ATIS 2014 Capture-The-Flag Contest



Introduction
Capture-The-Flag, short for CTF, is a popular means of contest for IT security professionals to gain hands-on experience in an interesting and intensive manner. This year, ATIS conference organizers are hosting a free CTF contest which is open to all conference participants. Most of the challenge questions are designed to be solvable in minutes if the appropriate tools are used with a good strategy. 

Date and Venue
The contest is scheduled on November 26 and 27. You may use your own computers or laptop to participate. 


Objectives
This CTF challenge attempts to achieve the following objectives:
  • To bridge the gap between research students and industry professionals in the area of hands-on practicality skills
  • To increase awareness of the importance of hands-on security skills
  • To motivate the participants to use industry standard platforms, tools, and techniques
  • To solve well-defined and interesting CTF challenges
  • To provide a mutual channel to connect both IT Security Industry professionals and research academics
Recommended Tools
Highly recommended platform -- Kali / Backtrack Linux Any additional package or tools which are necessary to solve the challenge will be indicated as hints during the contest. 


Registration
Participation is free Please express your interest of participation by emailing to atisctf@gmail.com with the following information:
  • Names of (up to 4) team members (the names will be kept confidential).
  • Team name for contest (will be visible on scoreboard).
  • Email address (will be kept confidential)
  • Affiliations of each team member (will be kept confidential).
  • Indication of captaincy who shall be a university student.
We will email you the login details at least 48 hours prior to the contest. 

Winners

Top achievers will be rewarded by conference organisers and will be noticed by industry partners 

IRC

An Internet-Relay-Chat will be available for all contestants to participate in, and will foster discussion and questions related to the challenges to active game admins. The chat will be monitored 24/7 and will not tolerate sharing of flags or ideas. Hints may be distributed via the IRC. The channel details and address will be revealed shortly.

Challenge Categories
QR Code As mobile technology increases, malicious uses for QR codes become more prevalent, seeing a plethora of nefarious methods and techniques in which to hide and convey information. In this category, you will participate in identifying QR code workings, how they operate, and revealing secrets hidden within. Steganography In this category, you are to find hidden items within a range of objects such as files, images, audio, and video. Steganography usually involves looking at the object’s underlying data with a hex editor or using detection tools to identify any hidden items. Simple hiding techniques may also involve obscurity, modifying an objects attributes, or combining two types of different files. Crypto Traditional cryptography, in its mathematical form, has seen much integration into the digital platform over the past few years. Internet security, secure storage, and encryption now plays a major part in cybersecurity and cybercrime. In this category, you will face a number of crypto challenges which may require the use of automated decryption tools or methods to break encryption or solve mathematical functions in order to reveal the hidden flags. Recon Being able to harness the power of internet indexing allows attackers access to important footholds and information with anonymity and ease. Specialized keywords in searches provide attackers with the ability to use pinpointed filtering to find specific objects or items on the web. Meta-data and website indexing play a big part in visibility to the web via search engines. This category will see contestants becoming private investigators in order to find flags hidden deep inside the web. Reverse Engineering In these challenges, you will use various tools to analyse the workings of programs and find flags hidden within. Reverse Engineering allows contestants to see the inner workings of a program, and gives insight into how software protection mechanisms are bypassed, including the cracking and subsequent pirating of games and software. Use debuggers and disassembly programs to gain access to the source code in order to find the hidden flags. Coding This area focuses on both programming and scripting languages, and the process of creating, breaking, or identifying code to divulge secrets. Coding is at the center of all programs and it is essential that it is safe and secure. Being able to read simple code and understand its workings can give any contestant the ability to crack the secrets within. Network Analysis Network challenges involve a dump of network traffic of various protocols and transmissions. The most common tool for viewing network traffic is Wireshark, which displays all communications between systems. In this category, you’ll be given a task to track down the relevant transmission and reveal the data, using a variety of commands within Wireshark.


Scoring
The scoring system is simple, and each team’s score consists of two parts:
  1. Each category consists of three tasks in different levels of difficulty which will be associated with a certain number of points. Any team answers correctly, that is, capture the flag, will get these points.
  2. The first team which solves a task correctly will obtain a bonus mark of 10% extra, the second team 7% extra, the third 5% extra, the fourth 4%, the fifth 3%, the sixth 2%, and the seventh 1%.