2019 Capture the Flag

Capture the Flag Rules and Point Overview - October 16th, 2019

Registration is still open; however, the CtF is full.  

You are welcome to register for day one and attend day two to watch the CtF.

Since 2013, the Middle TN Cyber Conference has offered an offensive Capture the Flag (CtF) competition to challenge the skills, knowledge, and teamwork of participants.  This year’s competition will encompass a wide range of cybersecurity challenges that are designed to hone your existing skills and knowledge, foster collaboration, and provide an opportunity to learn new security skills. Event organizers will provide all the network equipment – participants must provide their own laptops and preferred security tools. The top three teams or individuals will receive medals and trophies.  


• Teams must use USB devices provided by event planners to hold keys.  

• Flags are ASCII files (MD5 hash will be on file)  - Move the flags to a safe place and turn your flags in to the judge at the end of the game. If you fail to secure a flag – points are awarded to the team/individual that turns the flag(s) in first. The same rule applies to the camera systems, Wireless Access Point, and other devices. 


You must show the contents of the encrypted files to obtain points for this challenge.

• Hack into event servers and CUT flags from drives: 

• Desktop Flag - 500 points  (3 flags)

• Hidden Flags – 1000 points (24 flags)

• Dump SQL Database and cut from server – 5000 (x3)

• Website Defacement – 2500 points (x3)

• Internet of Things (IoT): 

• Turn light off – 700 points

• Change thermostat setting or turn off – 700 points 

• DVR Cameras – 1000 points – must submit screenshot

• Wireless – Change SSID – 500 points

• IP Camera – 500 points for control or selfie

• SCADA/PLC – Motor On/Off – 5000 points

Attacking other users or equipment – disqualification

DoS attacks will result in disqualification

• 2.5 hour time limit 

Participants cannot go behind event table - disqualification

• Current TCAT students and alumni  (who have setup the CtF) may not participate 

unless graduation > 2 years

Prizes for CtF 

· Trophies and Medals for top three teams/individuals 

Door Prizes will be awarded during the CtF event (You must be present to win)

· 2 GPSs for wireless site surveys used with Vistumbler

· 1 Rubber Ducky devices from Hak5

· 1 WiFi Pineapple from Hak5

· 1 Throwing Star LAN Taps from Hak5

· 1 Keysy RFID Cloners from Hak5

· 10 USBs with PARROT Hacking Tools

· 1 Kali Linux: Comprehensive Beginners Guide

· Red Team Field Manual

· HyperFIDO Mini U2F Security Key

· Biorec Security Fingerprint USB Military Grade

- EMSISOFT Licenses - 5 year license (five to give away)



A special thank you goes to the students and faculty at the Tennessee College of Applied Technology Shelbyville and Murfreesboro for designing and running the Capture the Flag (CtF) competition. It should be noted that the students of these two schools designed, built, and run all technical aspects of the CtF!


The Middle Tennessee Cyber Conference proudly supports the Governor’s Investment in Vocational Education (GIVE) Initiative.