darmstadt.op3n(2005);

International Network Security Challenge
 Saturday, September 3rd, 2005

September 5th: The contest is over!

Thanks to all who have participated and congtatulations to the winners! We hope you enjoyed the show. Check out the final results or see some pictures taken during the contest. There is a press article about the contest: Darmstädter Echo. We have set up an archive page to share some data for post-contest analysis.

The Organizers

Introduction

The darmstadt.op3n(2005); is a live team exercise for CS students to practise their skills in network and application security. At the beginning of the contest, a full server containing a number of vulnerable services will be given to the teams. The teams have to maintain and defend their copy of the server while attacking the other teams at the same time.
The contest is held as part of the metarheinmain chaosdays.

The darmstadt.op3n(2005); is inspired by the succesful Capture the Flag Contests organized by the UCSB and the recent Cipher Contest organized by the RWTH Aachen. See their pages for more information on CTF contests in general.

The focus of the contest is on application layer security. The vulnerable server will be distributed as a VmWare image. The image will contain a Linux server installation and a number of custom services. The teams have to analyze the services for common vulnerabilities (buffer overflows, script injection, sql injection, information leaks, ...), fix their own copy and develop exploits. A scoring bot will check the availability of the services.
Here is an incomplete list of useful skills the teams should be prepared for: Linux admin, network admin, sniffing, ids, reverse engineering, c/c++, perl, java, php, python, javascript, [imagine your least favourite scripting language here], sql, html, xss, ...

(Preliminary) Time Schedule

The contest will be held on Saturday, September 3rd, 2005.
All times are in central european summer time (Berlin CEST, UTC/GMT +2 hours, help).

Participants

The following teams have signed up for the contest:

Team NoNameUniversityCoachRemark
2 Wizards of DoS Darmstadt UT, Germany NN local; NW 10.130.2.X; confirmed
4 0ldEur0pe RWTH Aachen, Germany Lexi Pimenidis remote; NW 10.130.4.X; confirmed
5 SYPER U.N.L.P. - Universidad Nacional de La Plata Javier Diaz remote; NW 10.130.5.X; confirmed
6 Safe Hex University of Nebraska at Omaha Tim Vidas remote; NW 10.130.6.X; confirmed
7 Team Yellow N/A tronicum local; NW 10.130.7.X
8 Sharkbait Naval Postgraduate School Chris Eagle remote; NW 10.130.8.X; confirmed

(Slot 1 is reserved for testing).

Participation Requirements

Each team may have up to 10 members. There are two ways to join the contest: remote and local.

Remote Teams

A remote team is associated with a university. All team members have to be full-time students, the coach has to be a staff member of the faculty. To sign up for the contest, send a mail to the organizers. Please include the following information: team name, university name, name and contact information of the coach.

Local Teams

All team members have to attend the metarheinmain chaosdays. We will provide the network uplink, a dark room and loud music :-) Note: all members of local teams have to register themselves for the conference. Each local team should appoint a coach / team leader, who is responsible for registering the team for the contest. All conference participants are invited to form "chaos teams" and join the contest.

Contest Rules and Setup

Our rules and scoring will be a mix of UCSB CTF, Aachen`s Cipher, plus some additions. More information is on the following pages:

Acknowledgements

Giovanni Vigna (UCSB) and Lexi Pimenidis (RWTH Aachen) for providing advise and assistance to plan and build the CTF network.

Contact

Need more information or want to sign up your t34m? Send an e-mail to da.op3n@ito.tu-darmstadt.de!

spamtrap@ito.tu-darmstadt.de