Capture The Flag - Frequently Asked Questions

What hardware/software do I need to participate?

Check the setup page. In a nutshell, you need at a minimum (1 team) a low-end PC with two network cards to act as a site box and a PC with 1 network card to host the VMware host. A slightly better setup would include a hub and an additional PC to act as an "attacker host". All the software is freely available.

I do not have a VMware license. How do I get one?

A VMware evaluation license (valid for 30 days) can be obtained by the VMware web site. VMware is a pretty cool tool for security testing. You may consider getting a real one. Maybe, your university already has some sort of deal with VMware.

I would like to test my site box, who should I talk to?

Please contact Fredrik Valeur (fredrik@cs.ucsb.edu) and schedule a dry run of the VPN setup.

What is the time zone for the CTF schedule?

All the times are considered in the Pacific Standard Time zone. That means that the CTF starts at 9am, PST and ends at 5pm, PST.

Is the network setup secure? Can "bad" traffic leak out?

We have tested our setup in a dry run recently and by using non-routable addresses and careful VPN setup we were able to successfully contain the traffic within the testbed.

We want to implement [your cool idea here] to protect our services. Should we tell the organizers about it?

Not necessarily. We need to be able to reach the services on your OS image so that we can check and set the corresponding flags. If your protection mechanism blocks the attempts of the scoring system to access the service you will lose points and the service will appear on the scoreboard as non-functional.

What is the scoreboard? How does the scoring system works?

You can find some information about that in the CTF presentation. The web address of the scoreboard will be revealed the day of the competition.