The long wait is now over as you can finally sign-up and reserve your spot in ISSessionsCTF2021! Registration will close March 20th so make sure to sign up ASAP!

NOTE: Also, keep in mind that you do NOT need a team to register, you can join/create a team after registering (or on a later date). The most important thing now is to sign up and secure your spot! Seats are filling fast, and you do not want to miss this.

Now that ISSessionsCTF is in full swing, it’s time for you to help! We are looking for 4th-year students, Alumni, and Industry Professionals who are willing to spare a few hours on March 27 and/or 28.

Link to sign up as an ISSessionsCTF volunteer:

-> ISSessionsCTF2021 website:
-> Registration Link:
-> FAQs & CTF Info:
-> Survival Kit:
-> Code of Conduct:

Just a few reminders:
-> Event Dates: March 27 from 9 AM – 9 PM EST AND March 28 from 9 AM – 6 PM EST
-> The event is all online
-> Team sizes are 1-4 (though we highly recommend teams of 3-4 students)
-> Participants must be students from a technical program with an information security component at a post-secondary institution in Ontario, Canada
-> Registration will close March 20th

To register for ISSessions CTF 2021, you must be a student from a technical program with an information security component at a post-secondary institution in Ontario, Canada. When completing the registration form, ensure that you use your school email. The platform (CTFd) will reject the form if the email domain is not one of Ontario’s post-secondary schools. If you feel that you have been wrongly rejected, please contact one of the ISSessions Executives to fix it ASAP! is the go-to place for any information related to our CTF. There, you will have access to the “student-package” which is the “General Information” page and “Survival Kit” page. These two pages should act as your reference for any CTF related inquiries; there will also be a FAQ section in the “General Information” page. This website is also where the CTF will take place! You must verify your account and join/create a team before March 20th to ensure your access to the challenges when the time comes and the competition starts!

The FAQ page will be updated frequently to ensure that any questions you may have are answered. If there are any confusions, comments, or questions, feel free to mention them in #issessions-ctf or PM an ISSessions Exec!

And that’s it! Get your teams together, sign-up for ISSessionsCTF2021, and get your game-face ready – it’s going to be a good one!

Code of Conduct – CTF 2018

Code of Conduct

Our goal is to bring the Local InfoSec community together for a conference
about the excitement, joy, and surprise of Information/Cyber Security.

We value the participation of each member of the community and want
all attendees to have an enjoyable and fulfilling experience.
Accordingly, all attendees are expected to show respect and courtesy
to other attendees throughout the conference and at all conference
events, whether officially sponsored or not.

All attendees, speakers, exhibitors, organizers and volunteers at any
event are required to observe the following Code of Conduct. 
Organizers will enforce this code throughout the event. 

The Short Version

ISSessions is dedicated to providing a harassment-free conference
experience for everyone, regardless of gender, sexual orientation,
disability, physical appearance, body size, race, religion, or
anything else. We do not tolerate harassment of conference
participants in any form.

All communication and behaviours should be appropriate for a
professional audience including people of many different backgrounds.
Sexual language and imagery is not appropriate for any conference
venue, including talks.

Be kind to others. Do not insult or put down other attendees. Behave
professionally. Remember that harassment and sexist, racist, or
exclusionary jokes are not appropriate at ISSessions.

Attendees violating these rules may be asked to leave at the sole
discretion of the conference organizers.

Thank you for helping make this a welcoming, friendly event for all.

The Longer Version 

Harassment includes offensive verbal comments related to gender,
sexual orientation, disability, physical appearance, body size, race,
religion, sexual images in public spaces, deliberate intimidation,
stalking, following, harassing photography or recording, sustained
disruption of talks or other events, inappropriate physical contact,
derisive comments regarding technical background, and unwelcome sexual

Participants asked to stop any harassing behavior are expected to comply immediately.

