2019 Capture the Flag

Capture the Flag Rules and Point Overview - October 16th, 2019



Since 2013, the Middle TN Cyber Conference has offered an offensive Capture the Flag (CtF) competition to challenge the skills, knowledge, and teamwork of participants.  This year’s competition will encompass a wide range of cybersecurity challenges that are designed to hone your existing skills and knowledge, foster collaboration, and provide an opportunity to learn new security skills. Event organizers will provide all the network equipment – participants must provide their own laptops and preferred security tools. The top three teams or individuals will receive medals and trophies.  

RULES & POINT SCALE:

• Teams must use USB devices provided by event planners to hold keys.  

• Flags are ASCII files (MD5 hash will be on file)  - Move the flags to a safe place and turn your flags in to the judge at the end of the game. If you fail to secure a flag – points are awarded to the team/individual that turns the flag(s) in first. The same rule applies to the camera systems, Wireless Access Point, and other devices. 

POINT SCALE:

You must show the contents of the encrypted files to obtain points for this challenge.

• Hack into event servers and CUT flags from drives: 

• Desktop Flag - 500 points  (3 flags)

• Hidden Flags – 1000 points (15 flags)

• Dump SQL Database and cut from server – 5000 (x2)

• Website Defacement – 2500 points (x2)

• Internet of Things (IoT): 

• Turn light off – 700 points

• Change thermostat setting or turn off – 700 points 

• DVR Cameras – 1000 points – must submit screenshot

• Wireless – Change SSID – 500 points

• IP Camera – 500 points for control or selfie

• SCADA/PLC – Motor On/Off – 5000 points

Attacking other users or equipment – disqualification

DoS attacks will result in disqualification

• 2.5 hour time limit 

Participants cannot go behind event table - disqualification

• Current TCAT students and alumni  (who have setup the CtF) may not participate unless graduation > 2years

Prizes for CtF 

· Trophies and Medals for top three teams/individuals 

Door Prizes will be awarded during the CtF event (You must be present to win)

· 2 GPSs for wireless site surveys used with Vistumbler

· 1 Rubber Ducky devices from Hak5

· 1 WiFi Pineapple from Hak5

· 1 Throwing Star LAN Taps from Hak5

· 1 Keysy RFID Cloners from Hak5

· 10 USBs with PARROT Hacking Tools

- EMSISOFT Licenses - 5 year license (five to give away)


image4