Capture The Flag
The bSidesLisbon CTF is a competition for anyone who's passionate about security and wants to try harder and have fun. The CTF will have two parts: the qualifiers which are done online and the main CTF event that will happen on site during the first day of the conference on November 13th. In order to play the on-site finals participants must be qualified through the online qualifiers and must have a valid bSidesLisbon ticket. All of the challenges will be open-sourced and we will open the CTF platform to everyone on the second day of the conference so you can still have fun after the competition ends.
This year the CTF will be organized by
Discord:
A link to join the official Discord of the competition will be displayed in the CTF platform Rules page. This will be the only official way to communicate with the organizers if you want to raise issues, ask questions or just vibe with the other players and share writeups after the competition ends.
The Qualifiers
Dates:
The Qualifiers will start on the 24th October 21:00 and will end on the 25th October 23:59. They will be hosted at quals.bsideslisbon.org>
Challenges:
There will be between 10 and 15 challenges evenly distributed across 5 categories. The official categories will be Pwn, Web, Rev, Crypto and Misc but keep in mind that Misc may contain challenges that are related to Forensics, AI or Blockchain.
Expect the difficulty of the challenges to range from "even a monkey could do it" to "cosmic hallucinations by the authors".
Rules:
Only the top 10 teams will be qualified for the on-site finals. In case of ties, the date of last submission will be the deciding factor. These 10 teams will be asked to form a team of (at most) 4 members. The other three elements of the team do not need to necessarily compete in the qualifier (although we recommend they do) to be able to participate in the on-site Finals, but they must have a valid bSidesLisbon ticket.
There is no player number restriction during the qualifiers but it is strictly forbidden for two players to compete in two teams at the same time. Once again, keep in mind that teams will only be allowed to bring 4 players to the on-site finals.
We will ask the qualified teams to provide proof of exploitation for each challenge to avoid cheating. It can be either the exploit script or a small writeup.
A full list of technical rules will be displayed in the CTF platform.
Keep an eye on the bSidesLibon and Ethiack X accounts for more updates.
The Finals
Dates:
The Finals will start at 10:00 and will run until 17:00 on the first day of the conference (13th November). We recommend arriving a bit early to the venue so you can check-in and set up before the CTF starts. The competition area will be accessible to the general public but please be mindful to not distract the players. You are more than welcome to have a chat with the organizers though.
Challenges:
There will be between 10 and 20 challenges evenly distributed across the same 5 categories from the Qualifiers. There will be no physical challenges this year, sorry :(. Once again, expect the difficulty of the challenges to range from "even a monkey could do it" to "cosmic level 9 hallucinations by the authors".
Rules:
The competition will occur in the dedicated CTF zone. It will be near the lounge area at the top of the stairs (same place as previous years). You won't be able to miss it.
Only the qualified teams can participate in the competition. You cannot get any help from anyone but your teammates. After the CTF ends we will make the challenges available to everyone that wants to play but did not qualify.
We will ask all finalist teams to provide proof of exploitation for each challenge to avoid cheating.
A full list of technical rules will be displayed in the CTF platform.
If we catch you cheating or deliberately breaching any of the rules specified on the CTF platform we will disqualify the whole team and ask you to leave the CTF zone.
Try Harder and have fun,
bSidesLisbon & Ehiack CTF Team
CTF Sponsors:
