What is a CTF?
A CTF(short for Capture The Flag) is a computer security competition. Contestants are presented with challenges, which test their creativity and technical skills, along with their general problems solving ability. When a problem is solved, it yields a string (the flag), which can be submitted to the scoring server. CTFs are awesome to get started in hacking, and even have world competitions
Who is this for?
Generally, this CTF is meant for all audiences which are interested in learning hacking and computer security.
This CTF is mostly made for people to have fun and learn new things! But at the same time, to increase awareness of vulnerabilities, and teach people to think defensively in terms of computer security.
When is this?
The competition will begin on August 12th at 16:00:00 GMT and end on August 26th at 16:00:00 GMT. Click on the links to see what it would be in your time zone.
Where is this?
This competition is entirely online, and participants can physically play from anywhere.
Is the competition difficult?
Yes, but not too difficult! There are tons of challenges, some of which we expect everyone to be able to solve, and some of which we expect nobody to solve. If the competition is too hard, it won't be fun or educational. If it is too easy, the same applies. Our goal is that most of the challenges are solvable with somewhat little knowledge.
Where can I start learning?
Don't panic! We aren't expecting contestants to be proficient in computer security, but we do reccomend being comfortable with computer programming. As long as contestants are interested, they should be able to learn something and have fun regardless of background.
While this competition will provide you with hints along the way, you can begin learning by reading this GitBook by CAMS CSC. You can also look at other CTF competitions like PicoCTF or try out sample challenges on the Challenges page.
What do i need to compete?
Participating in the competition requires only a computer with a modern web browser, and being able to install applications. Participation from personal laptops is encouraged.
What are the challenges like?
The challenges will fall into one of the following categories: Cryptography, Forensics, Exploitation, Programming, and Miscellaneous.
How do I participate?
Team registration is now open. Click here to register.
Who can participate?
Anyone can participate. However, prizes are restricted to Icelandic residents.
Are there prizes?
Aside from knowledge, there will be prizes awarded to top placing teams.
How are problems scored? (How do we win?)
The competition is split into four stages.
- Stage 1 is meant for participants which don't neccessarily have programming experience, but are good at using a computer.
- Stage 2 is meant for participants which have some programming experience
- Stage 3 is meant for participants which have a strong background in programming
- Stage 4 consists of a diverse set of problems which can range from difficult to (almost) unsolvable
Note that all challenges will be open. Even if you haven't solved anything in stage 1 you'll still be able to view and solve a challenge from stage2.
Each stage contains a list of problems which are each worth a fixed number of points based on its difficulty. When a problem is solved, you send the flag to our scoring server, which adds the problem's points to your team's score. The points for a problem does not change as more teams solve it. Once the competition is over, the team(s) with the highest scores are the winners. We calculate the scores independent of time, but time(sum of time spent solving each problem) will be used as a tie breaker.
Can I cheat?
What is defined as cheating?
Attacking the scoring server, other teams, or machines which are not targets is cheating. This includes breaking into such machines and denying others access to them. Sharing flags or giving overly revealing hints to other teams is cheating, and so is being assisted by people outside the team.
Note that using tools from the internet along with information is fine, but specifically asking people on the internet to help you solve the problem is cheating. We encourage you to solve problems on your own using all available resources, but you should solve them yourselves
Note that we consider all forms of DoS, this includes bruteforcing flags or locations using scripts(a la dirbuster, sqlmap, etc...) cheating unless otherwise specified. In general all tools or scripts that make excessive requests to our services. Problems will generally be set up so that all bruteforcing can happen locally, or remote bruteforcing is kept to a reasonable amount.
How many people can be on a team?
Teams can consist of 1-3 contestants.
Can I create more than 1 team?
No. There is no point in creating multiple accounts. Teams found with duplicated accounts will be disqualified.
How much does this cost?
Does this competition condone hacking?
This of course depends on the definition of hacking. We encourage exploring computer systems, and learning how the computer works - when we say hacking, this is what we mean.
We do not condone hacking in the sense of breaking into machines illegally, stealing personal information, and launching DDoS attacks, this type of hacking is illegal, and we do not encourage it.