RU | EN

PARTNERS AND SPONSORS 2011

 

 

 

 

CTF Rules

At the beginning of the game the teams get identical servers with preinstalled set of vulnerable services. The aim of the contestants is to detect vulnerabilities, fix them on their servers and exploit them to obtain sensitive information (capture the flags) of competitor teams.

The game process is continuously monitored by the jury's supervising system, which regularly changes the state of the game infrastructure, adds new flags and vulnerabilities to team servers, and checks the state of the previously added flags and the functioning of vulnerable services.

The PHD CTF contest organizers prepare in advance a limited number of vulnerable services, which perform specific functions and already contain some vulnerabilities. The contestants deal with the systems of two types: open (contestants have privileges to access a system on the level of operating system) and closed (contestants have access only via network - a black box principle). Within the specified network segment, any participant of Positive Hack Days CTF may try themselves in exploiting real vulnerabilities and contend for extra prizes (beyond the general CTF contest).

General Rules

Each team should consist of 5 members including a captain (the latter is compulsory).

Teams use their own computers (e.g., laptops).

Points are given for:

sending flags, captured from services of competitor teams;

sending flags, captured from services of the shared segment of network infrastructure (the black-box);

preventing access to a team's own flags by fixing vulnerabilities on provided servers and not affecting the functions performed by the vulnerable services.

Points are withdrawn for:

affecting availability of a team's own services;

affecting the functions performed by the vulnerable services.

General Permissions

During the game, teams are allowed to:

use not more than 15 computers and network devices not lower than the second level of the ISO OSI protocol stack;

add any changes to the provided servers unless it is not explicitly prohibited by the jury;

conduct attacks against competitor teams' servers to capture flags;

conduct attacks against servers of the shared segment of the game infrastructure to capture flags.

General Prohibitions

During the game, teams are not allowed to:

conduct attacks against the computers of the jury;

filter traffic to any CTF resources (e.g., by IP-addresses);

generate unreasonably large amounts of traffic (Flood);

conduct destructive attacks against competitor teams' servers (e.g., rm -rf /);

deliberately affect normal functioning of services, including competitor teams' services and services of the shared game infrastructure;

remove flags from provided servers, from competitor teams' servers and servers of the shared game infrastructure;

perform the above-mentioned actions on behalf of competitor teams.

Work of the Jury

The jury can specify the rules at any point before the game begins.

The jury can penalize/disqualify a team for violation of the rules.

The jury determines the winner on the basis of collected points.

__________________________________ __________________________________ __________________________________ __________________________________
Copyright 2011
Positive Technologies