Welcome to the Cybersecurity Module's Capture The Flag (CTF) competition! Here you will face a series of challenges designed to test your skills and expand your knowledge in the field of cybersecurity.
The Top 3 most dedicated and successful participants will be awarded a Certificate of Special Engagement.
Throughout the semester, various practical challenges will be released. These challenges are to be solved individually using files, information, computer programs, and web applications provided to you or researched on the Internet.
Successfully solving a challenge will earn you a "Flag", which must be submitted through this web application to gain points. The accumulation of these points over the semester will determine your final grade.
A flag is a hex string (e.g. "c481c6d12e5433274d02df151e125a857eb454ca", without quotation marks) and can be earned in three types of challenges:
Imagine a digital trivia game that tests your cybersecurity knowledge. That's what the quiz challenges are all about! You'll encounter multiple-choice questions, and to earn the coveted "Flag", you need to answer correctly at least 75% of them. Once you've conquered the quiz, submit your flag in the WebApp to secure your points. But be prepared for a twist—some questions may seem odd or outlandish. If you find yourself puzzled, it's a hint to revisit the lecture slides. This is more than just a quiz; it's a chance to become intimately familiar with the course content, so resist the urge to search for quick answers online and use this opportunity for a deeper learning experience.
These challenges are like a puzzle you need to solve using your detective skills and the right set of digital tools—tools that are often highlighted in our lectures. While the exact method to solve these challenges isn't handed to you on a silver platter, hints are embedded within the challenge descriptions. Pay close attention, and you'll likely deduce what steps to take. Remember, the key to cracking these challenges lies in understanding the problem and applying the knowledge you've acquired from the lectures effectively.
Step into the shoes of an ethical hacker with these special challenges that involve exploiting vulnerabilities listed in the OWASP Top 10. You'll have access to your own instance of the OWASP Juice Shop—an educational tool designed to be purposefully insecure—provided during the lectures. Here's the catch: you can only attempt these challenges within a specific timeframe due to technical and cost constraints of cloud-hosted services. This timeframe will be announced on Moodle, so keep an eye out! It's your chance to practice real-world hacking techniques in a safe and controlled environment, enhancing your practical skills in identifying and exploiting web vulnerabilities.
Adhering to the game rules published here is essential for passing this module. We wish you luck and hope you enjoy the CTF competition. May it be a rewarding and enlightening experience.
The following actions are prohibited!
If you have any questions about the rules or what is considered permissible, please do not hesitate to contact an organizer for clarification.
We do not expect major technical issues regarding the web application and the submission process, but in case something goes wrong please collect your flags in an excel file. Put the name of the challenge in the first column and the respective flag into the second column. Be aware that you must copy the exact name of the challenge in order to allow an automated mapping of the challenge to the correct flag. A manual mapping for the challenges and the whole class will not be feasible.
This emergency procedure is a fallback solution. Excel sheets will not be accepted unless communicated otherwise in the lecture.