SECCON 2015 Final



Finals Overview


COMPETITION: Intercollege International
DATE: January 30th (SAT) January 31st (SUN)
PLACE: Tokyo Denki University (Tokyo Senju Campus), Japan
(Address) 5 Senju Asahi-cho, Adachi-ku, Tokyo 120-8551 Japan
(Nearest Station) Kitasenju
(Google Map) https://goo.gl/maps/A5oJY
(Access) http://web.dendai.ac.jp/access/tokyosenju.html (in Japanese)
PARTICIPANTS 18 Teams
(Up to 4 persons per team)
18 Teams
(Up to 4 persons per team)

*The CTF area is basically for staff and players only.
*The visiter may enter the CTF area with our arrangements.


Intercollege

Date

January 30st, 2016

Place

Tokyo Denki University (Access)

Schedule

11:00
Registration
11:30
Opening & Orientation
12:00
Game Starts(4.0H)
16:00
Game Ends & Brief workthrough
16:30
Award Ceremony
17:00
Party (Tokyo Denki University)

- Prize of Ministry of Education, Culture, Sports, Science and Technology will be awarded to the winning team.

- Other prizes are also planned.

- Game Style is Attack & Deffense.


Intercollege Finalists
No.TeamQualification Contests
1.
dodododo
(SANS NetWars Tournament #2)
2.
m1z0re
(10th Crisis Management Contest at 19th Shirahama Cyber Crime Symposium #1)
3.
MMA
(SECCON 2015 Kyusyu: Attack & Defense #1)
4.
barylite
(SECCON 2015 Kyusyu: Attack & Defense #2)
5.
oishiipp
(SECCON 2015 Kyusyu: Attack & Defense #4)
6.
scryptos
(SECCON 2015 Fukushima: Cyber Koshien #1)
7.
insecure
(SECCON 2015 Fukushima: Cyber Koshien #2)
8.
omakase
(SECCON 2015 Fukushima: Cyber Koshien #3)
9.
0x0
(SECCON 2015: Online Qualification #1)
10.
TomoriNao
(SECCON 2015: Online Qualification #2)
11.
Tokyo Westerns
(SECCON 2015: Online Qualification #3)
12.
negainoido
(SECCON 2015: Online Qualification #5)
13.
security_anthem
(SECCON 2015: Online Qualification #6)
14.
z_kro
(SECCON 2015: Online Qualification #7)
15.
wasamusume
(SECCON 2015: Online Qualification #8)
16.
IPFactory
(SECCON 2015: Online Qualification #9)
17.
Aquarium
(SECCON 2015: Online Qualification #10)
18.
Yozakura
(SECCON 2015: Online Qualification #11)





International

Date

January 31st, 2016

Place

Tokyo Denki University (Access)

Schedule

09:30
Registration
10:00
Opening / Orientation
11:00
Game Starts(5.5H)
16:30
Game Ends
Move to the party venue (by bus)
18:00
Award Ceremony & Party (Ryogoku Dai-Ichi Hotel (Access))

International Finalists
No.TeamQualification Contests
1.
scryptos
(SANS NetWars Tournament #1)
2.
urandom
(SECCON 2015 Yokohama: CEDEC CHALLENGE #1)
3.
nw
(SECCON 2015 Osaka: CSIRT Excercise #1)
4.
katagaitai
(SECCON 2015 Hiroshima: Shellcode #1)
5.
Jinkai
(MWS Cup 2015 #1)
6.
Nem
(Cyber SEA Game #1)
7.
Pwnladin
(Cyber SEA Game #2)
8.
Cykorkinesis
(2015 HITCON CTF: Final #1)
9.
217
(SECCON 2015: Online Qualification #1)
10.
GoatskiN
(SECCON 2015: Online Qualification #2)
11.
m1z0r3
(SECCON 2015: Online Qualification #4)
12.
0x0
(SECCON 2015: Online Qualification #5)
13.
PwnThyBytes
(SECCON 2015: Online Qualification #6)
14.
Shellphish
(SECCON 2015: Online Qualification #7)
15.
CodeRed
(SECCON 2015: Online Qualification #8)
16.
KaSecon
(SECCON 2015: Online Qualification #9)
17.
Bushwhackers
(SECCON 2015: Online Qualification #10)
18.
TomoriNao
(SECCON 2015: Online Qualification #11)

International CTF Rules
*Rules are subject to change untile the game starts.

