Skip to main content
All CollectionsManaging ContentManaging Challenges
Capture The Flag Creation Guidelines
Capture The Flag Creation Guidelines
FifthDomain avatar
Written by FifthDomain
Updated over a week ago

๐Ÿ“– Note: The purpose of this document is to provide clear guidelines on how the challenges should be structured, the required components, and the quality assurance process before the challenges are published on our platform.

1. Challenge Structure

Each CTF challenge should adhere to the following structure:

1.1. Challenge Specialisation

With FifthDomain, we categorise challenges under their speciality and the challenges should fall under one of the following specialisation categories:




Challenges that involve gathering and analysing information to predict and prevent cyber threats.


Tasks centred around defending systems and networks from cyber threats.


Challenges that require identifying and responding to cyber threats or intrusions.


Focused on the analysis of cyber incidents and the identification of threat actors.


Simulated offensive operations aimed at testing the security of systems.


Challenges involving the design and construction of secure systems and software.

1.2. Skills

Ensure that the mentioned profession speciality aligns with one or multiple of the following pro skills, varying for each specific challenge.



Threat Intelligence Gathering

Collecting and analysing cyber threat actors, infrastructure, and Indicators of Compromise

Opensource Collection

Gathering of information from publicly available sources

Darkweb Monitoring

Collecting, analysing, and reporting data from dark web sources

Social Media Analysis

Collecting and analysing information from social media platforms


Applying geospatial intelligence in cyber operations

System Hardening

Reducing system vulnerabilities through configuration adjustments and patch management

Network Hardening

Implementing strategies and controls to enhance the security of the network infrastructure.

Access Control

Managing permissions and authorisations for system access

Vulnerability Assessment

Identifying and assessing system vulnerabilities

Encryption Techniques

Applying encryption to protect data confidentiality and integrity

Intrusion Detection

Identifying potential incidents, threats and vulnerabilities in the network

Log Analysis

Interpreting log entries to identify and investigate suspicious activities

Traffic Analysis

Analysing network traffic to detect security incidents

Anomaly Detection

Identifying unusual patterns that could indicate a security breach

Alert Creation

Creating and configuring alerts based on specific security conditions

Host Analysis

Examining host activities and configurations for signs of compromise

Digital Forensics

Collecting, analysing and reporting on digital data for incident investigations, including steganography

Malware Analysis

Examining malicious software and scripts to understand their functions, origins, and impact.

Reverse Engineering

Dismantling and analysing device or system to understand its composition and operation

Data Recovery

Retrieving data from damaged, failed, corrupted, or inaccessible storage media


Decrypting or decoding encrypted data and programmes without knowing the encryption key

Database Exploitation

Exploiting vulnerabilities in databases to gain unauthorised access or extract data

AI Exploitation

The strategic utilisation of techniques to manipulate artificial intelligence systems, such as chatbots, with the aim of revealing hidden data or eliciting unintended responses.

Network Exploitation

Manipulating network topology and configuration vulnerabilities to gain unauthorised access or disrupt services

Web Exploitation

Exploiting vulnerabilities in web applications to gain unauthorised access or disrupt services

OS Exploitation

Manipulating operating system vulnerabilities to gain unauthorised access

Binary Exploitation

Exploiting software at the binary level

Secure Coding

Developing software in a way that guards against security vulnerabilities

Software Debugging

Identifying and fixing errors in software

Automation Programming

Using programming to automate repetitive tasks

API Development

Creating APIs for interacting with applications or services

SOC Tech Deployment

Deploying and managing technology solutions within a Security Operations Centre

1.3. Challenge Proficiency

Challenges should align with the corresponding proficiency levels, ranging from Novice to Expert. Novices, at the outset, grapple with the fundamental need for rules, guidance, and structure due to their minimal experience. As individuals progress to the Advanced Beginner stage, they begin recognising patterns and contexts but still require assistance, facing challenges in adapting to complexity. Competent individuals can independently manage complex situations but must refine their decision-making skills and confront unforeseen circumstances. Proficient practitioners excel at anticipating problems, proactively adapting, facing challenges related to continuous improvement, and staying updated. Experts, possessing an intuitive understanding, grapple with the challenge of effectively sharing their expertise and staying at the forefront of their field through constant innovation and knowledge expansion.

  • Novice

  • Advanced Beginner

  • Competent

  • Proficient

  • Expert

โ€‹This categorisation is important to ensure participants of varying skill levels can enjoy the challenges.

Challenge Proficiency




Novices have basic cybersecurity awareness. They need structured challenges that introduce core concepts.

A novice-level challenge in Network Security could involve identifying misconfigurations in firewall rules, requiring a basic understanding of network protocols and security principles.

Advanced Beginner

Advanced Beginners are familiar with key cybersecurity concepts but still developing practical skills.

An Advanced Beginner Challenge in Web Exploitation might require exploiting a SQL injection in a web application, teaching both the theoretical background of SQL injections and their practical identification and exploitation.


Competent participants can independently solve complex problems but are refining their strategic approach.

