Terms of Engagement

NeonHat CTF Platform Last updated: April 21, 2026 by: Wadoud & Ramy

1. Agreement to These Terms

By accessing or using NeonHat — including creating an account, participating in challenges, submitting content, or interacting with any part of the platform — you agree to be bound by these Terms of Engagement ("Terms").

If you do not agree, do not use the platform.

These Terms constitute a legally binding agreement between you ("User", "you") and the NeonHat team ("NeonHat", "we", "us"). We reserve the right to update these Terms at any time. Continued use after changes take effect constitutes acceptance.

2. Eligibility

You may use NeonHat only if:

You are at least 16 years of age
You are not prohibited from using the service under the laws of your jurisdiction
You have not been previously suspended or banned from NeonHat
You provide accurate and truthful information during registration

By registering, you represent and warrant that all of the above conditions are met.

3. Account Responsibilities

3.1 Account Security

You are solely responsible for:

Maintaining the confidentiality of your credentials
All activity that occurs under your account
Logging out from shared devices

If you suspect unauthorized access to your account, you must notify us immediately at security@neonhat.io.

3.2 Account Integrity

You agree not to:

Create multiple accounts to circumvent bans, gain unfair advantages, or manipulate rankings
Share your account credentials with any other person
Use automated bots, scripts, or tools to create accounts
Impersonate any person, team, or organization
Use a username that is offensive, misleading, or violates third-party rights

We reserve the right to suspend or permanently ban accounts that violate these rules, at our sole discretion and without prior notice.

4. Authorized Use and the Hacking Boundary

This section is critical. Read it carefully.

NeonHat operates an intentionally vulnerable environment for educational purposes. The challenges on this platform are designed to be exploited — within the limits defined here.

4.1 What You Are Authorized to Do

You are authorized to:

Attempt to solve any challenge listed in the NeonHat Arena or Neon-Gym Learning Path through legitimate hacking techniques within the challenge's sandbox environment
Interact with Docker containers spawned specifically for your challenge session
Submit flags found through your own work on the challenge environment
Read writeups and hints made available through the platform's unlocking mechanism
Submit your own CTF challenges for admin review through the official submission system

4.2 What You Are Strictly Forbidden from Doing

The following actions are prohibited regardless of technical capability or intent:

Attacking, probing, or interfering with NeonHat's own infrastructure — including its API servers, databases, authentication systems, backend services, or any system not explicitly designated as a challenge target
Attempting to access, read, modify, or delete data belonging to other users
Attempting to bypass the authentication system, JWT validation, or session management of the platform itself
Exploiting vulnerabilities in the NeonHat platform (as opposed to challenge environments) for unauthorized access — if you find a vulnerability, report it (see section 9)
Intercepting or tampering with network traffic between users and the platform
Launching denial-of-service attacks against the platform or its infrastructure
Attempting to gain access to the Cloudinary storage, MongoDB cluster, or any other third-party service used by NeonHat outside the scope of a challenge
Sharing, publishing, or distributing flags, full solutions, or writeups for active (non-retired) challenges in any public forum — this ruins the experience for other users
Using challenge environments to attack third-party systems outside the platform
Running cryptocurrency miners, botnets, or other resource-abusing software inside Docker challenge containers

Violating these boundaries — even "just to see if it works" — is not ethical hacking. It is unauthorized access and may constitute a criminal offense under applicable law (including the Computer Fraud and Abuse Act, the Computer Misuse Act, or equivalent legislation in your jurisdiction).

4.3 The Good Faith Principle

If you accidentally stumble upon a vulnerability in NeonHat's own infrastructure while solving a challenge, you are expected to:

Stop immediately — do not exploit it further
Document what you found
Report it to security@neonhat.io within 24 hours

Acting in good faith will be recognized. Exploiting it will result in a permanent ban and potential legal action.

5. Content Standards

5.1 Challenge Submissions

When you submit a CTF challenge for review, you warrant that:

You are the original author of the challenge content, or have explicit rights to submit it
The challenge does not infringe on any copyright, trademark, patent, or other intellectual property rights
The challenge does not contain malware, backdoors, or content designed to harm users or our infrastructure beyond the intended challenge mechanics
The flag is original and not duplicated from any existing published CTF challenge
The challenge description and materials are accurate and do not contain deliberately misleading information designed to deceive admins during review

We reserve the right to reject, modify, or remove any submitted challenge at our sole discretion.

