Skip to content

Preparations#

Challenges#

Before hosting a CTF, you should decide on the general format of the competition. To give you some ideas, here are some common characteristics in a good CTF:

  • During the weekend, lasting either 24 or 48 hours

  • Challenges fit the common CTF categories

  • Each category should have around 2-6 challenges, ideally all categories aim to have roughly the same amount of challenges

  • Challenge difficulty is mostly equally distributed between easy-hard, having easy challenges for beginners and something hard for experienced players

Please also see the CTF Design Guideline for a great guide on how to make a good challenge.

CTFtime#

If you're not familiar with CTFtime already, it is used to track all CTF events, the teams playing in it, and acts in general as the "central hub" for CTF-related information. This is the easiest way to advertise your CTF to rest of the active CTF players and see if your planned date has any other CTFs overlapping with it.

After the CTF is over, it is highly recommended to upload the scoreboard to the event so that participating teams are able to gain points, that are then converted into their ranking globally. The longer your event is organized, the higher weight you're able to achieve which is decided by the competitors voting on your event.

You can find more information on CTFtime's side regarding organizing CTFs here.

Sponsorships#

Although not strictly necessary, most competitions opt to have prizes for the top 3 teams and maybe award some of the best write-ups as they encourage others being able to learn from them.

Here are some possible sponsors to give you an idea:

Remember to start doing this well in advance before your CTF, as companies may take some time to get back to you and confirm the sponsorship.

Communication#

Majority of the CTFs prefer using Discord as the communication platform for during the CTF announcements, getting support, and discussing challenges after the CTF is over.

A common Discord channel setup looks like this:

  • #rules (Discord and CTF-specific rules)

  • #announcements (registrations opened, CTF started, challenge updates, CTF ended, feedback)

  • #first-bloods (teams who solved the challenge first)

  • #support (ability to create support tickets in case the challenge appears to be not working/broken, e.g. using any available Discord Bot)

  • #general (general discussion)

  • #looking-for-team (searching for teammates to participate in the CTF)

  • #web/#rev/#pwn/#crypto/#misc (category-specific channels if desired)

For support, it is common to get many requests from the competitors, which is why managing them inside a server instead of individual's direct messages is significantly easier for everyone involved. These requests vary from having issues with the CTF platform, challenge not working, flag being incorrect, or asking for hints. In the case of hints, it is highly recommended to have a strict no hint policy as this can be seen as aiding an individual team (as CTFs are competitions after all). Instead, any hints should be announced in the #announcements channel so that everyone has the same hint, and in case of someone asking information about the challenge, using a reference exploit to test that the challenge remote and solution is working is the only thing that should be confirmed to competitors.