PHD CTF Quals is a selecting competition for the PHD CTF international information security contest.

PHD CTF Quals: December, 10th, 2011 (10 a.m. Moscow time) - December, 11th, 2011 (6 p.m. Moscow time).

Registration period: November, 14-28, 2011.

PHD CTF Quals Participation Requirements

PHD CTF Quals are open for anyone. The participation requirements: preliminary registration, a team of 5 contestants and full observation of the contest rules. The winner will have a right to participate in the PHD CTF in May, 2012.

To register, click the "Participate" button and receive the credentials to access the contestant section that will be available for the contest period.

Description of the contest

During the contest the contestants will have access to a VPN server. Having connected to the VPN server, the contestants will have to rely on themselves to find targets and discover vulnerabilities in them. A successful exploitation of vulnerability allows a contestant to obtain a key (flag) that should be sent to the jury via a special form in the contestant profile. If the flag is correct, the contestant receives a corresponding number of scores.

All flags are in the MD5 format. The maximum number of scores is 100. A contestant that scores over 100 will get a traditional special prize.

The winner is a contestant that scores the highest score. The contestants that the PHD CTF Quals proves the strongest will be invited to the Positive Hack Days CTF 2012 (

Rules for Contestant

1. General permits

At the contest contestants are permitted to:

perform attacks against game servers (IP address range is in order to gain keys (flags);

use tools consistent with the Russian legislation to search for game server vulnerabilities;

gain access to information stored and processed on the game servers as long as it complies with the task rules.

2. General prohibition

At the contest it is prohibited for contestants to:

perform attacks against computers of other contestants;

generate unreasonably huge traffic (flood, DoS);

perform destructive attacks against the game servers (for example, rm -rf /);

delete keys (flags) from the game servers;

perform any illegal actions against Internet resources.

3. Sensitive information processing

Registration for the contest does not require personal data. When accepting the contest terms, a contestant agrees that the information submitted at the registration stage can be used to inform other contestants about the current results of the contest. The information will also be used for gathering and processing statistic data.

4. Monitoring

During the contest all activities within the game infrastructure are monitored. The organizers are entitled to gather and analyze information on contestants' activities.

5. Access guarantee

A constant accessibility to the contest or any of its components is not guaranteed. The game infrastructure of the PHD CTF Quals 2011 is provided AS IS. The contest organizers do not guarantee that the game infrastructure and its components will meet contestants' purposes and expectations; neither do the organizers provide any guarantee of a faultless and consistent operation of the infrastructure. The organizers are not held liable before the contestants for activities performed within the VPN game infrastructure. The organizers do not repair any damage caused to a contestant or to a third party as a result of use or inability to use the game infrastructure of the PHD CTF Quals or any of its components.

__________________________________ __________________________________ __________________________________ __________________________________
Copyright 2011
Positive Technologies