About this Event
Quest CTF is an online and in person capture the flag competition consisting of two stages. The idea of this competition is to mix a traditional red team/classic CTF with scavenger hunt like tasks. This competition has been crafted to challenge players in various aspects of hacker culture, including but not limited to, simple enumeration and problem solving, crypto-challenges, advanced computer hacking techniques, knowledge of blue team defensive techniques, knowledge of pop culture references, hardware hacking, and lockpicking to name a few. This CTF will require teamwork and it is recommended to play with a group of players.
How does this CTF work?
The first stage of this CTF will be conducted online with the initial kickoff beginning two weeks before BsidesRoc on March 10th, 2020 and will continue up through the beginning of the conference. The first stage will consist of online challenges where players must complete a challenge on a given server or site and the flag collected will lead them to the next challenge. The last flag collected in the online portion of the CTF will give the player(s) a clue on where to start the next part of the competition.
The second phase of the CTF will officially begin during the first day of workshops at the BsidesRoc conference, Friday March 20th. During the conference, the players will have to solve challenges located either online, or physically at the conference to move forward to the next challenge. Many of these tasks will be physical challenges and may include various amounts of activities including finding a person, talking to people, looking for specific items, breaking into a thing, or solving a puzzle. All physical tasks will be isolated to the conference center or the immediate surrounding area. Points/progress will be tracked through an online scoreboard system, and prizes will be awarded for 1st – 3rd place. Consolation prizes will be handed out in the event there is no winner based off the furthest completed challenge. Players will be required to register prior to the start of the event and make a team name. Again, teams are welcome and encouraged.
- A computer
- An internet connection
- The ability to use various operating systems (windows, Mac OS, Linux)
- Knowledge of hacker tools and techniques
- The ability to solve problems.
- Must be able to physically move around (walk) and conduct light task work. (no strenuous activity)
- Must be okay with touching physical items that other players may have interacted with.
- You might want to pick up a lockpick set if you don’t already have one.
A significant part of this challenge will take place online (the live internets) as such, only attack computers you are given explicit permission to attack, Quest CTF will not be responsible for any actions you take outside of the scope of the game. If you experience any issues with your computer that is on you. Event Organizers cannot pause or hold up specific challenges/ the game due to faulty equipment. If you believe there is an issue with a specific server or challenge, an emergency contact email will be provided once your team has registered.
Any physical items that you are given must be returned in the same condition that they were given to you. Unless otherwise stated, physically damaging any game related items is against CTF rules and you will be disqualified from the competition. Any and all calls that are made pertaining to questions asked, unforeseen circumstances, player disqualifications or any other item not specifically listed here are up to the discretion of the event organizers. Their word is law.
Only registered teams or individuals can participate in the contest. Attempting to exploit, hinder or stop other players will result in disqualification and ban. This includes altering or deleting target servers after your team has completed a challenge on it to prevent others from moving forward. Hints may or may not be given if you ask, less is always more when asking for help.
A full breakdown of the rules and directions will be given out after each team has registered.
Again! Attacking items outside of the scope of the CTF or to critical infrastructure that is running the CTF is prohibited and will result in a disqualification and potential ban from the conference.