Boxing Day
Hosted on UnstopFetched about 19 hours ago
Friday, March 13, 2026
to Sunday, March 22, 2026
•
1 week long
Engineering StudentsPostgraduateUndergraduateArts, Commerce, Sciences & Others
Event Type
in person
14
Participants
₹35,000
Prize Pool
1
Est. Projects
Organizers
About the Event:
Boxing Day is a 4-hour offline Attack-Defense CTF competition organized in collaboration with NJACK Cybersecurity, IIT Patna.
The event is held under the flagship of and sponsored by the Information Security Education and Awareness (ISEA) initiative.
The competition tests participants’ cybersecurity skills, including vulnerability exploitation, defensive patching, and system protection in a competitive environment.
Event Structure:
The competition consists of two stages:
Round 1 – Online Qualifiers
Open to all registered participants.
Designed to test the basic cybersecurity knowledge and skills of participants.
Round 2 – Offline Finals
The top 20 participants from the qualifiers will be invited to IIT Patna for the final round.
Participants will compete in a live attack-defense cybersecurity challenge.
Final Round Details:
Format: Offline Attack-Defense CTF
Duration: 4 hours
Location: IIT Patna Campus
Participants must exploit vulnerabilities in opponents’ systems while simultaneously defending and patching their own systems.
Prize Pool:
Total Rewards: ₹35,000
First Prize: ₹20,000
Second Prize: ₹10,000
Third Prize: ₹5,000
Round 1 Rules:
The online qualifier will be conducted through a timed Microsoft Form.
Maximum duration: 1 hour
The round can be attempted anytime before 20 March, 11:59 PM.
The form will contain 5 basic cybersecurity challenges.
Challenge files will be shared directly within the form.
Participants solving the highest number of challenges in the least time will qualify.
Only the top 20 participants will advance to the offline final at IIT Patna.
Round 2 Rules:
Finalists must be physically present at the IIT Patna campus on 22 March afternoon.
Participants will compete in a 4-hour attack-defense challenge.
Points are awarded for capturing flags from opponents’ services and maintaining their own service availability.
Points will be deducted if a participant’s service goes down or is successfully exploited.
Participants may patch vulnerabilities as long as the service remains functional.
Breaking a service during patching will lead to loss of SLA points.
Participants must bring their own laptops with necessary tools pre-installed.
Only authorized network traffic is allowed.
Unauthorized scanning of the campus network is strictly prohibited.
Use of Large Language Models and CLI-based AI tools may be restricted and monitored.
Rules and Guidelines:
Participants must register on both Unstop and the ISEA Portal to be eligible for prizes.
Any form of Denial of Service (DoS/DDoS) attack against the competition infrastructure or other participants will lead to immediate disqualification.
Sharing flags, write-ups, or hints during the competition is strictly prohibited.
Accommodation at IIT Patna may be provided for the night of 22 March upon request.
Winners may be required to submit a walkthrough or write-up explaining their exploits.
The decisions of the NJACK Cybersecurity team will be final and binding.