Rules and Short Introduction

What is a CTF?

A Capture The Flag (CTF) competition is about solving cybersecurity challenges and earning point from each of them. Each challenge is carefully designed to teach you about cybersecurity issues. It could be misconfigurations, bad practice, pure coding - in general, it resembles all the things that can go wrong. Rather than just reading about these issues, the challenges are created for you to actually exploit and hack them. Thus, by actively performing the attacks, the knowledge is hopefully easier to remember in the future.

Challenges

This CTF follows the Jeopardy format. It means that challenges will have different categories and points. For each challenge your team solve, you will be awarded with points. As a rule of thumb: the more points, the harder the challenge. E.g. given two challegenges from the WEB category valued at 200 and 500 points, then the 200 points might be easier to solve. That might not always be the case, as difficulty can be hard to estimate.

Unless otherwise noted, you are not required to solve the 200 points, before solving the 500 points. Challenges are independent and isolated from each other.

Flag format

Whenever you have solved a challenge, you will be rewarded of a flag. That flag is integrated into the challenge and could for instance be a file named 'flag.txt' that you are able to read. Flags will always start with the CTF{ prefix, then have a random, human-readable string and then finally end with }. An example of such a flag is:

CTF{Th1s-c0U1d-b3-y0uR-V3ry-F1r3t-fl4g!}

Tools

For some challenges you might need another tool to help you solve it. The following tools and applications might be helpful to you. Further tools and descriptions are availble on the tools page.

• Cyber Chef - good for playing with different formats, encodings and manipulations
• WireShark - analysis of pcap and network traffic
• Postman - a tool for creating manual HTTP requests
• shell.wep.dk - a tool for receiving and interacting with reverse shells