Decrypting a message encrypted with a less common algorithm requires a deeper understanding of cryptographic principles and the ability to research and apply less conventional methods.


Proficient practitioners can handle advanced, multifaceted challenges and are adept at adapting their strategies.

A proficient-level Digital Forensics challenge might involve a scenario with obscured file system evidence, network traffic analysis, and advanced steganography, requiring integrated skills across multiple domains of cybersecurity.


Experts possess a deep, intuitive understanding of cybersecurity and are at the forefront of the field.

An expert-level binary exploitation challenge might involve developing an exploit for a complex, realistic piece of software with modern security mitigations in place, requiring advanced knowledge in reverse engineering, memory corruption, and exploit development.

These proficiency levels and examples are designed to cater to participants who have at least a foundational understanding of cybersecurity. The challenges increase in complexity and depth, ensuring that both newcomers and experienced individuals find the content engaging and enriching. This approach ensures that your CTF challenges not only test skills but also contribute significantly to the learning and development of all participants.

Please note that the above examples are just to give you some idea of what proficiency level is expected and what level the challenge should need to be at. Never influence or limit yourself to re-creating that example of a challenge.

1.4. Challenge Description

  • Clarity and Conciseness: Provide a clear, concise description of the challenge, ensuring participants understand the scenario, objectives, and any relevant background information.

  • Scenario Setting: Set a realistic or engaging scenario that provides context and immerses participants in the challenge.

  • No Code in the description: If there is any code or snippet, remove it from the description. Instead, create them as a file or artefact and upload them as an attachment. Make sure you redirect the participants to look at the attachment for the code snippet.

  • Objectives: Clearly state what participants are expected to accomplish, outlining the main goals and any specific targets.

  • Flag Format: Provide an example flag format for the participants to understand what the flag format looks like FLAG{THIS_IS_A_FLAG}.

  • Access Details: For lab and container-based challenges, specify the port number and any other access details. Ensure that these details are accurate and functional.

  • Formatting: Make sure you follow a well-documented markup language format.

1.5. Type of Challenges and their Creations

1.5.1. Static Challenge Overview

Static challenges are based on analysing static files or data. They do not involve interaction with a live environment or service. Expectations

  • Challenge Files: Include files like encrypted messages, code snippets, binaries, images, etc.

  • Objective: Clearly state what the participant is expected to discover or solve using the provided files.

  • Solutions: Solutions should be straightforward, elaborative, and focus on analysis or deduction from the given data. A solve script must be produced. Otherwise, step by step on how to solve. You can add the terminal snipped, code block, etc for support. Example

A Cryptography challenge with an encrypted text file, where participants must decrypt the message to find the flag.

1.5.2. Container-based Challenge Overview

Container-based challenges Use Docker containers to provide a consistent and isolated environment for each challenge. These challenges can be interactive and can be lightweight and set up in the FifthDomain lab. Steps on how to set up the labs and VMs are provided in โ€œVM & Docker Builds in Labs - Guidelinesโ€. Expectations

  • Environment Setup: Set up the Docker environment in the FifthDomain Container VM, and make sure you properly set up the services running, any specific configurations, and cron jobs. Make sure you run a self-restart script for the docker.

  • Access Details: Provide a port number for accessing the Docker container in the description for the participants.

  • Interactivity: Design challenges to be interactive, such as exploiting a service or analysing a running application, etc.

  • Sustainability: Ensure the container is configured to be stable and consistently accessible. Example

A Web Exploitation Challenge is hosted in a Docker container, where participants exploit a vulnerability in a web application to retrieve the flag.

1.5.2. Lab-based Challenge Overview

Lab-based challenges are complex and often simulate real-world scenarios. These challenges can involve multiple interconnected systems or networks and software-based simulation challenges, typically within a VM environment. Expectations

  • Complex Environment: Document the setup of a comprehensive lab environment, which may include multiple VMs or networked systems.

  • Realistic Scenarios: Design challenges that mimic real-world situations, such as network pivoting, EDR simulation, kernel exploits, etc.

  • Maintenance: Provide instructions for maintaining the lab environment, including scripts or automation for regular checks and restarts. Example

An advanced challenge requiring participants to analyse logs using tools like Elastic Stack to identify security incidents, or a scenario involving multiple stages of web exploitation and privilege escalation within a simulated network.

1.6. CTF Challenge Creation Guidelines

1.6.1. Brute-Forcing and Enumeration

  • Time Efficiency: Ensure that any brute-forcing or enumeration tasks do not exceed 5 minutes and should use only well-known dictionaries. Use entries from the top of wordlists to facilitate this.

  • Benchmarking: Request FifthDomain Jumpbox as a performance benchmark for tasks like hash cracking to ensure accessibility for all participants.

1.6.2. Content Appropriateness

  • PG-13 Requirement: All CTF challenge content, including downloadable media and attachments, must be PG-13 and suitable for assessment settings, including classes, workshops, and corporate environments.

