We are absolutely thrilled to announce that OWASP San Diego will be hosting an amazing AppSec California CTF hacking competition for the fifth year in a row!
Here are all the important details:
- Date: January 30-31, 2018
- Time: 10AM – 5PM PST runs until 4pm PST the second day
- Location: Marian Davies Guest House (Hacking Village) Must be there in-person!
- Players: 100 Players Maximum
- Required: Bring your laptop (and a ethernet/usb adapter if you do not have an ethernet port on your laptop).
- Optional Equipment: Bring lock picks (as there will likely be physical security challenges)
- Prizes: Yes! =]
Get plugged in, and get started. Contest begins on January 30th at 10:00 in the Hacking Village and will run through the end of the day January 31st at 4pm. Winners will be announced and prizes given out at the closing ceremonies.
- Don’t be a jerk.
- No host discovery is required. Everyone scanning a network just makes it break. Scanning a single host as part of a challenge is fine.
- Targets are clearly marked, only attack those. No attacking the switches, networks, etc.
- No DOS attacks, just “Catch The Flags” (CTF)!
- No physical attacks – cables, switches, hardware services are right out. Don’t break them.
- Don’t delete or change the the flags.
- VMs will be reverted somewhat regularly.
- Don’t mess with splunk and logging, we are just health checking.
- Don’t delete our root key from the box or we’ll have to revert it. Don’t do this as a DOS attack for the other participants.
- If we ask, you need to show us what/how you did something.
- We aren’t lawyers, you probably aren’t a lawyer. Don’t look for loopholes, and don’t get in the way of other people having fun.
- If this is your first CTF ever, you will be able to find things if you try, if it is not, we have challenges for you also.
- Objectives and flags are fairly clearly marked.
- NO STEGO! We hate stego. The tools never work and it’s a pain, so we didn’t do that. Images that have flags are clearly marked and are images for the lulz.
- No host discovery is required, but scanning a host may be useful.
- Challenges are standalone, but some easier ones may give ideas for harder ones.
- We are logging lots of things, if you aren’t happy with that, don’t play.