Competition Rules

Official rules for SudoCTF competitions - Effective 2025

Important Notice

Violation of these rules may result in immediate disqualification, account suspension, or permanent ban from the platform.

General Competition Rules
  1. Individual Participation: Each participant may only register one account per person/device
  2. Team Formation: Teams may consist of 1-4 members maximum
  3. Fair Play: All solutions must be original work by the participant or team
  4. No Automation: Automated flag submission tools or scripts are prohibited
  5. Platform Integrity: Do not attempt to attack the CTF infrastructure
Challenge Submission Rules
  • Submit flags in the exact format specified for each challenge
  • Multiple submissions are allowed, but excessive spam will be penalized
  • First correct submission receives full points
  • Dynamic scoring may apply based on solve count
  • Partial credit is not awarded unless explicitly stated
Team Competition Guidelines
  • Team captains are responsible for team member conduct
  • Only team members may contribute to team challenges
  • Team scores are calculated from all member submissions
  • Teams may collaborate internally but not with other teams
  • Team membership changes during active competitions are restricted
Prohibited Activities
Technical Violations
  • DDoS attacks on platform or challenges
  • Brute force attacks on authentication
  • Exploitation of platform vulnerabilities
  • Reverse engineering platform code
  • Network scanning of infrastructure
Conduct Violations
  • Sharing flags or solutions publicly
  • Account sharing or impersonation
  • Harassment of other participants
  • Coordinating with other teams
  • Using multiple accounts
Scoring and Ranking
  • Points are awarded based on challenge difficulty and solve count
  • Tiebreakers are resolved by earliest submission time
  • Admin users are excluded from public rankings
  • Suspicious activity may result in score review
  • Final rankings are determined by administrators
Challenge Categories
Web Security

XSS, SQLi, CSRF, Authentication bypass

Cryptography

Classical ciphers, Modern crypto, Hash functions

Binary Exploitation

Buffer overflows, ROP chains, Format strings

Reverse Engineering

Assembly analysis, Malware analysis, Protocol RE

Forensics

Digital evidence, Memory dumps, Network analysis

Miscellaneous

OSINT, Steganography, Logic puzzles

Reporting and Appeals
  • Report technical issues immediately through Discord
  • Challenge disputes must be submitted within 24 hours
  • Appeals for rule violations can be submitted to administrators
  • Provide detailed evidence for all reports
  • Administrator decisions are final
Educational Guidelines
  • Use knowledge gained for educational purposes only
  • Practice responsible disclosure for real vulnerabilities
  • Respect intellectual property and licensing
  • Promote ethical hacking principles
  • Mentor newcomers and share knowledge appropriately
Community Values

SudoCTF promotes learning, collaboration, and ethical cybersecurity practices. We encourage participants to challenge themselves, help others grow, and contribute positively to the security community.

Zero Tolerance

We have zero tolerance for malicious attacks on our infrastructure, harassment of participants, or any activity that undermines the educational mission of this platform.