About the competition

The CTF-USV (“Capture The Flag” – Suceava University) contest is intending to mobilize the energies of universities students, their knowledge and abilities on hacking informations systems and applications in an controlled and challenging environment.

The main objective of this competitional event is to encourage students to develop their skills, to train and exercise both intellectual and practical abilities in Information Security field - as future specialists.

Students from academic institutions are invited to participate in the second International Students Contest in Information Security, CTF-USV. The contest, organized as a CTF competition (Capture The Flag), is based on solving various challenges by exploiting weaknesses and vulnerabilities of web applications and operating systems in a limited time interval and inside a controlled data communication environment.

Download the Invitation Letter (.pdf)

Download the Contest Poster (.pdf)

Download the Program Time Schedule (.pdf, Coming Soon)

See the 2016 Contest Final Ranking (.pdf, 170k)

Registration

On-line registration of each team is necessary. The competitors have to be enrolled as undergraduate or master level students in an accredited university. 

A maximum 4 members per team is permitted. One of the team members will act as team leader. A faculty staff member will register the participants and certify the team affiliation. Out of nominal registration each team will upload a registration form signed by an academic staff mentor.

DEADLINES, 2017
Registration: October, 16-20
On-line Qualification: October, 26-27
On-site Contest: November, 23-25
Registered Teams

The Contest

Contest Theme and Qualifying Requirements

CTF-USV contest is organized as a CTF (Capture The Flag) competition and consist in solving a number of information security problems the results being uploaded on a dedicated CTF platform where scores will be automatically calculated. Each team will be able to view at any time the accumulated points, the position in the contest, the remaining time, the outcome of other competitors and other relevant information.

Challenges will consist in 10 questions covering the field of information security at which the contestants will try to answer followed by the action of capturing 5 "flags" at the level of web applications or vulnerable systems. To validate the results the teams will have to load them on the CTF platform.

The “Flags” will be in the form of random and unique strings (hashes) which can be discovered as result of vulnerabilities exploitation of some applications made available for this purpose.
The number of points awarded for each answer/flag is directly proportional with the difficulty level of the challenge.

The qualifying exercises and the CTF platform will be available for a 24 hours interval, during which each team should solve them. The top 10 teams that receive the highest score in descending order will qualify for the next stage, namely the on-site stage of the contest. In the event that there are teams with the same score, the secondary selection criteria will be the time interval spent for solving the challenges.

The competing teams need to have knowledges on the data networks security and specifically in the following areas:
  • Identify and exploit vulnerabilities as they are described in OWASP top 10
  • Identification of services and software versions involved in running web applications
  • Identification of services and software versions associated with the host operating system
  • Identification of vulnerabilities associated with each of the previously identified services or software versions
  • Identification of public exploits being connected with existing vulnerabilities on services or specific software version running on the CTF machine
The contestants will be allowed to use any tool that can help them in solving the challenges, without affecting the functionality or availability of the systems hosting the CTF platform or related infrastructure. More details on contest rules will be posted in a timely manner on the CTF online platform.

The final contest will be held on-site, by Suceava University. The qualified teams will have to solve specific tasks on computer networks and data security issues in a local organized network environment. 

The competitors will have access to the necessary equipment and a dedicated communication network. Compliance of some basic rules is absolutely necessary under penalty of immediate disqualification:

  • denial of CTF service/servers
  • not justified attacks or intrusions
  • actions outside of the contest defined environment

Awarding

The results will be evaluated by jury who will provide a classification based on quantizable criteria. Prizes will be awarded to the best teams. The provided solutions will be publically presented by the winners.

CTF USV 2016 Opening Ceremony Photo Album

CTF-USV 2016 Opening Ceremony

CTF USV 2016 Team Members Photo Album

CTF-USV 2016 Team Members

CTF USV 2016 Awarding Ceremony Photo Album

CTF-USV 2016 Awarding Ceremony

Time Schedule

The CTF-USV contest has an on-line qualification phase followed by an on-site, hands-on final stage. Teams of maximum 4 students having a Faculty member as mentor or coach can participate.

Online Registration: October, 16-20

On-line Qualification: October 2017, 26-27
The CTF platform will be available for a 24 hours interval, respectively starting on October 26 at 18:00 EET and ending on October 27 at 18:00 EET
CTF-USV 2017, Qualifications Ranking Table (.pdf)

On-site Contest: November 2017, 24-25

Main contact: ctf@usv.ro

CTF-USV 2017 Committee Coordinator:
Alin Potorac, Professor, PhD.

alin.potorac@usv.ro / +40-741-221402

About the organizers

Suceava University is a public university located in north-east area of Romania. A local tradition in organizing computer and IT contests for students was developed in the past years.

Safetech Innovations is the only dedicated Cybersecurity company on Romanian market which offers a complete range of security services and combined with being a value-added security solutions implementer and integrator, and also the operator of an accredited CERT, which operates 24/7. STI CERT (SAFETECH COMPUTER EMERGENCY RESPONSE TEAM) is a private CERT/CSIRT, owned and operated by Safetech Innovations, to provide its clients in the public and private sectors, continuous monitoring of cybersecurity threats and intervention in case of security incidents. Also, Safetech is the first company in Central Europe and one of four in the world certified company HID Global as "Certified Implementation Partner" and the only company working exclusively in information security from Romania, accredited by Check Point as Check Point's Certified Collaborative Support Provider (CCSP).

ASSIST Software Romania specializes in outsourcing software development projects. Based in Eastern Europe, we are operating in a challenging economy that creates a fertile environment for Information Technology and business outsourcing. Our team has a solid and proven track record, delivering high quality and timely services. Founded in 1992, ASSIST Software is present on the international market as a supplier of innovative solutions, adding business value through technology implementation at a professional level. Focusing our activities toward developing complex software products, ASSIST Software provides consistent results in emerging fields such as mobile and web-based custom business applications, e-commerce, e-payment, e-security, e-health and enterprise & resource planning, entertainment and gaming industry.