How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Monday, January 20, 2014

PHDays CTF Quals Rules

There is not much time left until PHDays IV CTF Quals, and it's time to reveal the rules and game mechanics.


First of all, the new mechanics are all meant to bring some additional fun to CTF. The game is balanced in such a way that you receive most of the points (more than 90%) for solving the tasks. So you still have to be the best hackers to make it to the top.

However, for those who wish to get the full game experience, we prepared the Quest part of the contest: basically, you will have to find some information on the Internet and submit it to the jury system by answering some questions. The Quest legend continues the storyline featured at PHDays III CTF Finals. You will play as the members of the GOLEM task force, investigating the Detcelfer incident.

Solving the Quest does not directly affect your CTF rating position. However, you will have to pass at least some of the Quest challenges. Here is how it works. The Quest consists of several questions you have to answer. Each answered question will give you some cluepoints. You can spend cluepoints to open a new task for your team. Tasks are just normal CTF tasks which you probably got used to. The number of cluepoints that you should spend to open a task depends on task difficulty, each answered question will give you enough cluepoints to open up to 2 tasks.

Solving a task brings you points (the exact amount also depends on task difficulty), which directly affect your rating position.

The maximum number of cluepoints you can get in the Quest is much bigger than the number needed to open all tasks. So you can get additional points by answering more questions. Moreover, if you complete the Quest (i.e. answer all questions), you will get a bonus (in points). Of course, the game is balanced in a way that opening and solving a task will bring you much more profit than just selling cluepoints. On the other hand, you may choose not to open tasks that you probably won't solve.

Here are some numbers to illustrate the game balance:

  • Reward for solving a task: 1000–4000 points
  • Maximum possible profit for selling all cluepoints (without opening any tasks): 6000 points
  • Price of opening all tasks: 50% of all cluepoints
  • Reward for completing the Quest: 5000 points

We added the Quest as an experiment, so we tried to make it easy-to-solve. We just hope this will help you get involved in the legend and have more fun from the CTF process. Anyway, your feedback is highly appreciated!



General Points

Teams that scored the largest number of points qualify for the Finals. During the qualifying stage, each team may include any number of participants.

During the game, the teams are prohibited from:

  • Generating unreasonably high volume of traffic threatening the game infrastructure (of the jury or other teams)
  • Conducting attacks outside the game network
  • Attacking the jury’s computers
  • Conducting destructive attacks against the task servers (such as rm-rf/)
  • Performing the above actions in the guise of a rival team
  • Exploiting vulnerabilities of the jury's system to gain undeserved points

A team may be penalized or disqualified for a foul.

Note
The jury reserves the right to modify the rules at any time before the game begins.

PHDays CTF Quals will be held on January 25 and 26, 2014. Teams that demonstrate the best results will advance to the finals to compete against the female team SecurityFirst from Soonchunhyang University of Asan, South Korea, which won the CTF contest held during Power of Community in Seoul.

To plunge into the hacking contests of CTF Quals, you just need to build a team and register. So do it!

No comments:

Post a Comment