Be careful in the words that you choose. Remember that sexist, racist,
and other exclusionary jokes can be offensive to those around you.
Excessive swearing and offensive jokes are not appropriate for ISSessions

If a participant engages in behavior that violates the anti-harassment
policy, the conference organizers may take any action they deem
appropriate, including warning the offender or expulsion from the

Social Rules

In addition to having a code of conduct as an anti-harassment policy,
we have a small set of social rules we follow. We (actually Max)
learned and lifted these rules from Hacker School, where we felt that
they contributed enormously to a supportive, productive, and fun
learning environment. We'd like ISSessions to share that environment. These
rules are intended to be lightweight, and to make more explicit
certain social norms that are normally implicit. Most of our social
rules really boil down to “don't be a jerk“ or “don't be annoying.” Of
course, almost nobody sets out to be a jerk or annoying, so telling
people not to be jerks isn't a very productive strategy.

Unlike the anti-harassment policy, violation of the social rules will
not result in expulsion from the conference or a strong warning from
conference organizers. Rather, they are designed to provide some
lightweight social structure for conference attendees to use when
interacting with each other. We also believe that if we all learn from
these social rules we can make the infosec community a more positive
and healthy environment for everyonw and we wish to share them with you.

[The social rules](

If you have any questions about any part of the code of conduct or
social rules, please feel free to reach out to any of the conference


If you have any questions about any part of the code of conduct or
social rules, please feel free to reach out to any of the organizers. 

Contact Information 

If you are being harassed, notice that someone else is being harassed,
or have any other concerns, please contact a member of conference
staff (they’re wearing green buttons).

Conference staff will be happy to help participants contact local law
enforcement, provide escorts, or otherwise assist those experiencing
harassment to feel safe for the duration of the conference. We value
your attendance. 


The ISSessions code of conduct is under a [Creative Commons
Zero]( and has been forked from the 
The BSides Toronto Code of Conduct is under a [Creative Commons
Zero]( license. It was forked
from the [!!Con 2014 Code of Conduct]( 
which was forked from the [PyCon 2013 Code of Conduct](, 
which is licensed under a [Creative Commons Attribution 3.0 Unported License](,
and which itself was forked from an [example policy from the Geek Feminism wiki, created by the Ada Initiative and other volunteers](
and available under a Creative [Commons Zero license](

Getting Started with CTF

With the Sheridan CTF 2018 coming up soon we here on the CTF Executive Committee would like to show off what we are working on with a quick demonstration of the platform that will be used for the event.

Here is the login page. Before the event, you will receive the website for the CTF by email. At that point in time, the CTF will still be closed as the event is not until April 7th. On the event day pre-game meeting, you and your team will be given your team’s credentials which is used to represent your team at the CTF. Do not share these credentials with other teams.

When your team is ready, you can begin by clicking the login button on the top right of the page to access the login page:

This is the login page *oooo*. Pretty straightforward. Enter your credentials to enter the gameboard screen.


On the top left you have your leaderboard and announcements. The leaderboard will show the list of all teams so you can sulk in the fact that other teams are going faster than you.


On the announcements page you will see any important announcements that the moderation team might announce. You will receive a notification everytime something important has to be announced. We announce that we promise not to spam this. Promise.


On the right side you can see the list of all teams without their score so you can sulk in the fact they have a fancier team than yours.

Below that is the filters which lets you and your team organize the gameboard based on the categories for the CTF as well as whether you completed the challenge or not.


Now, let’s go over how to do a challenge:

On the gameboard you can click on any available country (highlighted in gray). Clicking on the country will show the challenge description, it’s # of points awarded for completion as well as it’s category:

For challenges that are not related to accessing a network you will be given a file instead. Clicking on the file will download the file to your computer:

From there on it’s up to you to find the flag. The flag is in the format FLAG-2968cb9eee91e0e51e6d24ac219a4dfcc3800e5c (Cryptography puzzles can also be in non-standard formats). Once you find the flag, submit it to the text box below the challenge link and if it is correct your team will be awarded the points!


And that’s how you play in the CTF. The ability to do challenges will be open from the beginning of the event to the closing bell. Remember, flags can be anywhere, it can inside a file, it could be encrypted, it could be hidden, it could even be inside this blog post, it could even be inside YOU.

And most importantly, have fun 🙂

Friendly reminder that the event will be on April 7th starting @ 9AM