During the competition, changes in the system can be made that can lead to additional vulnerabilities to competitors’ services. Competitors’ goal is to detect the vulnerabilities, eliminate them in their servers and do not break the server operation. Competitors also should use similar vulnerabilities on competitors’ servers to capture flags.
Teams earn points by:
- Make your own services to be available all time;
- Send messages about vulnerabilities and elimination methods (advisories) – the jury estimates notification completeness and proof of concept code (POC);
- Send flags captured in competitors’ services;
- Eliminate vulnerabilities on the servers without any damage to service performance;
- Additional tasks;
And by special jury solution.
The jury continuously watches the competition, and from time to time add new flags and vulnerabilities to competitors’ servers, and also watch previously added flags and vulnerable services execution. Moreover, the system takes captured flags and recommendations how to eliminate detected vulnerabilities and ways how to use them (advisories).
There are several servers for every team infrastructure that have a number of predefined vulnerabilities.
RusCrypto CTF 2010 legend
America, 3rd decade of 21st century. The country is divided into corporations and franchisees spheres of influence. You are a young specialist from Russia who works as a trainee in franchisee \”Pizza Cosa Nostra\” 3569. Your task is to guarantee systematic pizza delivery under trying conditions of permanent attacks from competitors. Network infrastructure and security does not strike you. But uncle Enzo says: \”Orders should come; pizza should be baked and delivered, at any price. And if something happens with competitors… Well, sometime best defense is offense.\”
RusCrypto CTF 2010 winners
CTF competition results are as follows:
3rd place with 336 points was awarded to Bushwhackers from Lomonosov Moscow State University.
Bushwhackers was also awarded as \”World Wide Web Protectors\”.
4th place with 323 points was awarded to SiBears from Tomsk State University.
SiBears was also awarded as \”Best Pentesters\”, \”World Wide Web Protectors\” and as \”Best Bureaucracies\” by jury special opinion.
6th place with 33 points was awarded to Huge Ego Team from MIFI University, Moscow.
You can find details here: http://www.ptsecurity.ru/download/PT-Ruscrypto-CTF2010-EN.pdf