Contest Theme and Qualifying Requirements
CTF-USV contest is organized as a CTF (Capture The Flag) competition and consist in solving a number of information security problems the results being uploaded on a dedicated CTF platform where scores will be automatically calculated. Each team will be able to view at any time the accumulated points, the position in the contest, the remaining time, the outcome of other competitors and other relevant information.
Challenges will consist in 10 questions covering the field of information security at which the contestants will try to answer followed by the action of capturing 5 "flags" at the level of web applications or vulnerable systems. To validate the results the teams will have to load them on the CTF platform.
The “Flags” will be in the form of random and unique strings (hashes) which can be discovered as result of vulnerabilities exploitation of some applications made available for this purpose.
The number of points awarded for each answer/flag is directly proportional with the difficulty level of the challenge.
The qualifying exercises and the CTF platform will be available for a 24 hours interval, during which each team should solve them. The top 10 teams that receive the highest score in descending order will qualify for the next stage, namely the on-site stage of the contest. In the event that there are teams with the same score, the secondary selection criteria will be the time interval spent for solving the challenges.
The competing teams need to have knowledges on the data networks security and specifically in the following areas:
- Identify and exploit vulnerabilities as they are described in OWASP top 10
- Identification of services and software versions involved in running web applications
- Identification of services and software versions associated with the host operating system
- Identification of vulnerabilities associated with each of the previously identified services or software versions
- Identification of public exploits being connected with existing vulnerabilities on services or specific software version running on the CTF machine
The contestants will be allowed to use any tool that can help them in solving the challenges, without affecting the functionality or availability of the systems hosting the CTF platform or related infrastructure. More details on contest rules will be posted in a timely manner on the CTF online platform.
The final contest will be held on-site, by Suceava University. The qualified teams will have to solve specific tasks on computer networks and data security issues in a local organized network environment.
The competitors will have access to the necessary equipment and a dedicated communication network. Compliance of some basic rules is absolutely necessary under penalty of immediate disqualification:
- denial of CTF service/servers
- not justified attacks or intrusions
- actions outside of the contest defined environment
The results will be evaluated by jury who will provide a classification based on quantizable criteria. Prizes will be awarded to the best teams. The provided solutions will be publically presented by the winners.