Last Updated: November 26, 2025
Effective Date: December 1, 2025
Yukthi CTF is committed to providing a safe, inclusive, and fair competitive environment for all participants. This Code of Conduct outlines expected behavior, prohibited actions, and enforcement procedures to ensure everyone can enjoy a positive CTF experience.
1. Core Values
Our community is built on these principles:
- Fair Play: Compete honestly and respect the spirit of the competition
- Respect: Treat all participants, organizers, and staff with dignity
- Integrity: Be honest in all interactions and submissions
- Learning: Embrace the educational spirit of cybersecurity challenges
- Inclusion: Welcome participants of all backgrounds and skill levels
2. Expected Behavior
All participants are expected to:
- Compete fairly using your own skills and knowledge
- Respect other participants and their right to compete
- Follow all competition rules and guidelines
- Report bugs or vulnerabilities in the platform responsibly
- Use appropriate and respectful language in all communications
- Help maintain a welcoming environment for newcomers
- Accept decisions made by organizers gracefully
- Use skills learned ethically and legally outside the competition
- Support fellow participants in their learning journey
3. Prohibited Actions
3.1 Cheating & Unfair Advantages
The following are strictly prohibited:
- Flag Sharing: Sharing flags, solutions, or hints with other teams during active competitions
- Unauthorized Collaboration: Working with individuals outside your registered team
- Multiple Accounts: Creating or using multiple accounts to gain unfair advantage
- Automation Abuse: Using bots or scripts to brute-force flags or automate solving beyond allowed tools
- Hint Exploitation: Obtaining solutions through unauthorized access to challenge infrastructure
- Solution Buying/Selling: Purchasing or selling challenge solutions
- Infrastructure Attacks: Attacking the CTF platform, scoring system, or other participants
- DoS/DDoS: Denial of service attacks against any competition infrastructure
- Resource Exhaustion: Intentionally consuming excessive resources to disrupt services
- Unauthorized Access: Accessing admin panels, databases, or systems outside challenge scope
- Data Exfiltration: Extracting data from the platform beyond what is necessary for challenges
- Exploitation of Bugs: Using platform bugs for competitive advantage instead of reporting them
3.3 Harassment & Discrimination
We have zero tolerance for:
- Harassment: Targeting individuals with unwanted, hostile, or intimidating behavior
- Discrimination: Discriminating based on race, gender, religion, nationality, disability, sexual orientation, or any protected characteristic
- Offensive Content: Posting or sharing offensive, hateful, or inappropriate content
- Doxxing: Sharing personal information about others without consent
- Threats: Making threats of violence or harm
- Sexual Harassment: Unwelcome sexual advances or inappropriate conduct
- Bullying: Repeated aggressive behavior targeting individuals
3.4 Misuse of Knowledge
- Real-World Attacks: Using techniques learned to attack systems without authorization
- Malicious Use: Developing or distributing malware based on challenge knowledge
- Illegal Activities: Engaging in any illegal activities using skills from the CTF
- Weaponization: Creating tools intended for malicious purposes
4. Competition Integrity
4.1 Authorized Security Testing Scope
YOU ARE AUTHORIZED to perform security testing on:
- Challenge environments explicitly provided as part of competitions
- Systems and services within defined challenge boundaries
- Your own team's designated resources
YOU ARE NOT AUTHORIZED to test:
- Platform infrastructure (servers, databases, authentication systems)
- Other users' accounts or personal data
- Shared services or underlying cloud infrastructure
- Any system outside designated challenge environments
4.2 Important Notice
WARNING: Skills learned at Yukthi CTF may ONLY be used for:
- Educational purposes
- Authorized security testing with written permission
- Career development in cybersecurity
- Defensive security research
Using techniques learned here for unauthorized access to computer systems is ILLEGAL under the Information Technology Act, 2000 (India) and equivalent laws worldwide.
5. Reporting Violations
If you witness or experience a Code of Conduct violation, please report it immediately.
5.1 How to Report
- Email: conduct@yukthictf.com
- Discord: DM any organizer or use the #report channel
- In-Person (Finals): Speak to any staff member wearing organizer badges
5.2 What to Include
When reporting, please provide:
- Description of the incident
- Names/usernames of involved parties (if known)
- Time and location (channel, challenge, etc.)
- Any evidence (screenshots, logs)
- Your contact information (for follow-up)
5.3 Confidentiality
- All reports are handled confidentially
- Reporter identity is protected
- Retaliation against reporters is strictly prohibited and will result in severe penalties
6. Enforcement Actions
Violations may result in the following actions, depending on severity:
| Level |
Action |
Applied For |
| 1 |
Warning |
Minor first-time violations |
| 2 |
Score Penalty |
Competitive violations, minor cheating |
| 3 |
Disqualification |
Serious cheating, harassment |
| 4 |
Permanent Ban |
Severe violations, repeat offenders |
| 5 |
Legal Action |
Illegal activities, serious harm |
6.1 Enforcement Process
- Report received and acknowledged
- Investigation conducted by organizing committee
- Evidence reviewed and parties contacted
- Decision made based on severity and evidence
- Action communicated to involved parties
- Appeal window provided (48 hours)
For severe violations (threats, active attacks, serious harassment), we may take immediate action including:
- Instant account suspension
- Removal from competition
- Notification to law enforcement
7. Appeals Process
If you believe an enforcement action was made in error:
- Submit Appeal: Email appeals@yukthictf.com within 48 hours
- Include: Your username, the action taken, and your explanation with supporting evidence
- Review: Appeals are reviewed by the organizing committee (different members from original decision)
- Decision: Final decision communicated within 72 hours
Note: Decisions on appeals are final. Multiple frivolous appeals may result in additional penalties.
8. Responsible Disclosure
If you discover a vulnerability in the Yukthi CTF platform (not challenges):
- Do Not Exploit: Stop testing once vulnerability is confirmed
- Report Privately: Email security@yukthictf.com with details
- Allow Time: Give us reasonable time to fix before disclosure
- No Public Discussion: Do not share vulnerability details publicly
We appreciate responsible disclosure and may recognize reporters (with permission).
9.1 Discord & Chat
- Keep discussions relevant to CTF and cybersecurity
- No spam, excessive self-promotion, or off-topic content
- Use appropriate channels for different topics
- Be patient with beginners asking questions
- No sharing of flags or solutions during active competitions
9.2 After Competition
- Write-ups may be shared only after competition ends and with organizer permission
- Credit challenge creators when discussing solutions
- Help others learn from your approaches
- Contribute positively to the cybersecurity community
10. Acknowledgment
By registering for and participating in Yukthi CTF, you acknowledge that:
- You have read and understood this Code of Conduct
- You agree to abide by all rules and guidelines
- You understand that violations may result in enforcement actions
- You accept that organizer decisions are final
- Conduct Issues: conduct@yukthictf.com
- Appeals: appeals@yukthictf.com
- Security Reports: security@yukthictf.com
- General Support: support@yukthictf.com
Remember: CTF competitions are about learning, growing, and having fun in cybersecurity. Let's create a positive experience for everyone!
