. Based on anonymised real cases, it became clear how important the intelligent linking of information is for the successful analysis and defence against attacks.

AI in CTF: between advantage and challenge

Then the actual competition began - and the atmosphere changed abruptly. The teams worked with great concentration to solve the challenges faster and more efficiently than their competitors. One topic became particularly clear: the growing influence of artificial intelligence. Many teams used AI tools as support, but at the same time there was an exciting ambivalence between personal learning success and the pursuit of victory. Ultimately, it became clear that AI alone does not win a competition. Only the targeted use in combination with experience, expertise and creativity unfolds its full potential.

Suspense until the end

The competition developed into a real neck-and-neck race. In the final hour, the scoreboard was frozen - a tried and tested way of keeping the tension high until the very end. The final ranking therefore remained uncertain until the award ceremony. In the end, two teams from Ruhr-Universität Bochum came out on top: „FlutschFingers“ secured first place, closely followed by „FluxFingers“ in second place. Third place went to the team from Paderborn University, while the students and civil servant candidates from the Federal University of Applied Sciences in Brühl also put in a strong performance.

🥇 FlutschFingers (1st place) Team from Ruhr University Bochum
🥈 FluxFingers (2nd place) Team from Ruhr University Bochum
🥉 /upb/hack (3rd place) Paderborn University team

The prize for the winners was a special incentive: each member of the winning team received an on-demand course from the renowned SANS Institute, which once again supported the event and thus made an important contribution to promoting the next generation of cybersecurity experts.

After the competition, the competition quickly became a minor matter. From 6 p.m., the event turned into a lively networking meeting. Over pizza, soft drinks and beer, the participants had a lively exchange about the challenges, current developments in cybersecurity, the labour market and the role of AI. New contacts were made and existing ones deepened - all in the spirit of the community.

Conclusion: An event with a future

The consistently positive feedback clearly shows that the event has not only been well received, but has become firmly established. The combination of demanding technical challenges, professional dialogue and personal networking makes the CTF a special experience. One thing is already clear: next year, Bonn will once again be a centre of attraction for cybersecurity enthusiasts and hackers from all over Germany.

Want to be part of the next one? Follow us for updates and announcements about our cybersecurity events and initiatives. These are also available via our Newsletter.