5.2 Usernames, Bios, and Profile Content

All profile content must:

Be free from hate speech, harassment, discrimination, or threats
Not impersonate real people or organizations
Not contain sexually explicit, violent, or otherwise inappropriate content
Not include personal information of third parties without consent

6. Intellectual Property

6.1 NeonHat's Property

The NeonHat platform — including its design, code, graphics, challenge content created by our team, brand assets, and all associated intellectual property — is owned by NeonHat and protected by applicable intellectual property laws. You may not copy, reproduce, distribute, or create derivative works without our explicit written permission.

6.2 User-Submitted Challenges

When you submit a challenge that is accepted and published on NeonHat, you grant us a non-exclusive, royalty-free, worldwide license to host, display, and make that challenge available to platform users. You retain authorship credit and ownership of your original content.

If your account is deleted, accepted and published challenges may remain on the platform under anonymized authorship unless you have explicitly requested removal.

6.3 Feedback

If you provide feedback, suggestions, or bug reports, you agree that we may use this information freely to improve the platform without compensation or attribution.

7. Points, Rankings, and Rewards

7.1 No Monetary Value

Points, levels, badges, and rankings on NeonHat have no monetary value and cannot be exchanged for cash, cryptocurrency, goods, or services unless we explicitly announce otherwise in writing.

7.2 Leaderboard Integrity

We reserve the right to:

Adjust, reset, or remove points from accounts found to be cheating, exploiting bugs, or manipulating rankings
Remove accounts from the leaderboard without notice if fair play violations are detected
Retroactively disqualify submissions found to have been obtained through unauthorized means

7.3 Cheating

Cheating includes but is not limited to:

Submitting flags obtained from public writeups without solving the challenge yourself
Sharing flags with other users during an active challenge period
Exploiting bugs in the scoring or submission system to gain unearned points
Collaborating with others on solo challenges where collaboration is prohibited

8. Termination and Suspension

We may suspend or permanently terminate your account at any time, with or without notice, for:

Violation of any section of these Terms
Conduct that we determine, in our sole discretion, is harmful to the platform, its users, or third parties
Extended inactivity (we will attempt to notify you before deleting inactive accounts)
Legal requirements or law enforcement requests

Upon termination, your right to access the platform ceases immediately. Sections of these Terms that by their nature should survive termination (including sections 4, 6, 8, 10, and 11) will remain in effect.

You may also delete your own account at any time from Dashboard → Configuration → Account → Danger Zone.

9. Responsible Disclosure

We take platform security seriously. If you discover a security vulnerability in NeonHat's own infrastructure (not a challenge environment):

Do report it to security@neonhat.io with a clear description and reproduction steps
Do not publicly disclose it before giving us reasonable time (30 days) to address it
Do not exploit it beyond what is necessary to confirm the vulnerability exists
Do not access, exfiltrate, or destroy data that does not belong to you

We commit to acknowledging reports within 72 hours and working in good faith with researchers who follow this policy. We do not currently offer a monetary bug bounty, but responsible reporters will be credited publicly (with their consent) and may receive platform recognition.

10. Disclaimers and Limitation of Liability

10.1 Platform Provided "As Is"

NeonHat is provided "as is" and "as available" without warranties of any kind, express or implied. We do not warrant that:

The platform will be uninterrupted, error-free, or secure at all times
Challenge content is free from inaccuracies or will remain available indefinitely
The platform will meet your specific expectations or requirements

10.2 Limitation of Liability

To the maximum extent permitted by applicable law, NeonHat and its developers shall not be liable for:

Any indirect, incidental, special, consequential, or punitive damages
Loss of data, points, progress, or account access
Damages resulting from unauthorized access to your account by third parties
Any harm resulting from your interaction with challenge environments or third-party content

Our total liability to you for any claim arising from your use of the platform shall not exceed the amount you have paid us (if any) in the past 12 months. Since NeonHat is currently a free platform, this limit is zero.

10.3 Third-Party Content

Challenges submitted by community users are their own work. We review submissions before publishing but do not guarantee their accuracy, safety, or appropriateness. We are not liable for harm arising from community-created content.

