Put your skills to the test
What is CTF?
CTF, or Capture The Flag, is an engaging learning and hacking event with one singular objective: hack and find the flag. Flags are placed in various locations — they might be in a file, in the database, stuck into source code, or otherwise — and your goal is to hunt them all down.
This marks the third consecutive event hosted by the Application Security team.
Who Can Participate?
This event is tailor-made for technical enthusiasts, specifically engineers. Regardless of your job title or position — be it QA/Network/Reverse engineer, developer, manager, or even a C-level executive — you have the chance to apply your engineering mindset, unleash your creativity, and hone your security skills.
Geographical boundaries do not apply; anyone is welcome to participate.
Complexity Levels and Task Variety
Our challenges encompass various complexity levels, ranging from easy to advanced. We firmly believe that individuals with a technical background can conquer easy tasks with ease.
The event is a fusion of Jeopardy and Attack and Defense formats, offering you a multifaceted challenge.
In total, there will be 12 Jeopardy-style challenges and 2 Onslaught services offered before the event concludes. Onslaught services remain active for 3 hours after release, while Jeopardy tasks can be solved right up to the end of the competition.
Jeopardy consists of several tasks or so-called “problems” in a wide range of computer and network security categories, including web, cryptography, reverse engineering, mobile security, and secure programming.
In this format, teams do not compete against each other but instead focus on attacking different systems and solving challenges. The more tasks they solve and the more complex tasks they tackle, the higher they climb on the CTF scoreboard.
Onslaught is similar to Attack & Defense. Each team has its own “vulnerable” servers and services with full access to the source code.
The mission is twofold: identify and fix vulnerabilities in the services while ensuring the services remain operational, all while guarding against new attacks (in the event of a decrease in SLA, the team will lose points).
On weekdays, we will release a small set of challenges each day:
Monday, October 23 at 14:15 UTC — first challenge released
Tue, October 24 at 14:00 UTC
Wed, October 25 at 14:00 UTC
Thu, October 26 at 14:00 UTC
Fri, October 27 at 14:00 UTC
The challenges are focused on the usual topics of Web/Application Security, Infrastructure Security, Incident Investigation, etc.
On Saturday, you will face Onslaught and try to protect your two services from intrusion attempts.
Saturday, October 28 at 8:00 UTC — first service
Saturday, October 28 at 12:00 UTC
Timeslot for actively defending each Onslaught service from ongoing attacks is 3 hours since release, after which an additional challenge with mirroring goal is provided. After working hard on thwarting hackers’ attacks, you can also score points once by landing an attack on our copy of the same vulnerable service.
