Capture The Flag
The bSidesLisbon CTF is a competition for anyone who's passionate about security and wants to try harder and have fun.
The CTF will have two parts: the qualifiers which are done online and the CTF event which happens on site on the first day of the conference, November 16th.
Each participant must have a bSidesLisbon ticket to be able to participate on the on-site event and need to be part of one of the 10 possible teams to be formed by the first 10 participants to successfully complete the qualifiers.
You can register here to access the slack used to reach the CTF admins, and to ask questions and/or expose issues.
We believe the qualifiers provide a good preparation for the CTF. If you, or your team, are able to complete the qualifying challenges, then you'll most likely perform well at the CTF since they share most of the categories.
The first 10 participants to complete the qualifiers will be asked to form a team of (at most) four elements. The other three elements of the team don't need to complete the qualifiers (although we recommend they do) to be able to participate in the CTF, and every element of the team must have a bSidesLisbon ticket.
In case there are elements of the same team, in the first 10 participants that completed the qualifiers, we will contact the next ones in line to form a team; so, try to solve the challenges even if you're not in the top 10 solvers.
The first participant to complete the qualifiers gets a prize at the conference closing session.
The onsite CTF will be performed by at most 10 teams formed by at most 4 participants each. The CTF is a jeopardy style one where participants solve challenges from different categories with different levels of difficulty.
We recommend the participants to arrive at the venue at least 30 minutes earlier to perform the check-in to be able to start on time.
Dates:16th November 13:30 WET to 18:00 WET
Only team members can participate in the competition. You cannot get help from anyone but your teammates.
Teams will not be penalized for submitting an incorrect answer so, basically, every team has an unlimited number of tries for every question. But, attempting to brute force an answer is not allowed and will result in disqualification. Also, the game board throttles requests and you will get blocked before that happens.
Abuse will be announced on the game board, so other teams will know you're trying to cheat
The top three teams get prizes at the conference closing session.General Rules
You are not allowed to perform any type of brute force on the servers or run any sort of scanners against them. We will let you know if brute forcing is allowed on any specific challenge.
If no progress happens over a 20-minute interval, a new random question will be opened. The competition staff may also open a new random question if the game looks stalled. The timer on the game board runs in your browser (client-side). The official game time is the server time. Answers that exceed 4:00:00 are rejected. Even though the timer on the game board is synched with the server every 10 seconds, if the load on your computer is high, then the timer may lag by a few seconds
If we catch you cheating you'll be disqualified. If cheating includes collusion from another team (e.g. sharing flags), that team will also be disqualified.
The Game Board
During the competition, each team has access to a dashboard where questions can be opened and answers can be submitted. Information for all teams is also displayed in a global game board so that the audience can follow along the competition's progress.
The progress graph shows each team progress in time and the total points
Try Harder and have fun,
bSidesLisbon CTF Team