CTF Rulebook | Cyber Security Club

1 Introduction

Welcome to the Cyber Security Club CTF competitions! Capture The Flag (CTF) is a competitive cybersecurity challenge where participants solve security-related problems to capture "flags" - special strings that prove successful completion of a challenge.

Our CTF competitions are designed to provide hands-on experience in various domains of cybersecurity including web exploitation, cryptography, reverse engineering, forensics, binary exploitation, and more.

Competition Philosophy

Our CTF events emphasize learning, skill development, and ethical hacking practices. We aim to create a fair, educational, and enjoyable experience for all participants regardless of skill level.

Competition Types

Weekly CTF: Short format competitions (3-5 hours) held weekly for continuous practice
Monthly CTF: Extended competitions (6-8 hours) with more challenging problems
Special Events: Annual flagship competitions and collaborative events with other institutions

2 Eligibility & Registration

2.1 Eligibility Requirements

All registered students of Uttara University are eligible to participate
Participants must be currently enrolled in any undergraduate or graduate program
Club members and non-members are both welcome to participate
Guest participants may be allowed in specific events (will be announced)

2.2 Registration Process

Register on the CTF platform at: ctf-cybersecurity-club-uttara.duckdns.org
Use your university email address for registration
Complete your profile with accurate information
Choose to compete as Solo or Team
If team mode: Create a new team or join an existing one
Read and accept the code of conduct

2.3 Participation Mode

Solo Players: Compete individually and earn points for yourself
Team Players: Form teams of 2-4 members and collaborate together
You can choose your preferred mode during registration
Team formation deadline: 24 hours before competition start
Teams need one person as captain for official communications
Once competition starts, you cannot switch between solo/team mode

Important

Late registrations may not be accepted. Register early to ensure your spot in the competition!

3 Competition Format

3.1 Jeopardy-Style Format

Our CTF competitions follow the Jeopardy-style format where:

Challenges are organized by category and difficulty
Each challenge contains a flag (format: CSC{flag_text_here})
Participants solve challenges independently and submit flags
Points are awarded for correct flag submissions
Scoreboard updates in real-time

3.2 Challenge Categories

Category	Description
Web Exploitation	SQL injection, XSS, CSRF, authentication bypass, etc.
Cryptography	Classical ciphers, modern encryption, hash cracking, etc.
Reverse Engineering	Binary analysis, decompilation, malware analysis
Forensics	File analysis, memory forensics, network packet analysis
OSINT	Open source intelligence gathering and research
PWN/Binary Exploitation	Buffer overflow, ROP, format string vulnerabilities
Miscellaneous	Steganography, programming, puzzle-solving

3.3 Competition Timeline

Pre-Competition: Registration, team formation, rule review
Competition Start: Platform opens, challenges become accessible
Active Period: Participants work on challenges
Final Hour: Last chance to submit solutions
Competition End: Platform closes, no more submissions accepted
Verification: Organizers verify results and detect any violations
Announcement: Winners announced and prizes distributed

Time Management

All times are in Bangladesh Standard Time (BST/GMT+6). Make sure to check the exact start and end times for each competition.

4 Scoring System

4.1 Point Distribution

Challenges are assigned points based on difficulty:

Difficulty Level	Base Points	Description
Beginner	50-100	Basic concepts, suitable for newcomers
Easy	100-200	Fundamental techniques required
Medium	200-400	Intermediate skills and creativity needed
Hard	400-600	Advanced techniques and deep knowledge
Expert	600-1000	Extremely challenging, multi-step solutions

4.2 Dynamic Scoring

Some competitions may use dynamic scoring where:

Points decrease as more teams solve a challenge
First blood (first solve) may receive bonus points
Minimum points threshold is set to maintain fairness

4.3 Tiebreakers

In case of tied scores (for both solo and team categories), winners are determined by:

Total points earned
Time of last successful flag submission
Number of challenges solved
First blood count (if applicable)

4.4 Penalties

No penalty for incorrect flag submissions
Hint usage may reduce points earned (if hints are available)
Rule violations may result in point deductions or disqualification

5 Allowed & Prohibited Actions

5.1 Allowed Activities

Permitted

Using any tools, scripts, or software to solve challenges
Searching online resources, documentation, and tutorials
Collaborating with your team members (if playing in team mode)
Taking breaks during the competition
Asking organizers for clarification on challenge descriptions
Using AI tools for learning and assistance
Writing and sharing writeups after the competition ends

