This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Front Range OWASP Conference 2013/CTF"
Mark Major (talk | contribs) |
Mark Major (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | ==Capture the Flag== | + | ==Capture the Flag Overview== |
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter. | Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter. | ||
Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins. | Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins. | ||
| + | |||
| + | <!-- Basic plot intro, other background information? --> | ||
| + | |||
==Rules== | ==Rules== | ||
| Line 13: | Line 16: | ||
* A virtual machine player such as [http://www.vmware.com/products/player/ VMware Player] or [https://www.virtualbox.org/wiki/Downloads VirtualBox]. | * A virtual machine player such as [http://www.vmware.com/products/player/ VMware Player] or [https://www.virtualbox.org/wiki/Downloads VirtualBox]. | ||
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], and [[OWASP_Mantra_OS|Mantra OS]] will fit in well). | * Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], and [[OWASP_Mantra_OS|Mantra OS]] will fit in well). | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===Acceptable behavior=== | ===Acceptable behavior=== | ||
| Line 29: | Line 25: | ||
===Prizes=== | ===Prizes=== | ||
| − | Anyone who worked on the project or has access project repositories are ineligible to win prizes. | + | Small prizes will be awarded to winners. People Anyone who worked on the project or who has access project-related repositories are ineligible to win prizes. |
| + | |||
| + | Team prizes will be awarded to: | ||
| + | * The team with the most points; | ||
| + | * The team who completed the story first (or, as a tiebreaker, the team with the most plot-specific points); | ||
| + | * The team who took the shortest amount of time to complete Acts I-IV; | ||
| − | + | Individual prizes will be awarded to: | |
| − | + | * The person who solved the hardest challenge (worth the most points); | |
| − | + | * The person who solved the most challenges (raw number); | |
| − | + | * The person who scored the most points (total sum); | |
| − | |||
| − | |||
| − | |||
| Line 43: | Line 41: | ||
===Content acquisition=== | ===Content acquisition=== | ||
<!-- Where to download the competitor VM as well as VM players, etc.. --> | <!-- Where to download the competitor VM as well as VM players, etc.. --> | ||
| + | This information will be released closer to the day of the event. | ||
===Installation instructions=== | ===Installation instructions=== | ||
<!-- How to install the competitor VM, including VM players, etc.. --> | <!-- How to install the competitor VM, including VM players, etc.. --> | ||
| + | Coming soon. | ||
===Registration instructions=== | ===Registration instructions=== | ||
<!-- Registration/scoreboard location; team sizes and naming conventions; etc. --> | <!-- Registration/scoreboard location; team sizes and naming conventions; etc. --> | ||
| + | Coming soon. | ||
===Gameplay instructions=== | ===Gameplay instructions=== | ||
<!-- How to use the scoreboard; where to get help; etc. --> | <!-- How to use the scoreboard; where to get help; etc. --> | ||
| − | + | Coming soon. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 20:02, 12 March 2013
Capture the Flag Overview
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.
Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.
Rules
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.
Format
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.
All contestant machines should have:
- A virtual machine player such as VMware Player or VirtualBox.
- Appropriate penetration testing tool (BackTrack, SamuraiWTF, and Mantra OS will fit in well).
Acceptable behavior
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
- No attacking the scoreboard. Misuse will result in punitive action.
- No targeting the VM. Do not mount the VM and harvest flags from within.
- No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
- No collusion. Work only within your own team.
Prizes
Small prizes will be awarded to winners. People Anyone who worked on the project or who has access project-related repositories are ineligible to win prizes.
Team prizes will be awarded to:
- The team with the most points;
- The team who completed the story first (or, as a tiebreaker, the team with the most plot-specific points);
- The team who took the shortest amount of time to complete Acts I-IV;
Individual prizes will be awarded to:
- The person who solved the hardest challenge (worth the most points);
- The person who solved the most challenges (raw number);
- The person who scored the most points (total sum);
Getting Started
Content acquisition
This information will be released closer to the day of the event.
Installation instructions
Coming soon.
Registration instructions
Coming soon.
Gameplay instructions
Coming soon.
