Capture The Flag
Global CyberPeace Challenge 4.0 CTF has two types of contests —
- Information Technology Capture the Flag (IT-CTF).
- Operational Technology Capture the Flag (OT-CTF).
Information Technology Capture the Flag (IT-CTF):
- In this type of CTF a different platform will be provided where participants/teams have to register or login with predefined credentials separately and all the information will be sent to their registered email address.
- Participants/teams will be provided puzzles, programs with security vulnerabilities. There is a Secret key called ‘flag’ embedded with each of the puzzles. Finding the same is proof that participants have solved the particular challenge and by submitting the flag earns the points.
- Flags are chosen to look very distinctive and a special type of formatting that participants can easily recognize that it is the flag.
- Task will be categorised as Cryptographic challenge, Steganographic challenge, Web based, Reverse engineering, Networking, Forensics and others.
- Each problem statement has its own points which depends on the hardness of the problem.
- The marking procedure depends on how many points participants would have earned and how much time they have taken to submit the flags.
Operational Technology Capture the Flag (OT-CTF):
- The registered participants will be given remote VPN access to the OT-CTF platform. They have to log in to the system first as per the credential and specific time slot provided to them by the organisers.
- The system will be a non hardened Industrial Control System (ICS) with the pre configured vulnerabilities.
- The task can be divided as– Participants have to discover the IP range of the OT Network, discover the devices connected to the network and its running protocols. Find the device or devices with vulnerabilities and exploit the system to gain access to the system.
- The infrastructure can be as complex as a real Industrial Control System used to have.
- A Proof of Concept report with proper screenshots needs to be sent with all the information like discovered IP range, connected devices, running protocols, and attack methodology to the organiser to the [email protected] email id. Also mention the tools and if any script is used in the attack methodology.
- The marking procedure depends on discovered IP range, number of devices and protocols, number of compromised devices and also on the time taken to send the Proof of Concept report and its strength.
- CAUTION: The participants need to secure their attacking system first before entering the OT Network. As their System is suspected to be attacked by the other attackers. The organiser will not be responsible for any kind of damage.
During the registration phase, participants will be providing details about themselves.
CTF-IT : Elimination round will be conducted in a 36-hour jeopardy style hackathon virtually, where participants will be provided with a vulnerable simulation and they would be required to identify/capture the flags. Each flag will have predefined points. Teams/Individuals with maximum points will be selected for the next round.
CTF-OT : Teams will be grouped in 8 and a link to the vulnerable system will be provided to the participants, a fixed time duration of 6 hours will be provided to each group to play the CTF. Top 5 teams will proceed for the next round.
CTF-IT : The Grand Finale will be conducted in a 36-hour jeopardy style hackathon, where participants will be provided with a new vulnerable simulation and they would be required to identify/capture the flags. Each flag will have predefined points. Top three teams/individuals with maximum points will be announced winners.
CTF-OT : A new vulnerable system will be created for the finale. A fixed time duration of 8 hours will be provided to the participants to play the CTF. Top 3 teams will be declared as winners based on their performance
Guidelines and Rules for Participation
- All participants must join the slack channel, link to join will be provided on the dashboard.
- Participants are to bring their own laptops and any gadgets or hardware they may require for the competition, organisers will not be responsible for arranging any hardware.
- Participants should provide truthful and authentic information to the organisers while registration.
- Don’t Delete Files or edit Services and ruin the fun for other players.
- Don’t share flags or ask for flags. It’s a competition, do your personal best.
- Don’t register multiple accounts.
- Participants can participate individually or in Teams (max. 3 participants).
- Participants should keep their contact information accurate and up-to-date.
- Don’t generate excessive load. DDOS will not be necessary.
- Any malicious activity against the challenge infrastructure and framework will cause immediate disqualification from the challenge.
- The participant shall not use this contest to do anything unlawful, misleading.
- If any participant is found to have violated the terms & conditions of the contest, the organising team has all the right to disqualify the participant/team without prior notice.
- Jury has all the rights reserved, in case of any conflict, the decision of the jury shall be final.
- The Global CyberPeace Challenge Team reserves the right to change the Terms and Conditions.
- Any inappropriate or insensitive behaviour will not be tolerated and will result in immediate disqualification of the team.