5.2 Prohibited Activities

Strictly Forbidden

Attacking the infrastructure: DDoS, brute-forcing the platform, exploiting CTF system vulnerabilities
Sharing flags: Giving or receiving flags from other players/teams
Unauthorized collaboration: Solo players working together, or teams collaborating with other teams
Flag sharing platforms: Posting or searching for flags on social media, forums, or chat groups
Account sharing: Multiple people using the same account (solo players only)
Automated submissions: Using scripts to brute-force or spam flag submissions
Sabotage: Attempting to hinder other players' or teams' progress
Exploiting competition bugs: Using platform vulnerabilities for unfair advantage (report them instead)

5.3 Resource Usage

Use your own computing resources
Public cloud services are allowed for hosting solutions
Do not overload or abuse provided challenge servers
Respect rate limits on challenge interactions

5.4 Flag Submission

Submit flags through the official platform only
Flag format must match the specified format (usually CSC{...})
Flags are case-sensitive unless stated otherwise
Submit the complete flag including prefix and suffix

6 Code of Conduct

6.1 Ethical Behavior

All participants are expected to:

Demonstrate respect, integrity, and sportsmanship
Compete fairly and honestly
Respect fellow competitors and organizers
Follow all competition rules and guidelines
Report any issues or violations immediately

6.2 Respectful Communication

Be courteous in all interactions (Discord, platform chat, in-person)
No harassment, discrimination, or offensive behavior
No spamming or flooding communication channels
Use appropriate language at all times
Help create a positive learning environment

6.3 Academic Integrity

Do not plagiarize solutions or writeups
Credit sources when using others' tools or techniques
Original work is expected from all participants
Past competition solutions may be referenced for learning only

6.4 Reporting Violations

If you witness or experience any rule violations:

Contact competition organizers immediately
Provide specific details and evidence if available
Do not take matters into your own hands
All reports will be investigated confidentially

Zero Tolerance Policy

We maintain a zero-tolerance policy for cheating, harassment, and unethical behavior. Violations will result in immediate disqualification and may affect future participation privileges.

7 Prizes & Recognition

7.1 Awards

Top 3 Solo Players: Certificates, prizes (when applicable), and public recognition
Top 3 Teams: Certificates, prizes (when applicable), and public recognition (shared among team members)
Category Winners: Recognition for best performance in specific categories
First Blood Awards: Special recognition for first solves (when applicable)
Participation Certificates: All participants receive certificates of participation

Leaderboards

Solo players and teams are ranked on separate leaderboards to ensure fair competition.

7.2 Prize Distribution

Winners announced within 24 hours of competition end
Prizes distributed during award ceremony or club events
Valid student ID required for prize collection
Prizes are non-transferable

7.3 Leaderboard & Recognition

Final standings published on club website and social media
Top performers featured in club newsletter
Outstanding performance may lead to club leadership opportunities
Cumulative rankings maintained across multiple competitions

Additional Benefits

Top performers may receive invitations to advanced workshops, mentorship opportunities, and recommendations for cybersecurity internships and competitions.

8 Disputes & Appeals

8.1 Dispute Resolution

If you have concerns about competition conduct or results:

Submit a formal appeal via email within 24 hours of competition end
Provide evidence supporting your claim (screenshots, logs, timestamps)
Describe the issue clearly and objectively
Wait for review - organizers will investigate within 1 hour
Accept decision - organizer decisions are final

8.2 Technical Issues

Report platform issues immediately during competition
Backup your solutions and progress regularly
Technical difficulties may result in time extensions (at organizer discretion)
No compensation for personal hardware/internet failures

8.3 Challenge Disputes

If a challenge appears broken or unsolvable, notify organizers
Broken challenges may be fixed, removed, or have points adjusted
Announcements made for any challenge modifications
Already submitted solutions remain valid unless otherwise stated

8.4 Final Authority

The Cyber Security Club, Uttara University organizing committee reserves the right to:

Make final decisions on all disputes and appeals
Modify rules if necessary for fairness
Disqualify participants for rule violations
Cancel or postpone competitions due to unforeseen circumstances

CTF Competition Rulebook

Table of Contents