Contest Theme and Qualifying Requirements
CTF-USV contest is organized as a CTF (Capture The Flag) competition and consist in solving a number of information security problems the results being uploaded on a dedicated CTF platform where scores will be automatically calculated. Each team will be able to view at any time the accumulated points, the position in the contest, the remaining time, the outcome of other competitors and other relevant information.
Challenges will consist in capturing a number of "flags" at the level of web applications or vulnerable systems.
The “Flags” will be in the form of random and unique strings (hashes) which can be discovered as result of vulnerabilities exploitation of some applications made available for this purpose.
The number of points awarded for each answer/flag is directly proportional with the difficulty level of the challenge.
The CTF platform will be available for a 24 hours interval. The teams will have to solve specific tasks on computer networks and data security issues in a local organized network environment. To validate the results the teams will have to load them on the CTF platform.
The competing teams need to have knowledges on the data networks security and specifically in the following areas:
- Identify and exploit vulnerabilities as they are described in OWASP top 10
- Identification of services and software versions involved in running web applications
- Identification of services and software versions associated with the host operating system
- Identification of vulnerabilities associated with each of the previously identified services or software versions
- Identification of public exploits being connected with existing vulnerabilities on services or specific software version running on the CTF machine
The contestants will be allowed to use any tool that can help them in solving the challenges, without affecting the functionality or availability of the systems hosting the CTF platform or related infrastructure. More details on contest rules will be posted in a timely manner on the CTF online platform.
The competitors will have access to the necessary equipment and a dedicated communication network. Compliance of some basic rules is absolutely necessary under penalty of immediate disqualification:
- denial of CTF service/servers
- not justified attacks or intrusions
- actions outside of the contest defined environment
The results will be evaluated by jury who will provide a classification based on quantizable criteria. Prizes will be awarded to the best teams. The provided solutions will be publicly presented by the winners.