Slug Security is looking for dedicated participants for this school year’s MITRE Embedded Capture the Flag (eCTF) competition.

What is eCTF?: Design secure firmware in the Design Phase, then break other teams’ systems in the Attack Phase. More details on the eCTF website & 2026 flyer (PDF)

You’ll get hands-on experience with:

• Writing secure, low-level code for bare-metal microcontrollers with tight resource constraints
• Understanding and applying hardware security (side-channel, fault injection) — defense & offense
• Memory-safe paradigms
• Tooling across hardware fab, reverse engineering, and debugging

Why join?: This competition is not easy, but the payoff is huge. UCSC placed 2nd out of 60 in 2023 and 15th out of 187 in 2025! Multiple previous eCTF participants got jobs/internships in large part due to their eCTF experience, even at non-hardware companies, such as Google, X, and Tesla.

Time commitment: During winter quarter 2026, participants would need to commit 5–10 hrs/week minimum.

Preferred background (nice-to-have, not required):

• Rust or C experience
• Experience with Cryptography, have taken CSE 108 and 108C
• Any embedded dev: Arduino / ESP32 / Raspberry Pi (etc.)
• Have at least taken CSE 12 and CSE 13s; preferably CSE 130 and CSE 120, and optionally CSE 121 or CSE 134, as well as ECE 13, ECE121
• Personal software/hardware projects beyond coursework
• Discord-based tooling to speed up testing and streamline hardware-attack automation

Don’t meet everything above? Apply anyway! Slug Security wants to hear from you.

Apply here via this Google Form. Questions? Email Dominick Rangel at docrange@ucsc.edu