UKK (FI) ›


What is Generation Z Hack Challenge about?

Generation Z Hack Challenge is an annual campaign with an aim to lower the threshold for anyone interested in testing their hacking skills in a safe environment. The challenges are created together by a group of Finnish information security specialists

The initiative started in 2020 and the first infosec challenge campaign was announced in 2021.

Gen Z Hack is organized by a wide network of volunteers from different Finnish cybersecurity companies, government officials and information security experts who all share a passion for cybersecurity. Gen Z Hack aims to give anyone interested in testing their skills the opportunity and platform to make their skills known with a possibility to even find themselves working in some of the entities involved; who knows!

What is a CTF?

CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage.

Who is allowed to take part in the challenge?

There are no age limits but the prizes are available only for people aged 15 to 25. Also the participation in the European Cyber Security Challenge, arranged by ENISA, is allowed only for persons aged 15 to 25

I’m interested in testing my hacking skills. Where do I start?

The great thing about hacking is that no one can ever be 100% perfect at it. As long as you stay curious, like to know how things work and like to try out stuff, you’re all good.

Great places to start are e.g. HacktheBox or TryHackMe, both offering hands-on hacking for all skill levels.

Hey I’m finished with all of the challenges already. What next?

Cool! We’ve listed all the most interesting CTF’s on our Discord server’s #crowdsourcelinks channel. Go check them out!

My friends are not that interested in the CTF’s or cybersecurity in general. I’d like to meet new people with similar interests for cybersecurity. Where can I do that?

Try joining our communities on Discord! There you’ll find servers for Testausserveri, Gen Z and Helsec, where anyone interested in all things cyber can join.

Are there any local communities in my city where I can start networking with like-minded people?

We have the CitySec community meaning that (almost) each city has their own, loca CitySec.

Where can I find information about the Gen Z Challenge’s progress?

The official communication channels are Gen Z Discord and on our official Instagram.

I feel like my thing is in cybersecurity. How can I get into the industry?

OMG yaaas! We suggest you take your time to find out about different places where you can learn more about the field. There is no right way to get into the field but as long as you have the motivation and the correct mindset, you’re already on the right path! And don’t think about the technical skills too much; the field is so much more than all the technical stuff as all kind of skills are needed.

If there’s something you’d like to know more about, just ask; we are here to help and give you guidance!

Why do different organizations and government officials support young adults to hack?

Cybersecurity plays an important part no matter whether you’re working in a stock listed company or public sector; it’s there, in our daily personal lives, part of a modern society in the digitized world.

We in the Generation Z Hack network feel that by offering our youngsters a chance and the possibility to start learning hacking skills in a safe environment, we can make a difference on how the future workforce will look like in 10 years. By showing how collaboration makes all the difference, we also hope to spark the same kind of mindset for the future information security specialists..

Is it illegal to hack?

The illegality of the hacking depends very much on the used methods, purpose and the target. The same principles affect e.g. whether you’re trying to exploit a vulnerability you noticed on an online website or break into someone’s email account guessing their password or by knowing the password and logging in to the account. Both are considered as security breaches, which is a punishable act according to the Finnish criminal law. The Finnish criminal law has over 26 types of crime categorized as cybercrime.

Esimerkiksi toisen henkilön käyttäjätilille murtautuminen salasanan arvaamalla tai sitä hyödyntämällä on tietomurto, joka on Suomen rikoslain mukaan rangaistava teko. Erilaisia kyberrikosnimikkeitä rikoslaista löytyy kaikkiaan yli 26 kappaletta.

You can read more about the different types of cybercrime from the Police of Finland’s website here.

Vulnerabilities vs. mindset

There are a lot of different types of vulnerabilities in the networks for anyone to find and exploit. Trying out the level of security by yourself entails a lot of risks which can lead to a criminal punishment.

It is important to understand our own responsibility to communicate any findings forward before they can be exploited severely by someone else. Keeping a good, ethical mindset is a crucial part when hoping to become a future information security specialist some day.

The best way in general to make sure your hacking is legal is to try out your skills on the platforms provided to serve the purpose. Anything that can improve the state of security is considered as an important piece of information and can -in the best cases -even lead to a monetary compensation to express the gratitude of informing about a finding.

Tips from us

  • Whenever you’re not sure about something being legal, don’t do it.
  • If there’s a vulnerability in question, make sure the owner of the platform/service/National Cyber Security Center Finland, also known as NCSCFI. You can inform about the vulnerability to the NCSCFI via email They offer you support and guidance about the handling of the vulnerability.
  • Do not share information about the found vulnerability in public without permission. It is the service provider’s responsibility to announce and inform of any found vulnerability (Responsible Disclosure)