Inter-Tertiary-Institute Capture the Flag Contest 2017

Win up to HK$50000
Supporting Organisations

About

In the online world, no level of insulation can make you completely 'covered'. Around the world, cybersecurity is an increasingly important concern for everyone. The average time required for an organisation to discover a 'compromise' in their systems is five months – according to a 2016 research from a US-listed cybersecurity organisation. The total number of reported malware is over 600 million with around 8% of mobile users reporting unauthorised infiltrations. With the growing number and constantly evolving nature of cyber-attacks, online threats are hard to avoid. How to respond swiftly to these attacks is a critical question that enterprises should ask and ponder. The need to engage cybersecurity experts is a bigger priority now than ever before.

'Inter-Tertiary-Institute Capture the Flag (CTF) Contest 2017' is a competitive platform for undergraduates from tertiary education institutes in both Hong Kong and Macau to showcase their knowledge about cybersecurity and their skills to protect against these attacks. It aims to boost the interests and knowledge of the local talent pool - seeking to promote information security awareness among the youth.

CTF is an already established and well-recognised platform for testing relevant skills and expertise in the field of cybersecurity. The contest presents a series of simulated real-world cyber-attacks. To succeed in CTF, contestants must demonstrate deep understanding and refined knowledge in operating systems, secure programming, reverse engineering, computer forensics, system security administration and network analysis.

There are two types of CTF contests: jeopardy and attack-defence. The CTF jeopardy challenge consists of questions on a range of topics including web-security, cryptography, computer forensics, secure coding, etc. Each question has a hidden flag and a contestant scores by solving the challenge and finding the flag. In attack-defence CTF, each team needs to attack vulnerable servers belonging to other teams, and at the same time defend his/her own vulnerable server. When an attack is successful, the attacker scores by 'Capturing the flag' while the defender would lose.

The organiser will run a series of drill that will benefit the contestants and help enhance their knowledge on cybersecurity topics. The organiser will offer a three-month online training, followed by a practice game for contestants to gauge their skill-level - helping to better prepare for the first round contest. The final contest will adopt a jeopardy model - an exhilarating event for teams to work together, deploy their collective skills, and compete against each other.

Cybersecurity is a challenging and prospective career choice for young professionals. Through this CTF contest, contestants can sharpen their professional skills and master the real-life cybersecurity challenges that businesses and communities face. The students participating in 'Inter-Tertiary-Institute Capture the Flag Contest 2017' can not only test their skill levels, but also prepare themselves for other international CTF competitions. In the team-based structure and time-bound format of the contest, students will develop teamwork among themselves - tackling the challenges with collective skills to attain team success. And let's not forget the potential career opportunities for the winners - as they will not only 'Capture the flag', but also capture the attention of industry leaders and professionals.

Schedule

Prizes for Finalists

  • CTF challenge type is Jeopardy in the practice game and the challenges involves Web, cryptography, reverse engineering, exploitation, and miscellaneous.
  • A contestant must be an undergraduate in Hong Kong or Macau and registered with tertiary institute email address.
  • A team consists of 2 ~ 4 members.
  • A contestant will solve a challenge (capture the flag) to attain the corresponding score.
  • A contestant will be ranked according to its score. If the scores are even, the contestant has a less solving time will get a higher ranking.
  • Attacking the competition system is prohibited.
  • CTF challenge type is Jeopardy in the first round contest and the challenges involves Web, cryptography, reverse engineering, exploitation, and miscellaneous.
  • A contestant must be an undergraduate in Hong Kong or Macau and registered with tertiary institute email address.
  • A team consists of 2 ~ 4 members.
  • A team can compose of members from different tertiary institutes. However, the team can only choose one tertiary institute to represent their team, and only two representative teams with higher score from the same tertiary institute may advance to the final contest. At least half or more than half of the members should be belonged to the representative tertiary institute.
  • A team will solve a challenge (capture the flag) to attain the corresponding score.
  • A team will be ranked according to its score. If the scores are even, the team has a less solving time will get a higher ranking.
  • The final contest is onsite in Hong Kong and the competing team is selected from top ten teams in the first round contest. Only two teams from a given tertiary institute may advance to the final contest. A team advancing to the final contest will be comprised of the same member as when it qualified. If the number of given tertiary institute is less than 5, the alternates will fill a vacancy in the final contest without aforementioned tertiary institute restriction.
  • Top 20 teams in the first round contest must submit a write-up in four hours after a competition is finished.
  • Attacking the competition system is prohibited.
  • First blood will earn extra 8% of points, second blood will earn extra 6% of points, and third blood will earn extra 4% of points
  • Two top-performing teams* from the first round of 'Inter-tertiary-institute Capture the Flag Contest (CTF) 2017' will get a chance to prove their brilliance at another big stage. They will be invited to compete with the finalists at the CTF contest organised as part of Beijing International Cybersecurity Exhibition 2017. ICHUNQIU.COM will offer travel packages to the two teams including airfare and two-night accommodation.

    * Note: Top-performing teams representing two different tertiary institutions will be chosen for this purpose. In case two teams from the same institution rank first and second, the next one in ranking representing a different institution will replace the second ranked team.
  • At onsite final registration, contestant must provide student picture ID and show proof of enrolment at the tertiary institute during the term of the contest at which they qualified if needed.
  • Contestant may be necessary to apply for appropriate visa. Visa applications can take a long time to process. Make enquiries early. Contestants are expected to secure their own travel visas.
  • CTF challenge type is jeopardy in the final.
  • A team will solve a challenge (capture the flag) to attain the corresponding score.
  • A team will be ranked according to its score. If the scores are even, the team has a less solving time will get a higher ranking.
  • Accessing Internet is only for accessing the competition system, the CTF Web challenges, and searching information. Communicating with outsiders and leaking CTF challenges to the others are prohibited.
  • Attacking the competition system is prohibited.
  • If a team is intentionally cheating or breaching the rules, the team will be disqualified from the final contest.

Contact:
ctf@astri.org
Organiser:
Hong Kong Applied Science and Technology Research Institute (ASTRI) Company Limited
Co-organiser:
ICHUNQIU.COM
Supporting organisation:
GovCERT.HK