HackPack CTF is a security competition that is part of the two security courses at NCSU: CSC-405 Computer Security and CSC-591 Systems Attacks and Defenses. The target audience is people interested in computer security that have some related background (like took a security course before ;) and want to exercise their skills in a secure environment by solving security challenges.
You can register your team here!
The CTF will start on April 17th at 1pm EDT and finish on April 27th at 23:59 EDT.
This is different from what we had originally planned for this competition. We have decided that letting the competition run longer will allow our CTF players to participate in a more asynchronous fashion, taking into considerations the difficulties that we are all experiencing due to the effects of Coronavirus (COVID-19).
This competition is a Jeopardy-style CTF, which means that challenges are independent, run on our infrastructure and in this particular competition belong to one (or more) of the following categories:
pwn- exploiting a vulnerability by gaining code execution
re- reversing an algorithm without having access to the source code
web- web security challenges
misc- security-related challenges that do not fall into any of the previous categories
The competition has dynamic scoring, which means that the more people solve a challenge the less amount of points everyone that solved it gets.
All flags in the competition have the following format:
The challenges in this competition are designed so that a significant subset of them can be solved within a 6-hour live event that is happening every year at NCSU as part of the security classes of the semester. However, due to the nature of this semester and the effects of Coronavirus (COVID-19), we are going to expand the duration of the competition to span until the end of the semester, so that the competition is more asynchronous and more CTF players can participate. This does have the effect that we expect experienced CTF teams to finish all available challenges before the competition ends.
None of the challenges require bruteforcing, so any action causing unnecessarily high loads for CPU, traffic, memory, I/O, etc. on our infrastructure, other teams or any other party is strictly prohibited.
If you discover a bug that is affecting the competition, let us know instead of acting maliciously (deleting flags, breaking the challenge deliberately, etc).
Lastly, do not share flags with other teams or ask for flags. Be a l33t hacker and capture the flags with your sk177z.
Part of the infrastructure is sponsored by g.co/cloud.