Update on EasyCTF
h
AmazingMech2418 (833)

So, as you may know, at https://repl.it/talk/share/Introducing-EasyCTF-A-Cybersecurity-Capture-the-Flag-Competition/38171 , I introduced a new cybersecurity competition for Repl.it, EasyCTF. Well, there has been an update.

EasyCTF is NOT cancelled, just postponed.

Due to other things taking up most of my time, I will not be able to host EasyCTF this year, but it will be open for next year. Additionally, an entirely new signup system will be used as the competition will not be a one-time competition like originally planned

The New Plan

EasyCTF will start up some time between now and the end of next summer, not as a one time competition, but as a continual website for replitors to train their cybersecurity skills. Once the website is up, I will post it onto Repl Talk and tag everyone on the signup list (really just the original sign ups and anyone else who would like to be added). Once on Repl Talk, I will work to deploy some basic challenges for people to get started and the challenge submission system will go online.

Challenge Submissions

Instead of just the judges creating challenges, EasyCTF will allow anyone to make a challenge and submit it. Challenges that are submitted will be reviewed to ensure that there is no malware and then published. Most challenges will be downloaded files that are then used to get a flag, although some will be in the form of servers that users must attempt to hack. (servers may be hosted on Repl.it or on a separate server or web hosting platform). However, with the addition of downloaded challenges, a malware inspection must be done to ensure that the user does not open a file and infect their computer with a virus. The files must also not include any executables and any challenges requiring an executable must be sent as the source code with instructions to build the executable.

In order to submit a challenge, you must also provide proof that your challenge can be hacked. For a normal challenge, you must also provide a key. For server challenges, a key will not be required as a user will just be able to tamper with a certain control within the server to ping an API that will give them the points for completing the challenge. Additionally, a server will not need a code inspection or a proof of hackability and an algorithm will decide the difficulty level based on how many users are able to complete the challenge in a given amount of time in addition to ratings by the users. This is possible since, given that the server contains the API endpoint, it is possible to hack and get points from that server.

Judges

The judges who have signed up and who may decide to sign up will be able to analyze a challenge and add it if it is good, reject it if it is bad, or refer another judge if a decision cannot be made. However, note that judges will not be able to complete non-server challenges as they will be given step-by-step instructions on how to complete it, so if you would like to step down as a judge feel free.

The current judges are:

Currently signed up competitors:

If anyone has any questions, please ask them by posting a comment.

You are viewing a single comment. View All
DynamicSquid (3223)

I would join but...

My super secure C++ program that I think is invincible:

int main()
{
  int* ptr = new int;
}