Frequently
Asked Questions

DEADFACE CTF is an annual cybersecurity capture-the-flag competition where participants solve security challenges across various domains including web exploitation, cryptography, reverse engineering, forensics, and more. Its open to all skill levels and is a great way to learn and test your hacking skills.

DEADFACE CTF 2026 runs from October 24 at 9:00am CDT (14:00 UTC) to October 25 at 7:00pm CDT (Oct 26, 2026 00:00 UTC) - a full 34 hours of hacking challenges. Make sure to convert to your local timezone!

Yes! DEADFACE CTF is completely free to participate in. There are no registration fees or hidden costs. We believe cybersecurity education should be accessible to everyone.

DEADFACE CTF welcomes participants of all skill levels. We have challenges ranging from beginner-friendly to expert-level. If you are new to CTFs, start with the lower-point challenges and work your way up.

Registration opens July 1, 2026. Once open, a "Register" button will appear on this page. Click the "Register" button on our website to create an account. You can register as an individual or create a team.

Absolutely! You can compete as a solo player or with a team of up to 10 members. Solo players compete in the same pool as teams, so consider joining forces with others for a better chance at higher scores.

After creating an account, you can either create a new team (and invite others via a team code) or join an existing team using their team password. Team formation must be finalized before the competition starts.

No, once the competition starts, team membership is locked. Make sure you finalize your team before the start time. This ensures fair competition and prevents flag sharing between teams.

Challenges span multiple categories: Web Exploitation, Cryptography, Reverse Engineering, Binary Exploitation (pwn), Forensics, OSINT (Open Source Intelligence), Network Analysis, SQL, and more. Each category tests different cybersecurity skills.

We use static scoring - challenges have fixed point values. First blood (first solve) gets special recognition.

The standard flag format is deadface{...} where ... is the flag content. For example: deadface{th1s_1s_4n_ex4mpl3}. Flags are usually case-sensitive unless otherwise specified. Some challenges may specify a different format in their description.

Yes, hints are available for some challenges. However, using hints will reduce the points you earn for that challenge (typically 10-25% penalty). Use them wisely!

You will need a computer with internet access. We recommend having Kali Linux or a similar security-focused OS. Common tools include Burp Suite, Wireshark, Ghidra, Python, and various command-line utilities. Specific challenge requirements will be noted.

First, make sure you are following the correct approach - sometimes what seems broken is actually part of the challenge. If you believe there is a genuine issue, report it in Discord to @Staff with details. We will investigate promptly.

Yes, to prevent brute-forcing, there is a rate limit on flag submissions. If you hit the limit, wait a few minutes before trying again. This ensures fair play and protects the infrastructure.

You can use automated tools for solving challenges, but automated brute-forcing of the flag submission system is prohibited. Web fuzzing and enumeration tools are generally fine when used responsibly.

Yes! Top teams will win cash prizes, digital badges, and bragging rights. Prize details and eligibility requirements will be announced closer to the event. Some prizes may have regional restrictions.

Rule violations may result in warnings, point deductions, or disqualification depending on severity. Serious violations (like flag sharing or attacking infrastructure) result in immediate disqualification and potential bans from future events.

No. Sharing solutions, flags, hints, or detailed approaches during the competition is prohibited. After the competition ends, we encourage writeups - we will even feature the best ones!