CF Challenge

crowdfense challenge

YOUR CHANCE TO WIN A FULLY PAID TRIP TO HITBSECCONF2023 PHUKET!

Hack Your Way to HITBSecConf2023 - Phuket!

Do you like online challenges and CTFs? Well here’s your chance to win a fully paid trip to HITBSecConf2023 – Phuket!

Be one of the first to complete any of the 3 challenges below that offer a range of attractive prizes from full access to HITBSecConf2023 – Phuket (a normal priced conf ticket is USD1199), all the way to an all expenses paid trip to come hack on the beaches of Phuket! Imagine 3 fun filled days spent chatting, and chilling with some of the coolest hackers and pwnstars on the planet!

You say you know kungf00? Show us!

Contest runs from 1st July – 21st July

CHAIN REACTION

The goal of this challenge is not only to test your ability to exploit these vulnerabilities but also your skills in chaining exploits. Chain two public exploits for Google Chrome and Windows 11. 

Prizes for the best submissions:

  • USD500 cash

ROOT RUSH

Your objective is to discover and exploit a kernel vulnerability on a provided custom-built Android image and escalate privileges. 

Prizes for the best submissions:

  • 1 x HITB2023HKT conference ticket
  • 1 x hotel stay for 2 nights 3 days

SANDBOX BREAKER

Your task is to exploit Remote Code Execution and sandbox escape vulnerabilities in a provided version of Chrome, all via a single crafted webpage.

Prizes for the best submissions:

  • 1 x HITB2023HKT conference ticket
  • 1 x hotel stay for 2 nights 3 days
  • 1 x economy flight ticket (terms and conditions apply)

REGISTRATION

The link to the VMs and downloadable images will be sent to you via email, so please do not fill in a fake email address 😉

EVALUATION CRITERIA

RELIABILITY

Exploit will be run 10 times. For each successful run:

7 points will be awarded per run  (max 70 points)

 

TIME

If your submission is be made before July 7, 12 AM (UTC):

15 points will be awarded.

If your submission is received after July 15, 12 AM (UTC):

10 points will be awarded

REPORTING

Participants who will provide a detailed write up will receive points even if they did not finish the exploit.

A maximum of 15 points will be awarded