schedule
schedule
home cfp register sg_program sg_speakers sg_training sponsorship download archive travel about contact
Archive > 2010 > Singapore > CTF

Overview

Capture the Flag (CTF) is an very exciting form of cyber wargaming that would pit the skills of cyber security ethusiasts against one another. Besides all the fun and excitement, CTF can serves as a realistic introduction to what cyber warfare is all about for cyber security professionals.

In CTF, the objective is to score as many points as possible by successfully defending one's cyber infrastructure against attacks and to successfully attacks others - cyber infrastructure.

Each team will consist of up to 3 players. There will be 1 attacker and 2 defenders in each team.

Every team will be provided with an exact cyber infrastructure setup. Assets can include any number of systems running fully configured services. Examples include:

  1. Primary and Secondary DNS servers
  2. E-commerce site with separate database server
  3. Active directory with separate exchange server
  4. PBX server and VoIP SIP phones
  5. Wireless access point
  6. Layer 3 firewall

The configurations of the infrastructure will include numerous vulnerable services. Participants with reverse engineering and exploitation skills will have an advantage over participants without.

Besides the cyber infrastructure, each team will bring along 3 laptop computers to serve as consoles for launching their vicious attacks or putting up their strong defences. Internet access will be provided.

Team Performance

The Team Defenders will act as systems administrators who are responsible for defending the critical assets in the environment. Defenders will be scored based on their ability to:

  1. Defend Assets:
    1. Keep critical systems up (can they be ping'd)
    2. Keep critical services up (is the port open)
    3. Maintain integrity of critical services (service integrity check aka Flag)
  2. Respond to 'injects' - specific tasks that will be emailed to them and require a response/action within a specific amount of time

Each team will also have one attacker who will be responsible for attacking other Team's assets. Attackers will be scored on their ability to:

  1. Corrupt the flags of other teams
  2. Obtain execute privileges on the other Teams' systems

Scoring

All teams start with 0 points. Points are deducted from a team for failing to defend assets, system compromises, corrupted flags, and incomplete injects, and points are added to teams which can successfully attack other teams' systems. The team with the highest score wins.

Rules

  1. No flooding or DDos of any kind
  2. No physical contact between players
  3. No harassment, threats, duels of any kind
  4. Have fun and learn
  5. Rules and infrastructure are subject to change without notice
  6. The ruling of Exercise Control is final in all cases
  7. No one is responsible for any real or perceived damage, insult or hurt feelings.

Prizes

First Prize will be S$10,000 in cash.

Registration

The registration fee for each team is S$300. Registration will close on 28th May 2010.

© Copyright, 2014, SyScan