JD-HITB2018 Beijing CTF + Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and 2nd of November alongside the first-ever HITB Security Conference in Beijing!
The competition is co-organized by XCTF League and HITB and will be a mixed-style CTF competition, that includes both Jeopardy style challenges and an attack & defense service segment for teams to play with. Accepted teams must either be invited or qualified based on previous XCTF League or CTFTIME ranking.
The contest is hosted on-site utilizing the CP-OJ and CP-AD Contest Platform developed by Cyber Peace Technology, China. Challenges are authored by blue-lotus CTF Team – the initiator of XCTF International League, as well as some hackers from The Order of the Overflow (New Lords of DEFCON CTF), PPP (one of the greatest CTF Teams on the planet), and of course the HITB CTF Crew.
For the on-site game, we have a capacity for 30 teams (no more than 4 players per team). 18 teams have already pre-qualified through qualification contests and 6 international teams have been pre-invited according to the ranking list of CTFTIME 2018.
The game will run for 30 hours over the 2 days of the conference (1st & 2nd November starting at 09:00 BJT and ending at 18:00 BJT on Day 1 and restarting on Day 2 at 09:00 BJT and ends at 17:00 BJT). This includes both a one-hour lunch break and hardware hacking break. The onsite contest will be hosted in the FREE TO ACCESS CommSec area of the conference. You do not need to be a paid conference delegate in order to compete.
The XCTF Finals 2018 will be an AD-style contest against several AD Services together with some Jeopardy Challenges, running in parallel, thus the teams need to decide how to allocate their time and resources in solving the different challenges.
For the Jeopardy-style portion, there will be multiple categories including reverse engineering, pwnable, artificial intelligent (AI) hacking, hardware hacking, web penetration, crypto, forensic analysis, network analysis and more! The more challenges you beat, the more points you get. Points for each challenge will be dynamically calculated according to the number of teams who manage to solve it. Higher difficulty challenges with fewer teams that have solved it will carry more points, so teams should choose a strategy that optimizes for high returns.
For the AD-style contest, we will employ similar rules as used at DEFCON CTF 2018 Finals – it will not be “zero-sum” scoring rule, but “cumulative” scoring rule.
The final score takes into account these factors:
Note: There is no “SLA” or “uptime” score.
The organizer will not permit you to run broken services. To facilitate this, we have taken control of all service machines and will manage them for you.
You will submit your patches for evaluation by the organizer. If your patch does not pass functionality tests, it will not be deployed. If your patch somehow fails functionality tests after deployment, it will be reverted.
The organizer frowns upon automated defenses. Most services will severely limit the files that can be patched, and the number of bytes that can be changed. Plan accordingly.
The winners of the following events have automatically pre-qualified for the finals
The TOP 17 teams from the 4th XCTF ranking have also pre-qualified for the finals
We’re looking to host an additional 12 CTF teams, please send a registration email with your team name to firstname.lastname@example.org . We will approve the registered teams and send out invitations. Please send us the following details:
We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to a few simple rules: