The ICO is designed for students in grades 7 through 12 and first and second-year undergraduates. The
course and the exam will be the same for all students.

The International Cybersecurity Olympiad (ICO) is a premier global competition that brings together the world’s most talented young cybersecurity professionals. ICO challenges participants in various cybersecurity domains through Capture The Flag (CTF) competitions, including both Attack-style and Defence-style formats. The 2026 edition will be held in Sydney, Australia from June 27 to July 2, 2026.

The India national selection consists of 3 rounds: Round 1 (National Online Qualification, open to all eligible students), Round 2 (Online Advanced Round, top 10% participants), Round 3 (Interview of Top 8 Students ) out of wich 4 selected for Final Round.

Round 1: April 12th, 2026 (National Online Qualification). Round 2: April 19, 2026 (Offline). Round 3: April 19, 2026 (Offline Interview). All dates are subject to change, and participants will be notified of any updates through official channels.

The competition covers multiple cybersecurity domains including: Cryptography (encryption, decryption, cryptanalysis), Web Security (vulnerabilities, SQL injection, XSS, authentication bypass), Digital Forensics (file analysis, memory dumps, network packet analysis), Binary Exploitation (buffer overflows, ROP chains, format string vulnerabilities), and Reverse Engineering (binary analysis, malware analysis, code decompilation). The competition uses CTF (Capture The Flag) format with both Attack-style and Defence-style challenges.

In Attack-style CTF, participants solve individual challenges across different categories (Jeopardy-style) to find flags and earn points. Defence-style CTF involves teams receiving identical server environments with vulnerabilities – teams must exploit other teams’ servers to capture flags while defending their own systems. This format emphasizes both offensive skills and defensive strategies, requiring teamwork and quick decision-making.

The final national team will consist of 4 members selected from the top 8 candidates who reach Round 3 (Offline Interviews). The selection committee evaluates technical expertise, problem-solving approach, teamwork capabilities, and commitment to determine the final team composition.

For online rounds, participants need a computer with reliable internet connection, a modern web browser, and the ability to run common security tools (which may be provided or can be downloaded). For offline rounds (Round 3 and 4), participants should bring their own laptops with administrative privileges. Specific technical requirements will be communicated to qualified participants before each round.

We employ multiple anti-cheating measures including: proctored examinations for offline rounds with human supervision, plagiarism detection systems to identify copied solutions, network monitoring and activity tracking, strict rules prohibiting collaboration during individual rounds, and comprehensive code/answer analysis. Violations result in immediate disqualification.

Selected team members will participate in an intensive national training program covering all competition domains, team coordination strategies, and advanced techniques. The training program is designed to prepare the team for ICO 2026 in Sydney, Australia. Training includes both theoretical knowledge and hands-on practice sessions with experienced mentors and cybersecurity professionals.

ICO 2026 in Sydney, Australia (June 27 – July 2, 2026) will feature CTF competitions in both Attack-style (Jeopardy format with individual challenges) and Defence-style (team-based Attack & Defence format) formats. Teams compete against other national teams from around the world in a controlled, secure environment. The competition tests practical cybersecurity skills in realistic scenarios.

We recommend: practicing on CTF platforms (picoCTF, HackTheBox, TryHackMe, OverTheWire), studying cybersecurity fundamentals (networking, operating systems, programming), learning about the competition domains (cryptography, web security, forensics, binary exploitation, reverse engineering), participating in online cybersecurity competitions, studying past CTF challenges and writeups, and reviewing our Training & Preparation page for additional resources and recommendations.

For Round 1 and Round 2 (online rounds), the format may allow the use of online resources, tools, and references, similar to an open-book examination. However, collaboration with other participants, sharing solutions, or receiving external help is strictly prohibited. Specific rules for each round will be communicated to participants before the competition begins.

Knowledge of Python is highly recommended, as it’s widely used in cybersecurity for scripting, automation, and tool development. Familiarity with C/C++ is valuable for binary exploitation and reverse engineering. Understanding of JavaScript, PHP, and SQL is beneficial for web security challenges. Bash scripting is also useful. However, the competition primarily tests security concepts rather than programming language expertise alone.

Scoring varies by round: Online rounds typically use points-based systems where harder challenges award more points. The top performers by total points advance to the next round. Round 3 (Offline Proctored) combines challenge performance with proctored assessment. Round 4 (Interviews) evaluates technical knowledge, problem-solving approach, communication skills, teamwork, and commitment. The committee uses comprehensive evaluation criteria to select the final 5 team members.

Details regarding travel arrangements and accommodation for offline rounds (Round 2 and Round 3) will be communicated to qualified participants. The selection committee will provide information about locations, logistics, and any support available. 

Results will be communicated through official channels including this website, email notifications to registered participants, and official announcements. Participants should regularly check the website for updates. Qualified participants for offline rounds will receive detailed instructions via email regarding dates, locations, and requirements.

es, prior experience in other cybersecurity competitions (CTF competitions, cybersecurity challenges, etc.) is actually beneficial and encouraged. Previous experience demonstrates interest and can help in preparation. All eligible students, regardless of their competition history, are welcome to participate in the selection process.

Linux (especially Kali Linux, Ubuntu, or Parrot OS) is highly recommended as most cybersecurity tools are designed for Linux environments. Windows and macOS are also acceptable, but participants should be familiar with Linux command line and tools. For offline rounds, participants may be required to use specific environments or virtual machines provided by the organizers.

In case of ties, the selection committee uses tiebreaker criteria which may include: time to complete challenges (faster solutions rank higher), number of challenges solved, performance on specific high-value challenges, or additional evaluation criteria. The committee reserves the right to use comprehensive evaluation methods to fairly resolve ties and select the best candidates.