= DCG Coimbatore CTF — Rules & Regulations
DCG Coimbatore · DCG91422

Rules & Regulations

Capture The Flag — Official Rules
By registering or participating, you acknowledge that you have read, understood, and agreed to abide by every rule listed here. Ignorance of a rule is not a valid defence. Violations may result in immediate disqualification, score forfeiture, and/or a permanent ban from future events.
No LLM / GenAI Policy Strictly Enforced

The Rule

You may not use Generative AI or Large Language Model technology in any form. This includes — but is not limited to — agentic workflows, ChatGPT, Claude, Copilot autocomplete, or any AI-assisted tooling.

Why?

LLM agents can now solve almost every CTF challenge we throw at them. To put it plainly:

"The most competitive strategy to play a CTF is no longer to learn and grind a category — it's to optimise your agentic workflow."

Beginners stop learning when they see teams one-shot challenges with AI. Authors stop creating when an intricately designed challenge — the little taunt, the decoy flag, the leet speak that rewards a player's effort — gets solved in zero effort by a machine. We make challenges for humans.

Why not just require write-ups or make harder challenges?

We want to build a community based on trust, not surveillance. We also don't have the resources to make every challenge un-one-shottable. This rule is the simpler, fairer solution.

Enforcement

Warning System

If we catch you using an LLM, you'll receive one warning. A second offence results in an immediate ban. We rely on team honesty — but we will act if we find a violation.

Our community has always been built on trust.

We trust that you won't cheat. That you're here to have fun.

That you believe in the future of CTFs. That you love this community.

You don't need an LLM to solve these challenges. We want you to learn.

01 Eligibility & Registration
  • Open to all skill levels — students, professionals, and enthusiasts.
  • One account per participant; one team per participant. No account sharing or team switching.
  • All registration details must be accurate. Falsification = disqualification.
  • Organizers, challenge authors, and contributors may not participate.
  • Use the same email throughout registration, the competition, and post-event communication.
  • Teams must be created by the designated team leader on the day of the event. Members join via team credentials. Duplicate team creation is prohibited.
02 Conduct & Communication
  • Treat all participants, volunteers, and organizers with respect at all times.
  • Social engineering organizers or staff for hints or access is prohibited.
  • All support requests must go through the official Discord by raising a support ticket.
03 General Rules
  • Flag format: DEFCON{...} unless otherwise specified.
  • No public sharing of write-ups, solutions, or flags during the event.
  • Organizers have final authority on all decisions and rule interpretation.
  • Rules may be updated at any time; changes take effect immediately upon announcement.
  • Infrastructure attacks, flag sharing, and fraud may result in permanent bans. Ban
04 Fair Play
  • No collaboration, hint sharing, or solution exchange outside your registered team.
  • Only registered team members may contribute — no outside assistance.
  • Teams from the same institution must remain fully independent.
  • Sharing flags with other teams is an immediate disqualification. Ban
  • All found flags must be submitted within 15 minutes of discovery.
  • Organizers may ask you to explain your solution at any time. Refusal may result in disqualification.
05 Technical Boundaries
  • Stay within the intended scope of each challenge. Do not modify or delete challenge files.
  • No attacks against platform infrastructure — DDoS, brute-force, scanning, etc. Ban
  • Do not disrupt shared environments by deleting files or crashing services.
  • No network sniffing or Man-in-the-Middle attacks to steal flags.
  • Provided infrastructure is for challenges only — no crypto-mining or external scanning.
  • No unauthorized physical devices or hardware tampering (on-site).
  • OSINT challenges must not involve contacting or harassing real individuals or organizations.
06 Prizes & Verification
  • Only rule-compliant participants are eligible for prizes.
  • Participation certificates will be emailed to all eligible participants after the event.
  • Winners may be asked to verify identity and explain their solutions.
  • Violations discovered after the event still result in disqualification and prize forfeiture.
  • All winning teams must be present at the prize ceremony on 18 April 2026. Absence forfeits the prize to the next team on the leaderboard.
07 Accommodation & Logistics
  • Accommodation and transport are not provided. Participants arrange their own.
  • Nearby hotels: Super Collection O, Flagship Hotel Wonder Paradise, PPH Living Athithi Inn, MRM Residency, Hotel Jothi Grand.
  • Food and refreshments are not provided.
  • Overnight stays at the venue are not permitted.
08 Legal & Compliance
  • All activities must remain within legal boundaries. Actions outside CTF scope are subject to cybersecurity and computer misuse laws.
  • Participant data is used solely for event purposes and will not be shared except as required by law.
  • The event may be recorded or streamed. Participation implies consent.
  • DCG Coimbatore, NerdLabs, and OWASP SREC are not liable for any damages or legal consequences arising from participant actions.
Questions? Reach us at admin@dcg91422.org or defconcoimbatore@gmail.com
By registering, you confirm that you have read, understood, and agreed to these rules in full.