HITB .edu Capture The Flag Contest

What: Jeopardy Style Capture the Flag Competition for .edu hackers and ninjas

When: November 27th & 28th

Where: Onsite at HITB2018DXB @ Grand Hyatt

Who: Teams with to 2-3 players per team

REGISTRATION IS FULL!

SEE YOU GUYS ON THE 27TH MORNING AT 0900 FOR BRIEFING 


Registration

To register your team for the Capture the Flag competition, please send a registration email with your team name to ctfinfo@hackinthebox.org Please send us the following details:

Team Name + Country of origin

Team Leaders Name/Handle + Email Address

Team Members Names/Handle + Email Address


Registered Teams

  1. TBA (American University of Sharjah [UAE])
  2. TODO:WIN (BITS Pilani Dubai Campus [UAE])
  3. DeadPackets (American University of Sharjah [UAE])
  4. Cartel (BITS Pilani Dubai Campus [UAE])
  5. Nexo (BITS Pilani Dubai Campus [UAE])
  6. Cr@ck3rs (Khalifa University [UAE])
  7. Ninjas (Heriot Watt University [UAE])
  8. Project of SSZ (Abu Dhabi Polytechnic [UAE])
  9. A.M.S Team (Abu Dhabi Polytechnic [UAE])
  10. 3MA (Abu Dhabi Polytechnic [UAE])
  11. AD Hackers (Abu Dhabi Polytechnic [UAE])
  12. Polytechnic Abu Dhabi A  (Abu Dhabi Polytechnic [UAE])
  13. H.A.A Team (Abu Dhabi Polytechnic [UAE])
  14. CrackForce (Abu Dhabi Polytechnic [UAE])
  15. S.A.M Team (Abu Dhabi Polytechnic [UAE])
  16. Project G/netic (Abu Dhabi Polytechnic [UAE])
  17. Snipers (Abu Dhabi Polytechnic [UAE])
  18. Security Noobs (Abu Dhabi Polytechnic [UAE])
  19. Y.A.S. (Abu Dhabi Polytechnic [UAE])
  20. ADP3 (Abu Dhabi Polytechnic [UAE])
  21. HD (NYU Abu Dhabi [UAE])
  22. nFlag (NYU Abu Dhabi [UAE])

Overview

This is a jeopardy-style Capture The Flag (CTF) contest for .edu proudly created by students for students.

The CTF will include multiple categories of challenges, including: reverse engineering, web penetration, crypto, forensics, network analysis, and more. Students complete tasks as quickly as possible, gaining points for each successful task based on its difficulty level. Task completion is tracked in real time. The team which with the highest points gain victory over the rest!

This CTF is hosted on-site with open source CTF framework and platform. Challenges are designed by students from Singapore (UAE students who want to help, please get in touch with us) and coordinated by the HITB Malaysia and Netherlands CTF Crew.

There will be a max capacity of 22 teams, with each team consists of 2 or 3 players. The CTF will run over two days of the conference on 27th and 28th of November 2018, starting from 10:00 GST to 18:00 GST on Day 1 and resume on Day 2 at 09:00 GST to 16:30 GST. The onsite contest will be hosted in the FREE TO ACCESS exhibition area of the conference and is hosted in the same area as the professional CTF).  You do not need to be a paid conference delegate in order to compete.

Jeopardy-Style CTF with a Twist

The .edu CTF game will feature attack-oriented and defense-oriented style challenges, followed with a short presentation from each team at the end of game.

Game Day 1 will comprise of Attack-Oriented Challenges

  • Exploitation, web exploitation, binary, etc

Game Day 2 will test your analysis and defensive knowledge

  • Forensic, network traffic analysis, cryptography, etc

To reap a more exciting CTF experience and to foster knowledge sharing, the top 3 teams of each day will have an option to present about how they solved the challenges to win bonus points*. A total of 30 minutes preparation time will be allocated to the teams for them to prepare their presentation slides. The presentation will commerce immediately at the same venue as the competition. Each team will only be allocated 10 minutes of presentation time and are free to choose any of the challenges they wish to present. The judges will score each teams based on the understanding of the problem, creativity in solving challenges and presentation skills.

Rules

We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to a few simple rules:

  • Open to all FULL TIME STUDENTS (post grad students, please apply for .pro CTF)
  • Show up on time or you’ll miss the briefingTeams are prohibited from physically touching or accessing any of the CTF infrastructure
  • Attacking the competition infrastructure, network or any infrastructure(s) that is/are outside of the specified IPs is strictly prohibited.
  • No off-the-shelf automated scanning tools such as Nessus, OpenVAS etc. You learn nothing for being lame and we may kick you out for jamming the network.
  • BE FAIR and FRIENDLY. Absolutely no sabotaging of other competing teams, or in any way hindering their independent progress.
  • Strictly no Denial-Of-Service attack, ARP poisoning, MiTM attacks, brute-forcing the flag, attacking on other team’s devices to steal the flag etc.
  • If there is/are any bugs or vulns are found, please alert the competition organizers immediately and we will reward you accordingly ?
  • All participants must obey to PIT STOP calls. PIT STOP calls are rest intervals where all the players must leave the CTF area to facilitate for the CTF Crew to perform maintenance work. Teams who don’t adhere to the rules will be penalized or disqualified from the competition.
  • The crew possess the rights to remove any team that is deemed to be breaking any of the rules
  • The crew possess the rights to deduct points from the teams if he/she believes that the flag / point is obtained via methods which breaks one/more of the rules i.e. flag sharing, exploiting the scoreboards, brute forcing the flag etc.
  • If there are any questions on the do’s and don’ts, please consult the .edu CTF crew / GameMaster before proceeding. Otherwise, let’s have fun!

At all times, the decision of the HITB Crew is final on any matter in question.

Scoring

The more challenges you solve, the more points you get.  Higher difficulty challenges carry more points. At the end of the competition, the team with highest points will be named as the winner. In the case whereby two different teams end in a tie, the fastest team will be declared as the champion. As such, teams are advised to submit flags as soon as they obtain them.

What to bring

  • Student ID’s (for registration)
  • Laptops
  • Network cables
  • Extra power sockets / power gangs.
  • (optional) 4G Router for your own dedicated Internet access

Prizes

1st Place – USD1000

2nd Place – USD500

3rd Place – USD250