Rules

Sieberrsec CTF is a beginner-focused competition aimed at introducing newcomers and people with a passion for hacking to cybersecurity. Participants are expected to compete fairly, learn actively, and respect the spirit of the competition.

General Rules

Do not attack the infrastructure. This includes using tools that may cause undue strain on server resources, such as dirbuster or similar tools.
Do not discuss sensitive challenge details or solutions during the CTF.
Do not share flags publicly or privately.
Do not ask other teams for help, hints, flags, or solutions.
If you are approached by another team for flags, hints, or solutions, please report it privately to an admin.
Getting external help, including posting on Reddit, Stack Overflow, asking friends, family members, or other third parties, is not allowed. Reading existing Reddit or Stack Overflow posts is allowed.
The maximum team size is 4.
Participants may only be a member of one team.
Do not attempt to switch teams during the competition to subvert team size or membership rules.
Do not attempt to social engineer, blackmail, threaten, or harass the admins, organisers, sponsors, or other participants.
Do not attack anything beyond the scope of the challenges.
Admins reserve the right to update the rules at any time.
In the event of suspicious activity, admins reserve the right to call participants up for an interview and/or request participants to share their screen at any time during or after the competition.
Admins reserve the right to review actions and investigate suspicious activity for up to 1 week after the competition.
Violation of any of the aforementioned rules will result in immediate disqualification.

AI Usage Policy

Note: This only applies to Secondary School and Pre-University categories. There are no AI usage restrictions imposed for Open category teams.

The recent increased usage of LLMs in CTFs goes directly against the beginner-focused methodology of Sieberrsec CTF, as it risks turning CTFs into pay-to-win competitions. As such, SCTF 7.0 will be imposing a full ban on Agentic AI, as well as restrictions on the use of LLMs during the competition.

Qualifiers

Agentic AI, including tools such as Codex, Codex Web, Claude Code, and similar agentic tools, is fully banned.
Web-based LLMs are still allowed.
Participants are expected to demonstrate understanding of their solutions.

Enforcement Guidelines

All participants are required to be online within 15 minutes of solving a challenge for a possible interview.
During an interview, participants will be required to share their screen.
To ensure that interviews do not significantly impact a team's solving speed, each team will be limited to a maximum of 3 interviews over the course of Qualifiers.
We will only interview teams that have warranted sufficient suspicion for cheating.
There will be random interviews after the end of Qualifiers for participants who are in the top 15 teams for each category.
There will also be interviews at the end of Finals.
During interviews, participants are expected to be able to live solve the same challenges with slight modifications, such as a binary exploitation challenge with a different buffer length or a web challenge with changed endpoints.
We will be monitoring network traffic, including interactions with challenge instances and the CTF platform, to flag suspicious behaviour.
Flag hoarding is banned for Qualifiers.
There will be proctoring during Finals. Participants will not be allowed to play remotely during Finals.
There will be interviews after the end of Finals and before the prize ceremony.

The organisers reserve the right to disqualify anyone at their own discretion.

Help and Clarifications

If participants have any questions about the rules, please ask the admins in the appropriate general channel or open a ticket.

When asking an admin for clarification during the competition, please provide sufficient context. Repeated offences may be considered spam and a form of Denial-of-Service on competition infrastructure, as having to repeatedly prompt participants to elaborate leaves admins with less time to address other queries.

Lastly, have fun, learn something new, and enjoy the CTF.

sctf{sctf{gullible}}