11. Governing Law and Disputes

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which NeonHat operates, without regard to conflict of law principles.

Any dispute arising from these Terms or your use of the platform that cannot be resolved informally shall be subject to the exclusive jurisdiction of the competent courts in that jurisdiction.

We encourage you to contact us at support@neonhat.io before pursuing any formal legal action — most issues can be resolved through direct communication.

12. Changes to These Terms

We reserve the right to modify these Terms at any time. When we make material changes, we will:

Update the "Last updated" date at the top of this document
Notify registered users via the platform's in-app notification system

Your continued use of NeonHat after changes take effect constitutes your acceptance of the revised Terms. If you do not agree with the changes, you must stop using the platform and may delete your account.

13. Contact

For questions about these Terms:

General inquiries: support@neonhat.io Security reports: security@neonhat.io Privacy concerns: privacy@neonhat.io

NeonHat — Hack the platform, not the planet.

Terms of Engagement

NeonHat CTF Platform Last updated: April 21, 2026 by: Wadoud & Ramy

1. Agreement to These Terms

If you do not agree, do not use the platform.

2. Eligibility

You may use NeonHat only if:

You are at least 16 years of age
You are not prohibited from using the service under the laws of your jurisdiction
You have not been previously suspended or banned from NeonHat
You provide accurate and truthful information during registration

By registering, you represent and warrant that all of the above conditions are met.

3. Account Responsibilities

3.1 Account Security

You are solely responsible for:

Maintaining the confidentiality of your credentials
All activity that occurs under your account
Logging out from shared devices

If you suspect unauthorized access to your account, you must notify us immediately at security@neonhat.io.

3.2 Account Integrity

You agree not to:

Create multiple accounts to circumvent bans, gain unfair advantages, or manipulate rankings
Share your account credentials with any other person
Use automated bots, scripts, or tools to create accounts
Impersonate any person, team, or organization
Use a username that is offensive, misleading, or violates third-party rights

We reserve the right to suspend or permanently ban accounts that violate these rules, at our sole discretion and without prior notice.

4. Authorized Use and the Hacking Boundary

This section is critical. Read it carefully.

NeonHat operates an intentionally vulnerable environment for educational purposes. The challenges on this platform are designed to be exploited — within the limits defined here.

4.1 What You Are Authorized to Do

You are authorized to:

Attempt to solve any challenge listed in the NeonHat Arena or Neon-Gym Learning Path through legitimate hacking techniques within the challenge's sandbox environment
Interact with Docker containers spawned specifically for your challenge session
Submit flags found through your own work on the challenge environment
Read writeups and hints made available through the platform's unlocking mechanism
Submit your own CTF challenges for admin review through the official submission system

4.2 What You Are Strictly Forbidden from Doing

The following actions are prohibited regardless of technical capability or intent:

Attacking, probing, or interfering with NeonHat's own infrastructure — including its API servers, databases, authentication systems, backend services, or any system not explicitly designated as a challenge target
Attempting to access, read, modify, or delete data belonging to other users
Attempting to bypass the authentication system, JWT validation, or session management of the platform itself
Exploiting vulnerabilities in the NeonHat platform (as opposed to challenge environments) for unauthorized access — if you find a vulnerability, report it (see section 9)
Intercepting or tampering with network traffic between users and the platform
Launching denial-of-service attacks against the platform or its infrastructure
Attempting to gain access to the Cloudinary storage, MongoDB cluster, or any other third-party service used by NeonHat outside the scope of a challenge
Sharing, publishing, or distributing flags, full solutions, or writeups for active (non-retired) challenges in any public forum — this ruins the experience for other users
Using challenge environments to attack third-party systems outside the platform
Running cryptocurrency miners, botnets, or other resource-abusing software inside Docker challenge containers

4.3 The Good Faith Principle

If you accidentally stumble upon a vulnerability in NeonHat's own infrastructure while solving a challenge, you are expected to:

Stop immediately — do not exploit it further
Document what you found
Report it to security@neonhat.io within 24 hours

Acting in good faith will be recognized. Exploiting it will result in a permanent ban and potential legal action.

