Fri, 04 Dec. 2015, 18:00 UTC — Sat, 05 Dec. 2015, 18:00 UTC
A UCSB iCTF event.
Official URL: http://ictf.cs.ucsb.edu/
The theme of the 2015 iCTF is “crowdsourcing evil” also known as "making bad".
In order to participate to the iCTF, each team has to write a vulnerable service.
The service must follow precise specifications (a document describing the service specs and an example of a service will follow).
The service will then be put in the vulnerable image and will become part of the competition.
Of course, the team who created the service will not be able to score against that service, but all the others are fair game.
The service can be web-based or use a stdin/stdout-over-[x]inetd style.
One important question is: How difficult should the vulnerability in the service be?
If the vulnerability is too easy (i.e., too many teams will be able to break into the service) your team will be penalized.
If the vulnerability is too difficult (i.e., not enough teams will be able to break the service) your team will also be penalized.
Of course, finding the right balance is difficult, and that’s why it’s a challenge!
So, during the iCTF you can imagine that the services will be ordered by the number of teams that exploited the service.
This order is then used as an index in a statistical distribution to determine service points.
The service points are then composed with more traditional points (attack points, defense points, and SLA points) to copmute the final score.
Be the best at finding the right balance in vulnerability complexity and you will gain an edge over the other teams!
Note that some things are different this time around:
1) We will not run your exploits on your behalf, like we did the past few years
2) All interaction with the iCTF will be through a Python module.
After you execute "pip install ictf" you will be able to register and provide your credentials/services/matadata through functions from the ictf module.
Note that the services are due on November 20th (of course, you need to register before that date as well).
If you have not provided a service by then, you will NOT participate in the iCTF.
Also please consider the fact that your team's service will be shared with all the other teams.
If your service is lame, you will be mocked forever.
If your service is cool, you will be celebrate as the elite team you are.
Note that the competition is open only to teams from educational institutions.
We will require a faculty POC who will be responsible for the ethical behavior of the team.
We will run a lot of your code during service installation, so please try to be nice and avoid trying to hack the platform ;-)
More details about service creation will follow. In the meanwhile, start thinking about the service you want to submit to enter the competition.
35 teams total
|Place||Team||CTF points||Rating points|
|9||Delusions of Grandeur||19.960||13.099|
|11||Tower of Hanoi||16.840||10.952|
|14||THOR - Talented Hacking Oblivious Robots||9.340||6.810|
|30||Ulm Security Sparrows||1.060||1.656|
The correct date and time of this CTF should be 18:00 UTC on Dec. 4th, 2015.
If you're confused on the time: http://www.timeanddate.com/worldclock/fixedtime.html?msg=iCTF&iso=20151204T10&p1=1050&ah=23&am=55
Uhhh only one team from the TOP10: http://vpn.ictf2015.net/ ... Looks like everybody will be at HITCON? :)
gg well played.
where the link of registering
@Anas: this is an online attack-defense CTF for university teams, the registration deadline was about a week ago.
Weight 35 looks too much for a CTF which the top teams essentially had to skip.
Also last minute change of the competiton length (from 24 to 8 hours) did not help either. The 24 hours length was one of our main reason not to compete...
Weight 35 for a CTF which was only open to "educational institutions", seriously ?