Frequently Asked Questions

  • What is a CTF? CTF stands for "Capture The Flag." It's a cybersecurity competition where participants solve a series of challenges to find a "flag" hidden within. Submitting the correct flag will earn your team points. The team with the highest score wins!

  • When and where is the CTF? The CTF runs from October 31st, 12PM to November 2nd, 12PM Eastern Time. This CTF will be held online, on this website and on our Discord server. There may be an in-person meeting during a portion of the day; however, you do not need to attend, and you'll still be participating entirely online.

  • Who can participate? SpookyCTF is open to everyone, regardless of your background. Whether you're a student, professional, or from outside the US, we welcome you to participate.

  • Is there a fee to participate? No, the event is completely free for all.

  • What format will flags be in? Unless otherwise specified, the flag format is NICC{}. Only the value between the curly braces {} will change! Example: NICC{th1s_could-b3-a_flag!}

  • What is the team size limit? No limit! There is no maximum team size, so feel free to register as many people on your team as you want.

  • I don't have a team. Can I still participate? Absolutely! You can register as a solo participant; just register a team for yourself. You can be the only member in a team and still participate.

  • What software should I have installed? There's no single required set of tools, but we highly recommend having a Linux distribution (like Kali Linux or Parrot OS) running either natively or in a virtual machine (like VirtualBox or VMWare). These come pre-loaded with many common security tools. Otherwise, having tools like nmap, Wireshark, Ghidra, and your choice of a text editor will be very helpful.

  • What kind of challenges will there be?

    • OSINT: Open-Source Intelligence, test your ability to find and connect information from public sources.
    • Web Exploitation: Finding vulnerabilities in websites.
    • Binary Exploitation: Finding memory corruption bugs to take control of a program.
    • Cryptography: Decrypting messages and breaking codes.
    • Forensics: Investigating files, network traffic captures, and disk images.

  • How does scoring work? Our challenges are using dynamic scoring, where the point value decreases as more teams solve it. The leaderboard will update in real time.

  • How do I submit a flag? You will submit flags through the SpookyCTF website. Just log in, navigate to the challenge, and enter the flag into the submission box. Do not post flags in Discord!

  • What happens if I share flags or solutions? Sharing flags or detailed solutions with other teams is considered cheating and is strictly prohibited. Your team may be disqualified if you are caught doing so. You are free to post write-ups after the event!

  • Are hints available? Yes, hints may be released by certain challenges if you are getting stuck. Using a hint may result in a small point deduction for that challenge.

  • What is the scope of the CTF? Unless we specify that you need to go to another website to find the answer, you'll find everything here! Try to limit your scope of the SpookyCTF website and Discord. EXCEPTION: OSINT challenges will likely need the use of external websites.

  • What websites can I not use for OSINT? OSINT challenges will not require you to use restricted websites, such as .mil websites or paywalled websites.

  • Are there any rewards? TBD. Sp00ky memes are rewarded sometimes.

  • What do I do if I'm stuck or having issues? Talk with us! Feel free to open a ticket with us on our Discord server, and we'll work with you. We can't give you any extra hints, but we can point you in the right direction or help you process. If the challenge appears broken, you can also open a ticket for this, and we'll work to fix it!