Rules

Eligibility for Participation

  • Team members must be made up exclusively of students registered for tertiary studies in 2025 at eligible tertiary educational institutions.
  • Eligible educational institutions are public South African universities (including public universities from SADC) and South African institutions that have entered a REN service agreement and form part of the SA NREN may participate.
  • If you were part of a team that placed 1st, 2nd, or 3rd during the previous Cyber Security Challenge final, you cannot participate as a team member in the 2025 Cyber Security Challenge.
  • However, if you need to participate as a requirement to complete a practical, you can then still register and participate in the qualification round but you will not be eligible to qualify for the finals.

Team Size

  • Teams are restricted to 3 members if all members are of the same gender, otherwise the teams can be up to 4 members.
  • The team leader is a member of the team that has been designated as the Point of Contact (PoC) for that team.
    • The organisers will interact with the team leader regarding all correspondence related to the competition.
  • Teams must compete without any outside aid from non-team members.

Team Eligibility

  • Team members must be made up exclusively of students registered for tertiary studies in 2025 at eligible tertiary educational institutions.
  • Eligible educational institutions are public South African universities (including public universities from SADC) and South African institutions that have entered a REN service agreement and form part of the SA NREN may participate.
  • Team members must all be from the same eligible tertiary educational institution.

Participation Rules for the Qualification Round

  • Eligible teams interested in participating must register on the CSC website (please consider the above team size requirements when forming teams).
  • Registration must be completed before the closing of the qualification round.
  • The qualification dates will either be confirmed with the university mentor or communicated directly with the registered team.
  • The qualification round will be open for 10 days.
  • Registered teams to receive notification via email with credentials on the day the qualification round opens (as per agreed dates).
    • The closing date and time for participating the qualification round will also be shared in the email.
    • Please note that challenges submitted after the communicated closing date and time will not be considered.
  • Each team is expected to participate in the qualification round remotely.
  • The qualification round with consist of a collection of Capture the Flag challenges.
  • Hints are made available for certain challenges and used by teams at their own discretion.
  • The scoreboard will not be made public (this is because various universities will be participating at different times during the qualification round).
  • Used hints will not be reversed by the organisers.
  • Organisers will respond to participant queries by the next business day.

Team Selection for Finals

  • The organisers will invite the top 10 teams to attend the CSC finals at the CHPC National Conference.
    • Only the top team (1) per university department can qualify for the CSC finals (a team from both the Computer Science and Engineering departments can be considered).
    • Please note that the top team from a university department must still place in the top 10 overall (of all universities participating) in order to qualify for the CSC finals.
    • The score achieved by the team during the qualification round will be used as the main measure to determine selection for the CSC finals.
    • Should 2 or more teams from the same university department end up with the same score, the CSC organisers will consider additional criteria to separate the teams.
      • The criteria to be applied will be decided by the CSC organisers.
  • The organisers’ decision is final and no negotiations or correspondence with participants will be entered into.

Team Mentor for Finals

  • Teams who have qualified for the CSC final must be accompanied by a team mentor.
  • The team mentor must be affiliated with the university the team will be representing at the finals.
  • Should the recognised team mentor (as per the mentors list on the CSC website) be unable to attend, that mentor must then nominate a suitable replacement (who must be affiliated with the university).
  • A mentor can’t be nominated or recommended by the participating team.

Participation Rules for the Final Round

  • All team members should be present at the event.
  • All team members will wear badges identifying team affiliation at all times during competition.
  • If the member of a team advancing to the final round of the competition is unable to attend, that team may substitute a person in their place, as long as that person qualifies under the eligibility rule.
  • Teams may not modify the hardware configurations of competition systems.
    • Teams must not open the case of any system such as, laptop, monitor, router, switch, firewall, or any other piece of equipment used during the competition.
  • Teams may not remove their assigned laptops from the competition area unless specifically authorised to do so by organisations members.
  • All network activity that takes place on the competition network will be logged and subject to anonymised release.
  • Teams will be supplied with laptops for the competition.
    • This is to ensure a fair base for the games.
    • These laptops are not allowed to be moved from the booths.
  • All team members are expected to attend morning briefings, plenary speakers sessions and the prize ceremony and dinner.
  • In addition to published rules, new policies and rules may apply throughout the games.
    • These rules will be communicated to each team leader.
  • Social Engineering is allowed at the competition, but strictly limited to Cyber Security Challenge participants.
  • Sabotage is not allowed.
  • If unsure ask the organisers.

Challenges for the Final Round

  • Capture The Flag Challenge
    • This challenge will consist of a collection of hacking puzzles (web security, reverse engineering, mobile security, digital forensics, etc.).
  • Attack and Defend Challenge
    • The last day of the competition, teams will be required to defend a system, and attack the other teams’ systems.
  • Sponsored Challenges
    • Unique challenges that provides students with the opportunity to gain exposure to other forms of cyber security.