5. Content Standards

5.1 Challenge Submissions

When you submit a CTF challenge for review, you warrant that:

You are the original author of the challenge content, or have explicit rights to submit it
The challenge does not infringe on any copyright, trademark, patent, or other intellectual property rights
The challenge does not contain malware, backdoors, or content designed to harm users or our infrastructure beyond the intended challenge mechanics
The flag is original and not duplicated from any existing published CTF challenge
The challenge description and materials are accurate and do not contain deliberately misleading information designed to deceive admins during review

We reserve the right to reject, modify, or remove any submitted challenge at our sole discretion.

5.2 Usernames, Bios, and Profile Content

All profile content must:

Be free from hate speech, harassment, discrimination, or threats
Not impersonate real people or organizations
Not contain sexually explicit, violent, or otherwise inappropriate content
Not include personal information of third parties without consent

6. Intellectual Property

6.1 NeonHat's Property

6.2 User-Submitted Challenges

If your account is deleted, accepted and published challenges may remain on the platform under anonymized authorship unless you have explicitly requested removal.

6.3 Feedback

If you provide feedback, suggestions, or bug reports, you agree that we may use this information freely to improve the platform without compensation or attribution.

7. Points, Rankings, and Rewards

7.1 No Monetary Value

Points, levels, badges, and rankings on NeonHat have no monetary value and cannot be exchanged for cash, cryptocurrency, goods, or services unless we explicitly announce otherwise in writing.

7.2 Leaderboard Integrity

We reserve the right to:

Adjust, reset, or remove points from accounts found to be cheating, exploiting bugs, or manipulating rankings
Remove accounts from the leaderboard without notice if fair play violations are detected
Retroactively disqualify submissions found to have been obtained through unauthorized means

7.3 Cheating

Cheating includes but is not limited to:

Submitting flags obtained from public writeups without solving the challenge yourself
Sharing flags with other users during an active challenge period
Exploiting bugs in the scoring or submission system to gain unearned points
Collaborating with others on solo challenges where collaboration is prohibited

8. Termination and Suspension

We may suspend or permanently terminate your account at any time, with or without notice, for:

Violation of any section of these Terms
Conduct that we determine, in our sole discretion, is harmful to the platform, its users, or third parties
Extended inactivity (we will attempt to notify you before deleting inactive accounts)
Legal requirements or law enforcement requests

You may also delete your own account at any time from Dashboard → Configuration → Account → Danger Zone.

9. Responsible Disclosure

We take platform security seriously. If you discover a security vulnerability in NeonHat's own infrastructure (not a challenge environment):

Do report it to security@neonhat.io with a clear description and reproduction steps
Do not publicly disclose it before giving us reasonable time (30 days) to address it
Do not exploit it beyond what is necessary to confirm the vulnerability exists
Do not access, exfiltrate, or destroy data that does not belong to you

10. Disclaimers and Limitation of Liability

10.1 Platform Provided "As Is"

NeonHat is provided "as is" and "as available" without warranties of any kind, express or implied. We do not warrant that:

The platform will be uninterrupted, error-free, or secure at all times
Challenge content is free from inaccuracies or will remain available indefinitely
The platform will meet your specific expectations or requirements

10.2 Limitation of Liability

To the maximum extent permitted by applicable law, NeonHat and its developers shall not be liable for:

Any indirect, incidental, special, consequential, or punitive damages
Loss of data, points, progress, or account access
Damages resulting from unauthorized access to your account by third parties
Any harm resulting from your interaction with challenge environments or third-party content

10.3 Third-Party Content

11. Governing Law and Disputes

These Terms shall be governed by and construed in accordance with the laws of the jurisdiction in which NeonHat operates, without regard to conflict of law principles.

Any dispute arising from these Terms or your use of the platform that cannot be resolved informally shall be subject to the exclusive jurisdiction of the competent courts in that jurisdiction.

We encourage you to contact us at support@neonhat.io before pursuing any formal legal action — most issues can be resolved through direct communication.

12. Changes to These Terms

We reserve the right to modify these Terms at any time. When we make material changes, we will:

Update the "Last updated" date at the top of this document
Notify registered users via the platform's in-app notification system

13. Contact

For questions about these Terms:

General inquiries: support@neonhat.io Security reports: security@neonhat.io Privacy concerns: privacy@neonhat.io

NeonHat — Hack the platform, not the planet.