Info

General

  • πŸ•°οΈ The competition starts at approx. 11AM CEST (after the signal πŸ“’) and ends at 5PM CEST.
  • πŸ₯‡ A single junior team and senior team are selected as the winners. Winners are selected by collected flag points. In case of an ex aequo the team that obtained the score the earliest will be the winner.
  • 🚩All challenges are released at once. Scoring is dynamic. A single challenge may contain multiple subtasks.

Communication

  • You can ask us any question, we are wearing orange shirts πŸ”Ά and/or Hachimakis.
  • Primary notification channel is on the Notifications tab of the challenge website.
  • If there are any problems, please have your team captain contact the organization.

Code of Conduct

  • You are only allowed to find vulnerabilities in the indicated systems that are part of a challenge.
  • The scoreboard infrastructure and underlying Kubernetes infrastructure are strictly out of scope.
  • While connecting to the network at ROC, you are fully bound by the Code of Conduct of ROC. You are allowed to target the indicated systems that are part of a challenge.
  • Online brute-forcing and automated scanners are NOT allowed unless otherwise indicated. This means you do not need and shouldn't make use of tools like nmap, dirbuster, netsparker, hydra, ffuf, patator, etc.
  • Flag sharing with other teams is not allowed.
  • Flag hoarding is not allowed.
  • Public write-ups are not allowed without the explicit consent of the Challenge the Cyber organization.
  • Outside help, with exception of non-human Internet-based resources, is not allowed and WILL result in direct disqualification. Sharing credentials of this CTF website (CTFd) is not allowed. Connections are monitored.
  • All team members adhere to the criteria as outlined on the CTC website based on your participation bracket: Criteria voor deelname.
  • Non-compliance with the above terms may result in point deductions or entire disqualification.
  • Challenge the Cyber further reserves the right to disqualify any contestant who tampers with, cheats, abuses, or annoys or threatens other contestants or judges in the submission process. Judges' determinations herein are final and binding.

Privacy Policy

  • This policy only applies to this CTF event website.
    To register for this CTF event, you have shared details with the CTC organization. Refer also to the Privacy Policy of CTC.
  • Challenge the Cyber cares greatly about your privacy. We do not collect personal data. Account names and passwords used by participants during this CTF are anonymized. Please refrain from entering any information in the platform that could be considered PII. As we do not collect or process personal data, a full privacy policy statement is not required.
  • As part of this event, we collect metrics of web interactions for metadata analysis. (E.g. how many times did an anonymous user attempt to submit a flag before submitting the correct flag.) There is no limitation to the metrics that are being collected.