Difference between revisions of "Front Range OWASP Conference 2013/CTF"

From OWASP
Jump to: navigation, search
(Initial stub with some starter content. This needs review and content additions)
 
m (Whitespace correction)
Line 1: Line 1:
 
SnowFROC 2013 is proud to present a homegrown capture the flag (CTF) hacking competition. Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.
 
SnowFROC 2013 is proud to present a homegrown capture the flag (CTF) hacking competition. Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.
 
  
 
==Rules==
 
==Rules==

Revision as of 14:40, 12 March 2013

SnowFROC 2013 is proud to present a homegrown capture the flag (CTF) hacking competition. Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.

Contents

Rules

All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

Format

Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:


Acceptable behavior

Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:

  • No attacking the scoreboard. Misuse will result in punitive action.
  • No targeting the VM. Do not mount the VM and harvest flags from within.
  • No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
  • No collusion. Work only within your own team.

Prizes

Anyone who worked on the project or has access project repositories are ineligible to win prizes.

Prizes will be awarded to:

(1) The team with the most points;
(2) The team who completed the story first (or, as a tiebreaker, the team with the most plot-specific points);
(3-6) The team who took the shortest amount of time to complete Acts I-IV;
(7) The person who solved the hardest challenge (worth the most points);
(8) The person who solved the most challenges (raw number);
(9) The person who scored the most points (total sum);


Getting Started

Content acquisition

Installation instructions

Registration instructions

Gameplay instructions