We are absolutely thrilled to announce that OWASP San Diego will be hosting an amazing AppSec California CTF hacking competition this January 26th-27th for the third year in a row!
Here are the all important details:
Date: January 23th-25th, 2016
Time: 9AM – 5PM PST runs until 4pm PST the second day
Location: Event House (Hacking Village) (Must be there in-person)
Players: 100 Players Maximum
Registration: Register on-site
Required: Bring your laptop (and a ethernet/usb adapter if you do not have an ethernet port on your laptop).
Optional Equipment: Bring lock picks (as there will likely be physical security challenges)
Cost: Free!
Prizes: Yes! =]
No pre-registration necessary! Sign up on-site, get plugged in, and get started. Contest begins on January 24th at 10:00 in the Hacking Village and will run through the end of the day January 25th at 4pm. Winners will be announced and prizes given out at the closing ceremonies.
Contest Rules:
Don’t be a jerk.
No host discovery is required. Everyone scanning a network just makes it break. Scanning a single host as part of a challenge is fine.
Targets are clearly marked, only attack those. No attacking the switches, networks, etc.
No DOS attacks, get the flags.
No physical attacks – cables, switches, hardware services are right out. Don’t break them.
Don’t delete or change the the flags.
VMs will be reverted somewhat regularly.
Don’t mess with splunk and logging, we are just health checking.
Don’t delete our root key from the box or we’ll have to revert it. Don’t do this as a DOS attack for the other participants.
If we ask, you need to show us what/how you did something.
We aren’t lawyers, you probably aren’t a lawyer. Don’t look for loopholes, and don’t get in the way of other people having fun.
Random Thoughts:
If this is your first CTF ever, you will be able to find things if you try, if it is not, we have challenges for you also.
Objectives and flags are fairly clearly marked.
NO STEGO! We hate stego. The tools never work and it’s a pain, so we didn’t do that. Images that have flags are clearly marked and are images for the lulz.
No host discovery is required, but scanning a host may be useful.
Challenges are standalone, but some easier ones may give ideas for harder ones.
We are logging lots of things, if you aren’t happy with that, don’t play.
