It is difficult to give a complete set of rules of CTF game.
Aim of this game is not to find out the best. True professionals are
incomparable. The main goal is to share experience and knowlege in
the field of computer security. Nevertheless, the luckiest team
will become a winner :)
Destructive attacks (like "rm -rf /"), as well as DoS attacks
with a great amount of garbage traffic contradict with the spirit
of the game.
Be ready for any oerating system and any programming
language. You're professionals, aren't you?
Definitions
Team
A group of people, consisting of 1-7 players. One of them is captain.
Service
A vulnerable application written for the game.
Flag
String that matches regex: /^=[_a-zA-Z0-9\+\-\/\\]{63}$/.
Schedule
11:00:00 - Teams are given an encrypted VMWare image of game server.
11:59:59 - The decryption key is available for teams.
12:00:00 - Game starts. Teams' networks are not yet connected with
each other. Jury doesn't check the services yet.
13:00:00 - Routing between teams is enabled, jury starts to check
the services.
22:00:00 - Game is over. Teams's networks are disconnected from
each other.
Team is given points for
* correct work of their services;
* capturing flags from others teams' services;
* sending advisories, which contain description of
vulnerability, patch and exploit;
* solving quests;
* jury's special descision.
Teams are prohibited to:
* attack check system and servers of jury;
* filter (by IP or in any other way) other teams;
* generate large amount of network traffic;
* run DoS attacks with large amount of network traffic;
* run destructive attacks (e.g., "rm -rf /").
Permissions
Teams may use any amount of computers and network
equipment (not higher than 2nd OSI level).
Teams may patch vulnerabilities in ther services or block
exploitation of vulnerabilities.
Teams may change topology of their sub-networks.
Each team member will be given one computer for the time of the game
(if it is necessary).
Each team will be given a router and administrator's account on it.
* may specify rules more precisely at any moment before the game starts;
* may penalize/disqualify team for rules violation;
* determines the winner. Descision is based on teams' earned points.
Exceptions
Teams should meet jury's decisions in critical situations,
which may not have been listed here, with understanding.
Still organizers and jury do their best to steer clear of such.