BSides Boston CTF 2014 – Come Play!!!

When: May 9, 2014 – 11:30am – 5PM – Registration starts at 11am, walk in registrations accepted all day!!! Drop by!

Where:Security BSides Boston – Microsoft NERD Center in Cambridge, MA

Who: Open to all registered BSides Attendees/Participants

What: This will be a Jeopardy style Capture the Flag event with challenges in various categories related to information security. We have designers working on some great challenges, some very traditionally cool and others very outside the box. We’ve got some prizes in the works as well

DRAFT Rules/Guidelines (Subject to Modification):

  1. Don’t be a jerk
  2. This event will be open to teams from 1-3 players each, on site. (realistically we cannot restrict team sizes but the event will be geared to small teams or individuals)
  3. Attacking, touching, modifying the game hosting infrastructure or scoring system will result in immediate disqualification. Attacking any system or network not specifically designated as a CTF challenge is not endorsed or recommended. We will cooperate fully with those investigating these types of activities.
  4. Prizes will be awarded to the highest scoring participants as determined by the organizers in the following manner. The first team that completes all challenges will be determined to have “won”, subsequent finishers of all challenges will place 2nd, 3rd etc. If no team completes all challenges final standings will be determined by score at the end of the competition. Ties will be broken by the higher standing being awarded to the team that achieved the score first.
  5. Teams can get credit for a maximum of two challenges for which team members submitted content. This is to benefit those who submitted but not to create an unfair advantage.
  6. To get credit for a challenge you have submitted (and solved) another opposing team or player must have solved and scored on that challenge PRIOR to you or your team receiving points.
  7. Please bring per team: a power strip, enough shorter (~5′) ethernet cables for your team. The following would “not be a bad idea”: small 10/100 switch, extension cord. The competition will involve both on site and “cloud” infrastructure for challenges. Be prepared and able to connect to the conference wireless networks at the NERD center for internet access to access some challenges.

Final registration will be taken at the event. Please email paul@pauldrapeau.com with subject “BSIDES CTF” to express interest or ask questions (I’d like to get an early estimated count).

Also if you have challenge ideas PLEASE feel free to contact me about submitting them. If they work and they are good it is NEVER too late. Challenges may be released during the competition.

Call For Challenges – Security BSides Boston CTF 2014

After a successful event in 2013 we are trying to organize a second CTF/Hacker Scavenger Hunt for BSides Boston 2014.  This is a call for challenge submissions. I am looking for interesting infosec focused challenges in the following categories:

  • Penetration testing / vulnerable systemsbsidesbos_est1

  • Web applications

  • Binary / Malware / Shellcode reversing, analysis etc

  • System or Network Forensics

  • Cryptography

  • Hardware Hacking

  • Infrastructure Security / Configuration

  • Physical Security

  • Mobile systems and devices

  • Logic games/puzzles

  • Whatever other fun ideas or challenges you may have in categories I haven’t dreamed of

The goal is to get a number of challenges representing different disciplines and skill levels. “Entry Level” to “Insanely Difficult” are all encouraged. Special focus and consideration should be given to challenges that can be completed while attending the rest of the conference.

I will be providing a fairly robust infrastructure for hosting software/system/network/binary etc related challenges (technical details will be made available to challenge submitters), a wired and wireless network, and scoring. Participation will be open to challenge submitters (you get a freebie for contributing, although you do actually have to solve it, and you get to make it hard on the competition!!! There will be a rule change on this item this year as suggested. The rule is another team/participant must solve your challenge as well before  you can claim points for it).

So who can build the best puzzles and solve the most? Submissions of proposals are due by noon EST April 1 and final submission of challenge materials for QA testing will be due a few weeks before the conf. You’ll likely get an answer pretty quickly so submit early and often. Please consider legal, ethical etc. implications of the challenge. Those who submit, are accepted and fail to deliver will be worth points to competitors :). If you want to help out in ways other than challenge development, let me know.

Please submit the following to paul@pauldrapeau.com (include subject line “BSIDES CTF”) Link to PGP key if you need it:

Name/Contact info (how or if you want to be listed in the credits):

Challenge Description (what will competitors see and do, walk through):

Goal and skills involved:

1-10 Difficulty rating (1 being “good intro to the topic” – 10 “insanely difficult for a pro”):

Special technology or physical requirements:

Has this challenge been used before? Where When? (this is ok, think about what could be changed slightly):

Questions/concerns/warnings/comments:

What could go wrong?:

Confirmation you will be available to help fix it if it breaks:

Go to top