[builds-list] [Fwd: [ctf-participants] iCTF 2015 on December 4th-5th (24 hours)]

Manuel Egele megele at bu.edu
Fri Oct 9 20:30:02 EDT 2015

Hi Builds,

I guess you got this one too. We should sync up re. designing challenges
and form teams that include the interested folks from ec521.


-------- Forwarded Message --------
From: Giovanni Vigna <vigna at cs.ucsb.edu>
To: ctf-participants at lists.cs.ucsb.edu participants
<ctf-participants at lists.cs.ucsb.edu>
Cc: CTF administration list <ctf-admin at lists.cs.ucsb.edu>
Subject: [ctf-participants] iCTF 2015 on December 4th-5th (24 hours)
Date: Fri, 9 Oct 2015 17:21:02 -0700

Dear iCTF players,

	This year's iCTF is scheduled for Friday, December 4th, 2015 from 10am to Saturday, December 5th, 2015 at 10am (24 hours).
(The other deadline is November 20th, 2015, see below)

The theme of the 2015 iCTF is “crowdsourcing evil,” also known as "making bad,” also known as “we are too lazy to write our own services".
This means that in order to participate to the iCTF, each team has to write a vulnerable service. 
The service must follow well-defined specifications (a document describing the service specs and an example of a service will follow). 
The service will then be put in the vulnerable image and will become part of the competition. 
Of course, the team who created the service will not be able to score against that service, but all the others are fair game.
The service can be web-based or use a stdin/stdout-over-[x]inetd style.

One important question is: How difficult should the vulnerability in the service be?
If the vulnerability is too easy (i.e., too many teams will be able to break into the service) your team will be penalized.
If the vulnerability is too difficult (i.e., not enough teams will be able to break the service) your team will also be penalized.
Of course, finding the right balance is difficult, and that’s why it’s a challenge!
So, during the iCTF the services will be ordered by the number of teams that exploited a service.
This order is then used as an index in a statistical distribution to determine service points.
The service points are then composed with more traditional points (attack points, defense points, and SLA points) to copmute the final score.

Be the best at finding the right balance in vulnerability complexity and you will gain an edge over the other teams!

Note that some things are different this time around, and we will not run your exploits on your behalf, like we did the past few years.

Note that the services are due on November 20th (of course, you need to register before that date as well).
If you have not provided a service by then, you will NOT participate in the iCTF.

Also please consider the fact that your team's service will be shared with all the other teams.
If your service is lame, you will be mocked forever.
If your service is cool, you will be celebrate as the elite team you are.

Note that the competition is open only to teams from educational institutions. 
We will require a faculty POC who will be responsible for the ethical behavior of the team.
We will run a lot of your code during service installation, so please try to be nice and avoid trying to hack the platform ;-)

More details about service creation will follow. In the meanwhile, start thinking about the service you want to submit to enter the competition.

Have fun!


	Giovanni Vigna and the iCTF organizers (Antonio, Aravind, Chris, Eric, Fish, Jacopo, Kevin, Nilo, Yan, Yanick)
ctf-participants mailing list
ctf-participants at lists.cs.ucsb.edu

More information about the Builds-list mailing list