  • Big-NO: Never use minor, political, illicit, profanity, abuse, religious, caste, or racist materials in the creation of the challenges.

1.6.3. Interactive Elements

  • Engagement: Challenges should incorporate interactive elements to enhance participant engagement and learning. Websites should be designed to be engaging and responsive.

1.6.4. Formatting and Language

  • Consistency and Grammar: Tasks should be consistently formatted, well-written, and presented in English.

  • Accreditation: Properly credit all images, quotes, or text that are not original. Plagiarism will be rigorously checked.

1.6.5. Licensing and Source Code

  • Reference to Licensing: Provide references to the licensing agreement or Terms and conditions for any non-original source code.

  • Commercial Use: Ensure that the source code allows for commercial use if hosted on FifthDomain. Unlicensed code is considered as "All rights reserved" by the original author and is not permissible.

1.6.6. Challenge Difficulty and Information Disclosure

  • Tagging by Difficulty: Align challenge tags with the challenge difficulty to manage spoiler risks. For example, a "Novice" challenge can have more revealing hints in the description compared to "Proficient" or "Expert" ones.

  • Information Scaling: Provide more extensive hints in the description for novice challenges, gradually reducing the amount of information provided as the difficulty increases, with minimal to no hints in the description for proficient and expert levels.

1.6.7. Challenge Asset Submission

  • Complete Uploads: When submitting a challenge, include all assets used in its creation. This encompasses Dockerfiles, images, ISOs, documentation, credentials, and any other relevant materials.

  • Organised Documentation: Ensure that all documentation is thorough and clearly outlines the challenge setup and solution process.

1.6.8. Adherence to VM & Docker Guidelines

  • Guideline Compliance: Strictly follow the "VM & Docker Builds in Labs - Guidelines" document when creating lab environments.

  • Support Utilisation: If difficulties arise in lab creation, review the guideline document thoroughly. If challenges persist, reach out to the support team for assistance.

1.6.9. Reliance on Local Environments and Tools

  • Local Resources Priority: Prioritise the use of local tools and environments to ensure reliability and control.

  • Third-Party Tool Longevity: If third-party tools or software are used, they must be guaranteed to remain operational. Be prepared to provide alternatives if these services are disrupted.

1.6.10. Solution Walkthrough

  • Detailed Guidance: Offer a step-by-step walkthrough for solving the challenge. This should be clear, concise, and easy to follow.

  • Proof of Solution: Include terminal snippets or other proof to demonstrate the solution works as intended.

1.6.11. Additional Documentation for Script-Based Challenges

  • Comprehensive Instructions: If the challenge created requires script writing, open-source searches, or detailed investigations, provide extensive solution documentation.

1.6.12. Flag Specifications

  • Clear Flag Indication: Clearly specify the flag that participants need to obtain. Ensure the flag format is easily recognisable, and avoid using spaces or periods at the beginning or end.

  • Standardised Flag Format: Maintain a standardised format for all flags, such as FLAG{F1aG_F0rMaT}.

1.6.13. Hints for Different Proficiency Levels

  • Progressive Assistance: Provide two to three hints for each challenge, tailored to its proficiency level. Hints should guide participants towards the key steps without revealing the solution.

2. Challenge Review

2.1. Solution Walkthrough Review

  • Step-by-Step Clarity: The solution walkthrough must provide clear, step-by-step instructions. Each step should be logical and contribute to solving the challenge.

  • Avoiding Assumptions: Ensure that the walkthrough avoids assumptions. Solutions should be based on logical reasoning and clear evidence within the challenge.

2.2. Challenge Completeness

  • All Required Files Included: Confirm that all necessary files are attached, including challenge files and solution scripts. This includes checking for appropriate formatting and accessibility.

2.3. Grammar and Clarity Check

  • Proofreading for Quality: Thoroughly proofread all text for grammatical accuracy, clarity, and coherence. The language should be professional and suitable for an educational platform.

  • Consistency in Presentation: Ensure that the presentation of the challenge is consistent in terms of formatting, style, and language use.

2.4. Additional Quality Checks

  • Interactivity and Engagement: Assess challenges for interactivity and participant engagement. Challenges should encourage active problem-solving and hands-on learning.

  • Ethical and Cultural Sensitivity: Review challenges for ethical implications and cultural sensitivity. The content should be inclusive and respectful. Illicit pictures are strictly prohibited.

  • Longevity and Maintenance: Evaluate the challenge for long-term viability, including the lifespan of external links and the maintainability of the challenge environment.

3. Submission and Contact

  • Please ensure the submission of the finalised challenges, complete with their corresponding solution walkthroughs, challenge files, and any additional required information, all within submit for review status on the FifthDomain platform.

  • Following the successful completion of the reviewer's thorough quality assurance, the reviewer will initiate the approval process for publishing the challenge on the platform.

  • Should you encounter any concerns or have enquiries, please don't hesitate to contact FifthDomain via the support chat box. We highly appreciate your proactive communication as we endeavour to ensure a smooth and productive collaboration.

Did this answer your question?