BanhChung CTF - Attack & Defense

Rules

As events happening during a CTF competition are hard to foresee, these rules may be enhanced or changed at any time before or during the competition. Changes will be announced via email and directly. In cases not covered by the rules, we will decide according to our own judgement.

Announcements

Any changes to the rules or announcements will be communicated directly to the teams.

Definitions

In AWD, the following definitions apply:

• Competition: Refers to the entire process from the beginning to the end of a match.
• Round: A single time interval, which is the smallest scoring period, usually 10 minutes. A competition consists of many rounds. Total Rounds = Total Competition Time / Single Round Duration.
• Players: The participating teams in the competition, typically composed of 4-6 members.
• Challenge: The tasks in the competition, corresponding to traditional Jeopardy-style questions.
• Gamebox: In AWD mode, each challenge is associated with an individual gamebox for every team, running the environment for that challenge.
• Check: To verify the functionality and availability of players' gamebox services, the organizers periodically run a check (usually an automated script for requests and validation). If the service is unavailable or incomplete, the team’s gamebox will lose points.
• Service Down / CheckDown: Indicates that the gamebox service is unavailable or incomplete.

Social Conduct

The goal of BanhChung CTF is to allow people to practice their skills and have fun. We ask you to avoid spoiling others' fun unnecessarily. We want the competition to be a pleasant experience for all participants.

TEAMS ARE ALLOWED TO

• Do whatever they want within their network segment. Most likely the team would like to patch vulnerabilities in their services or block exploitation of vulnerabilities;
• Attack other teams.

TEAMS ARE PROHIBITED TO

• Filter out network traffic coming from other teams;
• Generate excessive amounts of traffic that pose a threat to network stability of organizers' facilities;
• Generate excessive amounts of traffic that pose a threat to network stability of any other team;
• Attack the game infrastructure operated by organizers.
• Share flags, information on vulnerabilities and exploits, or similar.

Schedule

The account & password for user dashboard will be released at 2024-12-27 08:00 UTC+7 via Email. Network connections between teams are enabled one hour later, at which point Gameserver traffic and scoring starts as well. The competition is then planned to run for four hours.

One round lasts 10 minutes. The Gameserver checks the functioning of each gamebox once per round and places a new flag. Therefore, one flag exists per round, gamebox, and team.

Scoring System

The total score is the sum of the individual scores for each service. The score per service is made up of three components:

• Attack: Points for flags captured from other teams and submitted to the Gameserver within their validity period.
• SLA: Points for the availability and correct behavior of your services.

Attack Scoring

The gamebox that is attacked loses 50 points.

Teams successfully attacking a gamebox share the penalty points equally. Points are added to the attackers’ gameboxes for the respective challenge.

SLA Scoring

A gamebox flagged as CheckDown loses 50 points. Gameboxes that remain functional during a round share the total CheckDown penalty points for that challenge.