Security Fest CTF

Packets do not lie.

Join the Discord!

Overview

  • Format: Jeopardy-style CTF
  • Team Size: No limit! Everyone is welcome to participate.
  • Flag Format: sfctf{...}
  • Duration: 10:30 CEST 28/5 — 12:30 CEST 29/5

Rules of Engagement

  • No automated scanning tools: They are unnecessary and place unwanted stress on infrastructure.
  • Do not attack or disrupt the CTF platform or infrastructure.
  • Do not share flags, solutions, or hints with other teams before the event officially ends. Feel free to discuss everything after the CTF!
  • We reserve the right to disqualify teams that go against good conduct.
  • When in doubt, DM or ping @Communication on Discord. Be nice and have fun!

Anti-LLM / AI Policy

LLMs have become too good at solving CTFs, meaning the machines are the ones doing the learning rather than the players. This destroys the spirit of friendly competition. To keep things fair and educational, players are not allowed to use LLMs to solve challenges. This applies to all challenges unless the challenge description specifies otherwise.

  • Rule of Thumb: You are strictly forbidden from feeding any challenge files or parts of challenge files into an LLM.
  • Agentic Tools: Autonomous tools such as Codex, OpenCode, and Claude Code are completely banned, including their use for implementing helper scripts.
  • Web Interfaces: You are permitted to use the web interface of an LLM to generate standard, standalone code snippets for you.
  • General Questions: You may ask LLMs generic concept questions (e.g., "What is the purpose of the python package Flask?"), provided it doesn't bypass the spirit of these rules.

⚠️ When in doubt, reach out to the CTF organizers on Discord before proceeding!