PUT CTF: Web Security Challenge

  • Thank you for participating!

    Competition results

    DiscordUniversityPointsPlacing
    .reekeeUDCAT312#1
    alex1234ilproUDCAT250#2
    valery0pUDCAT125#3

    What is it?

    EUNICE European University invites all cyber security enthusiasts to join a hacking mission.

    We are opening registration for a CTF (capture the flag) competition organized in cooperation with PUT computer science students.

    The game Capture the Flag, entitled “PUT CTF: Web Security Challenge”, is about putting knowledge of cyber security and vulnerabilities in web systems (web applications) into practice in order to capture a hidden password-key called a ‘flag’. In a nutshell, it is a puzzle for cyber security enthusiasts.

    How does it work?

    The Player will have the opportunity to learn how to capture and exploit vulnerabilities in practice in order to have the right knowledge and experience to work in the cyber security industry in the future. While solving the game, the Player will encounter both typical and more sophisticated vulnerabilities found in systems. For knowledge reinforcement, the Player can use information found on the Internet. He or she can also use the internal ‘wiki’ system, or, in the case of greater difficulty, hints. Tips, however, are not free – they affect the final ranking at the end of the game. The game ends when the allotted time has elapsed or when the Player has found all the flags and entered them into our system. In addition to the puzzle element itself, the Player will encounter a storyline and many interesting characters, which allow for immersion in the game world.

    The gameplay is divided into four stages, each characterised by a different type of application often encountered in everyday life. These stages are the bank website, the online forum, the chat room and the company homepage. In the more advanced levels, special care has been taken to create a feeling of progression and to link vulnerabilities together. In this way, the player discovers new vulnerabilities as he or she delves deeper into the system.

    Timeline

    27.11.2024 – 11.12.2024 – registration

    14.12.2024 – organizational meeting with the chosen players on Discord

    16-20.12.2024 – let the game begin! Players will be divided into teams

    23.12.2024 – competition result (there can be only one winner! but we foresee some additional prizes.)

    Practical information

    • The competition involves solving tasks related to web application security.
    • Participants earn points for correctly solving tasks. Tasks vary in difficulty and point value.
    • Participants may use hints provided on the website where the game takes place. Using hints reduces the points awarded for completing a task.
    • The first participant to solve each task receives bonus points.
    • The competition platform will be available at <link soon!>. Users log in using credentials provided earlier via email to access a virtual machine through the website <link soon!>. Competition tasks are located on specified virtual machines running Kali Linux.
    • The winner of the competition is the participant who accumulates the most points during the competition. In case of a tie, the time taken to solve the final task will determine the winner.
    • Before and during the competition, participants can contact the organizers via a dedicated Discord server <link>.