Eligibility for Participation
- Team members must be made up exclusively of students registered for tertiary studies in 2025 at eligible tertiary educational institutions.
- Eligible educational institutions are public South African universities (including public universities from SADC) and South African institutions that have entered a REN service agreement and form part of the SA NREN may participate.
- If you were part of a team that placed 1st, 2nd, or 3rd during the previous Cyber Security Challenge final, you cannot participate as a team member in the 2025 Cyber Security Challenge.
- However, if you need to participate as a requirement to complete a practical, you can then still register and participate in the qualification round but you will not be eligible to qualify for the finals.
Team Size
- Teams are restricted to 3 members if all members are of the same gender, otherwise the teams can be up to 4 members.
- The team leader is a member of the team that has been designated as the Point of Contact (PoC) for that team.
- The organisers will interact with the team leader regarding all correspondence related to the competition.
- Teams must compete without any outside aid from non-team members.
Team Eligibility
- Team members must be made up exclusively of students registered for tertiary studies in 2025 at eligible tertiary educational institutions.
- Eligible educational institutions are public South African universities (including public universities from SADC) and South African institutions that have entered a REN service agreement and form part of the SA NREN may participate.
- Team members must all be from the same eligible tertiary educational institution.
Participation Rules for the Qualification Round
- Eligible teams interested in participating must register on the CSC website (please consider the above team size requirements when forming teams).
- Registration must be completed before the closing of the qualification round.
- The qualification dates will either be confirmed with the university mentor or communicated directly with the registered team.
- The qualification round will be open for 10 days.
- Registered teams to receive notification via email with credentials on the day the qualification round opens (as per agreed dates).
- The closing date and time for participating the qualification round will also be shared in the email.
- Please note that challenges submitted after the communicated closing date and time will not be considered.
- Each team is expected to participate in the qualification round remotely.
- The qualification round with consist of a collection of Capture the Flag challenges.
- Hints are made available for certain challenges and used by teams at their own discretion.
- The scoreboard will not be made public (this is because various universities will be participating at different times during the qualification round).
- Used hints will not be reversed by the organisers.
- Organisers will respond to participant queries by the next business day.
Team Selection for Finals
- The organisers will invite the top 10 teams to attend the CSC finals at the CHPC National Conference.
- Only the top team (1) per university department can qualify for the CSC finals (a team from both the Computer Science and Engineering departments can be considered).
- Please note that the top team from a university department must still place in the top 10 overall (of all universities participating) in order to qualify for the CSC finals.
- The score achieved by the team during the qualification round will be used as the main measure to determine selection for the CSC finals.
- Should 2 or more teams from the same university department end up with the same score, the CSC organisers will consider additional criteria to separate the teams.
- The criteria to be applied will be decided by the CSC organisers.
- The organisers’ decision is final and no negotiations or correspondence with participants will be entered into.
Team Mentor for Finals
- Teams who have qualified for the CSC final must be accompanied by a team mentor.
- The team mentor must be affiliated with the university the team will be representing at the finals.
- Should the recognised team mentor (as per the mentors list on the CSC website) be unable to attend, that mentor must then nominate a suitable replacement (who must be affiliated with the university).
- A mentor can’t be nominated or recommended by the participating team.
Participation Rules for the Final Round
- All team members should be present at the event.
- All team members will wear badges identifying team affiliation at all times during competition.
- If the member of a team advancing to the final round of the competition is unable to attend, that team may substitute a person in their place, as long as that person qualifies under the eligibility rule.
- Teams may not modify the hardware configurations of competition systems.
- Teams must not open the case of any system such as, laptop, monitor, router, switch, firewall, or any other piece of equipment used during the competition.
- Teams may not remove their assigned laptops from the competition area unless specifically authorised to do so by organisations members.
- All network activity that takes place on the competition network will be logged and subject to anonymised release.
- Teams will be supplied with laptops for the competition.
- This is to ensure a fair base for the games.
- These laptops are not allowed to be moved from the booths.
- All team members are expected to attend morning briefings, plenary speakers sessions and the prize ceremony and dinner.
- In addition to published rules, new policies and rules may apply throughout the games.
- These rules will be communicated to each team leader.
- Social Engineering is allowed at the competition, but strictly limited to Cyber Security Challenge participants.
- Sabotage is not allowed.
- If unsure ask the organisers.
Challenges for the Final Round
- Capture The Flag Challenge
- This challenge will consist of a collection of hacking puzzles (web security, reverse engineering, mobile security, digital forensics, etc.).
- Attack and Defend Challenge
- The last day of the competition, teams will be required to defend a system, and attack the other teams’ systems.
- Sponsored Challenges
- Unique challenges that provides students with the opportunity to gain exposure to other forms of cyber security.