Mission Protocol

SecLeaf Q2 CTF 2026 rules and regulatory documentation.

CLASSIFIED // UNCLASSIFIED FOR ACTIVE OPERATIVES
RULE_01

Respect the Competition

Maintain professional conduct and good sportsmanship at all times. Cheating, flag sharing, exploiting unintended vulnerabilities, or attacking the CTF infrastructure will result in immediate disqualification.

RULE_02

Team Operation

This is a TEAM event. Team members must collaborate only within their team. Sharing solutions, hints, or flags with other teams is strictly prohibited. Teams are responsible for all actions from their accounts. Any attempt to disrupt other teams' progress or attack the competition infrastructure will result in immediate disqualification.

RULE_03

Challenge Integrity

All challenges are created for educational and competitive purposes. Difficulty ranges from beginner to expert. Solve challenges using your own analytical and technical skills.

RULE_04

Flag Acquisition

Flags must be obtained by solving the intended challenge. All flags follow the format: SecLeaf{your_flag_here}. Flags are case-sensitive unless mentioned.

RULE_05

Infrastructure Protection

Do NOT attempt to attack or disrupt the CTF platform. No DoS, DDoS, network flooding, or brute-force attacks against infrastructure. Only interact with systems explicitly provided in challenges.

RULE_06

Tools & Automation

Legal security tools (e.g., Nmap, Burp Suite, Wireshark, etc.) are allowed unless restricted in a challenge. Automated scripts designed to brute-force flag submissions are strictly prohibited.

RULE_07

Submission Policy

Submit flags exactly as provided. Extra spaces, incorrect casing, or modified formats will be rejected.

RULE_08

Hints

Hints may be available for certain challenges. Use hints responsibly to enhance learning.

RULE_12

Disputes & Authority

Any disputes must be reported immediately to the organizers. All organizer decisions are final and binding.

AI USAGE POLICY

Artificial Intelligence is a tool. Not a substitute for skill.

ALLOWED USE CASES:
  • Understanding cybersecurity concepts
  • Learning exploitation techniques
  • Explaining errors or compile issues
  • Syntax assistance and coding guidance
  • General research and reading guidance
STRICTLY PROHIBITED:
  • Feeding entire challenge descriptions to AI and asking for direct solutions.
  • Using AI to generate full exploit scripts without understanding them.
  • Fully automated solving pipelines using AI agents.
  • Real-time collaboration with others via AI prompt sharing.

You are here to test your mind, not outsource it. If AI is used irresponsibly or excessively in a way that compromises fairness, organizers reserve the right to request a solution explanation, demand a live demonstration, or disqualify without notice.

OPERATIONAL WINDOW

The clock is absolute.

The mission begins and ends strictly as scheduled (23rd – 24th May 2026). No extensions. No exceptions. No excuses. Keep track of the active timeline.

WINNER VERIFICATION

The top teams must prove their skill.

The first 3 teams **MUST** submit a detailed technical writeup explaining their methodologies within **24 HOURS** of the competition concluded.

Failure to comply will result in the rank and rewards shifting automatically to the next candidate.