Ok, so what if I participate and I end up ruining my machine? What if someone hacks in and steals all my private information? What if…?

Teams compete against each other, trying to crack into each other’s machines whilst securing their own. When we say machines, we are referring to Virtual Machines which run an Operating System that we will provide you. This custom made OS will have vulnerable services which have been written from scratch. It is this machine that you, and every other team will be using during the competition.

Just in case you don’t know what a virtual machine is, read this.

O..k, what after that?

Once you bring up your Virtual Machine and connect it to the network, you are supposed to keep your services up at all times. Our gameserver will periodically check if your services are up and running, and will award you points if they are. After this, you can start hacking into the machines of other teams. We’ll award you points if you do!

Hmm, but how do you guys know if I’ve hacked into an opponents machine?

Our gameserver will periodically deploy flags into your machine. If someone else manages to steal these flags and submit the same, we know you have been hacked(too bad, it happens, keep trying). On the other hand if you submit someone else’s flag, you get points.

Huh, well what if I just bring down all my services? No one steals then, right?

Yeah, but you won’t be awarded points by the gameserver either. You are supposed to keep your services up at all times if you want points. No points for being such a chicken.

What if I can find a bug, but can’t exploit it?

We give points for advisories. A complete advisory is a writeup about the bug you found, the exploit you are using along with the patch for the same. However, we can be quite generous if we’re in a good mood and give points even if the advisory is incomplete.

Cool, did you guys come up with the whole idea of a CTF?

NOPE. We were just the first ones to host such a competition among graduate colleges in India.

Wow, awesome! You guys rock! \m/

Yeah, we know.