Please read the following game rules before participating in the finals.

1: Basic rules

1-a:
Game durations are 11:00 to 16:30 on January 31st 2016 JST.
1-b:
Points will be calculated for each team.
1-c:
Points are made through "ATTACK POINTS" and "DEFENSE POINTS".
1-d:
At the end of the game, the highest scoring team will be the winner.
1-e:
In the case of a tie, the team that scored the highest points first will win.

2: ATTACK POINTS

2-a:
"ATTACK POINTS" are made by submitting a "attack keyword" to the scoreboard. You can get an attack keyword by exploiting the target servers.
2-b:
The attack keyword format is normally "SECCON{Oq34u7b28QdWTmO8342}". We will let you know in the challenge description on the scoreboard if there is a different format.
2-c:
One target server may have multiple attack keywords hidden in it.
2-d:
The number of attack keywords is private and will not be announced.
2-e:
ATTACK POINTS are worth 100 points each.

3: DEFENSE POINTS

3-a:
"DEFENSE POINTS" are made by checking "defense keywords" is included in the target server's "flag page" periodically.
3-b:
Each challenge's DEFENSE POINTS, flag page, and each team's defense keywords will be announced on the scoreboard.
3-c:
We will check the flag page every 5 minutes and give your team DEFENSE POINTS if we can successfully read your assigned defense keyword.
3-d:
The defense keyword will change every 5 minutes. The defense keywords is different for each team.
3-e:
In the case that multiple team's defense keywords are included in the flag page, the DEFENSE POINTS will be divided equally. For example, in the case that 3 team's defense keywords are included and the DEFENSE POINTS are worth 20 points, each team will receive 7 points(20 divided by 3 and rounded up).

4: Others

4-a:
We will release all of the challenges (target servers) at the start of the competition. There will be no additional challenges.
4-b:
Your team will be temporarily locked out if you try to guess an answer too many times in a short period of time.
4-c:
If you continue to submit wrong attack keywords while being locked out, your lock out time will increase even more.

5: Prohibitions

5-a:
Attacking any computers or networks that have not been designated in the challenge.
  • For example, directly attacking other team's computers, etc...
  • However, you are allowed to prevent other teams from scoring by modifying the target servers designated in the challenges.
5-b:
Anything that excessively increases the load on the target server or network.
  • There is no need to remotely brute-force ANY of the challenges.
5-c:
Connecting to the internet from the competition network. We will provide internet access on a separate network.
5-d:
Publishing or sharing any of the challenges or information about the challenges to anyone other than your registered team members.
5-e:
Support from anyone besides your registered team members.
5-f:
Use a power outlet besides the ones provided at the venue.
5-g:
Entering the venue without permission or inviting anyone to the venue without permission.
5-h:
Drinking alcohol or smoking inside.
5-i:
All sexual, power, cyber, and/or any other type of harassment.
5-j:
Anything to inhibit the operation of the game.

If the organizers discover any wrong doing, your team will be punished with deduction of points or disqualification from the contest depending on the severity.


FAQ (Frequently Asked Questions)

(1)
Are you providing target servers per a team?
→ No
(2)
If there are unique target servers and players are allowed to modify them, is it possible to shutdown them or flush flag page to prevent others from scoring?
→ You are allowed to try, as long as you do not violate the rules (especially on 5-b).
(3)
Are we prohibited to use services like ssh through internet, those uses ports other than 80 and 443?
→ Internet access provided to you is connected through Web proxy, and it supports only HTTP/HTTPS. Other ports are closed. It is up to you how you use it as long as you do not violate the rules (especially on 5-d, 5-e, 5-g).
(4)
During competitions we would like to be able to connect to Amazon instance servers (EC2) for development and testing purposes. Is it possible to allow this during the competition? We would have to have SSH access to these machines.
→ It is up to you how you use it as long as you do not violate the rules (especially on 5-d, 5-e, 5-g). It is prohibited to connect to/from the internet to/from the CTF competition network. The internet access provided to you is connected through Web proxy, and it supports only HTTP(80)/HTTPS(443). Other ports are closed.