Prizes by Infosec In the City, SINCON
This CTF will be online on:
2 Jan 2021 — 3pm-8pm (SGT, GMT+8)
3 Jan 2021 — 10am-3pm (SGT, GMT+8)
PRIZES
1st place: $70 SGD prize voucher
2nd place: $40 SGD prize voucher
3rd place: $30 SGD prize voucher
REGISTRATION
The CTF competition is open to all SINCON 2020 Conference ticket holders to play, enjoy and compete. To participate, you'll need the following:
Get your SINCON 2020 Conference ticket: https://www.infosec-city.com/sin-tickets
Join the Virtual Conference Platform: https://www.infosec-city.com/virtual
Follow the "car-security-kampung" channel on the Virtual Conference Platform.
Register for a CSQ CTF account: https://ctf.carsecurityquarter.org/register
You will also need a Twitch account to join the CTF queue.
GAMEPLAY
There are 3 categories, each with its own set of challenges and scores.
Category 1: Virtual simulated vehicle environments
Category 2: Physical test bench with real car components
Category 3: Physical cluster
The challenges will help beginners get started on car hacking and the basics of vehicle communications.
You can form a team with up to 3 persons.
There are 4 actual vehicle environments — 2 virtual simulated vehicle environments, 1 physical test bench and 1 physical cluster (https://ctf.carsecurityquarter.org/video).
To play, teams will remote access the 4 environments via ZeroTier VPN and SSH.
Because you are accessing actual vehicle environments, there can only be 1 team working on 1 environment at any time. Hence, teams need to queue to get their hands on the environments. Teams are only allowed to queue for 1 of the 4 environments at a time (to allow everybody to have a chance to play).
Each team will be allowed a duration of 30min per virtual environment/bench/cluster. Teams are allowed to re-queue even if they did not solve any challenge/question.
To join the queue, you need to be connected to the environments' network. Network information will be sent to your registered CSQ CTF account. Once you are connected, ping the CSQ Crew on the "car-security-kampung" channel on the SINCON 2020 Virtual Conference Platform with the following information to get authenticated: (1) Specific network name you've joined (only 1 network at a time); (2) Team Name; (3); No. of players in the team; (4) Player(s)' handler; (5) Player(s)' device address shown in the ZeroTier network; and (5) Twitch account associated with the team (each team just need 1 Twitch account).
For more information, visit https://ctf.carsecurityquarter.org/.
SCORING STRUCTURE
Flag structure: flag{xxx}
For CAN bus flags, it will be ID#xxxxx (data) without any space or dots (.) in between.
Some of the challenges require the teams to demonstrate that you can recreate the scenario and display it to the CSQ Crew to get your points awarded.
Please ping the "car-security-kampung" channel on the SINCON 2020 Virtual Conference Platform and inform the CSQ Crew about the challenge you are working on to get points.
RULES
Denial-of-service or any malicious attacks against other competitors or CSQ's environments hosting the CTF is strictly prohibited and will result in a permanent ban
Do not attempt to brute force the server-logins or privilege escalate your way out of the given shell
No sharing of answers with other teams — we want to make this as fun as possible
Any vulnerability discovered in physical car components must be made known to the contest organisers
Any act of tampering, misuse, attacks on the infrastructure, equipment, software without the consent of the contest organisers will result in a permanent ban
SUPPORT
Just ping the "car-security-kampung" channel on the SINCON 2020 Virtual Conference Platform. CSQ Crew will be online to provide support if needed.
CAR SECURITY WORKSHOP
Before the CTF starts, CSQ will be providing a short live hands-on introduction/demonstration to get you started on playing the car hacking CTF — From Zero to Hero(-ish): Your Journey to Car Hacking Begins.
Access to the Workshop Room will be broadcasted in the SINCON 2020 Virtual Conference Platform.
Comentários