About the Competition
- Capture the Flag (CTF) will be hosted online globally
- CTF will be hosted in two phases – Elimination Round and Finale
- Participants can participate individually or in the form of a team.
- Participants will be required to find the vulnerability in the CyberPeace Range created by the hosting committee
Capture The Flag 3.0 will be conducted in the following rounds;
1- Participants can register themselves by visiting the GCC official website (www.cyberchallenge.net)
2- Participants must provide their respective profiles that demonstrates their efficiency in the CyberPeace security domain
3- One entry per participant will be accepted
4- Participants must adhere to the guidelines when filling up the form
1- Post registration participants will be given the link to elimination round
2- Elimination Round will be live for three weeks
3- 24 IT Challenges will be created
4- Primary ranking will be according to points from solved challenges. Ties will be broken by using each teams’ average time between “release” of challenge to time of solution submission
5- Mode will be Flag + Writeup, so teams must hand in a description of how they solved the challenge
1- The Grand Finale of GCC-CTF 3 will be hosted virtually
2- Selected candidates will be given the credentials of CTF one hour prior the start of competition
3- A total of 12 challenges will be provided
4- Mode is Flag + Writeup, ties will be broken by writeup quality
Target Audience :
- Irrespective of experience and age, anyone like students, researchers, professionals can participate in the CTF to prove their Cyber Security skills.
- The competition is open for citizens for all countries across the world.
CTF Types :
Global CyberPeace Challenge 2.0 CTF has two types of contests —
- Information Technology Capture the Flag.
- Operational Technology Capture the Flag.
Information Technology Capture the Flag (ITCTF):
- In this type of CTF a different platform will be provided where participants/teams have to register or login with predefined credentials separately and all the information will be sent to their registered email address.
- Participants/teams will be provided puzzles, programs with security vulnerabilities. There is a Secret key called ‘flag’ embedded with each of the puzzles. Finding the same is proof that participants have solved the particular challenge and by submitting the flag earns the points.
- Flags are chosen to look very distinctive and a special type of formatting that participants can easily recognize that it is the flag.
- Task will be categorized as Cryptographic challenge, Steganographic challenge, Web based, Reverse engineering, Networking, Forensics and others.
- Each problem statement has its own points which depends on the hardness of the problem.
- The marking procedure depends on how many points participants would have earned and how much time they have taken to submit the flags.
Operational Technology Capture the Flag (OTCTF) :
- The registered participants will be given remote VPN access to the OTCTF platform. They have to log in to the system first as per the credential and specific time slot provided to them by the organizers.
- The system will be a non hardened Industrial Control System (ICS) with the pre configured vulnerabilities.
- The task can be divided as– Participants have to discover the IP range of the OT Network, discover the devices connected to the network and its running protocols. Find the device or devices with vulnerabilities and exploit the system to gain access to the system.
- The infrastructure can be as complex as a real Industrial Control System used to have.
- A Proof of Concept report with proper screenshots needs to be sent with all the information like discovered IP range, connected devices, running protocols, and attack methodology to the organizer to the [email protected] email id. Also mention the tools and if any script is used in the attack methodology.
- The marking procedure depends on discovered IP range, number of devices and protocols, number of compromised devices and also on the time taken to send the Proof of Concept report and its strength.
- CAUTION: The participants need to secure their attacking system first before entering the OT Network. As their System is suspected to be attacked by the other attackers. The organizer will not be responsible for any kind of damage.
Guidelines and Rules for participation :
- Participants should provide truthful and authentic information to the organisers while registration.
- Don’t Delete Files or edit Services and ruin the fun for other players.
- Don’t share flags or ask for flags. It’s a competition, do your personal best.
- Don’t register multiple accounts.
- Participants can participate individually or in Teams (max. 3 participants).
- Participants shall keep their contact information accurate and up-to-date.
- Don’t generate excessive load. DDOS will not be necessary.
- Any malicious activity against the challenge infrastructure and framework will cause immediate disqualification from the challenge.
- The participant shall not use this contest to do anything unlawful, misleading.
- If any participant is found to have violated the terms & conditions of the contest, the Organizing Team has all the right to disqualify the participant/team without prior notice.
- Jury has all the rights reserved, in case of any conflict, the decision of Jury shall be final.
- Global CyberPeace Challenge Team reserves the right to change Terms and Conditions.