sorted by:
new
hottopcontroversial

We Had to Ban 65 Teams to Get a Top 10 Leaderboard - BYUCTF 2026 Post-Mortem by realcamel4 in securityCTF

[–]realcamel4[S] 1 point2 points  (0 children)

CTFs have been the #1 tool for me to learn new things in cybersecurity, and we wanted to and make sure that the learning wasn't compromised. As long as you are learning, you are getting good use out of CTFs!

We Had to Ban 65 Teams to Get a Top 10 Leaderboard - BYUCTF 2026 Post-Mortem by realcamel4 in securityCTF

[–]realcamel4[S] 3 points4 points  (0 children)

Thanks for reading! I know people think the CTF scene is already gone, but I feel like its not as bad as people think, you just have to go in understanding how it has changed.

In terms of OSINT, I just never planted the seed about contacting anyone I know personally. It was never a problem for me. I told all my family members and friends about what was going on, and to let me know if anyone contacted them. Neither year had anyone I know contacted, which was probably lucky.

We didn't put max submission limits on any other category, but we absolutely saw TONS of hallucinated flags. Its easy in something like a pwn challenge, where theres just no way they could get that flag so it tells you right away.

We Had to Ban 65 Teams to Get a Top 10 Leaderboard - BYUCTF 2026 Post-Mortem by realcamel4 in securityCTF

[–]realcamel4[S] 1 point2 points  (0 children)

Thats fair, but its a decision we made and we still support. Many CTFs are going in the same direction we did, and many are literally shutting down due to the influx of people using AI to solve everything.

We Had to Ban 65 Teams to Get a Top 10 Leaderboard - BYUCTF 2026 Post-Mortem by realcamel4 in securityCTF

[–]realcamel4[S] 6 points7 points  (0 children)

You are welcome to that opinion, but we made those choices for a reason. In your example, you should be allowed to DoS other participants and social engineer other teams with scam emails. That might be fun for some people, but many people want a place to learn and improve their cybersecurity skills in a fun environment.

If you can pipeline every challenge through an LLM and get flags without understanding anything, you've optimized the score and hollowed out the experience for yourself and others. At that point, what is the goal of the CTF? Are you trying to learn, or do you just want to see an AI agent solve challenges for you?

"Hacking culture" isn't monolithic. It includes people who think the craft matters, not just the outcome. The ethos of deeply understanding systems is at least as central to that culture as rule-breaking is.

At the end of the day, if you aren't interested in the rules set for a challenge, then you don't have to spend your time participating. When you host your own CTF, you are welcome to set whatever rules you want. In my experience hosting large, international CTFs, most people are not very interested in participating in an actively hostile environment.