Participants & registrations
1. Who can take part?
The Reply Cyber Security Challenge is an online coding competition open to coders and security experts aged 16 years + (at time of registration), from all over the world. There are two challenges: one for Replyers and one for non-Replyer professionals and students.
2. Can I create a mixed team of Replyers and non-Replyers for this challenge?
No. There are two challenges, with two separate leader boards, so this is not possible.
3. If I register on the platform, am I registered for the competition?
No, you need to join a team, create your own, or join the random queue to play. By registering on the platform, you’ll get updates on upcoming online challenges.
4. When do I have to register for the challenge?
You can usually register one month before the challenge day.
5. Is there a registration fee?
No, this challenge is free.
6. I’ve registered, but I have no teammates. What can I do?
Once you’ve registered, you can join a team, form one yourself, or ask for the ‘random queue’ to assign you one. You can’t play alone!
Plus, we’ve created a Discord server, in which you can find a looking-for-team channel, to help you find teammates or to join an existing team.
7. Once registered, can I change my details?
To update your details at any time, log into your profile and click “Edit profile”, or follow this link.
8. How do I cancel my registration?
Please send your cancellation request to challenges@reply.com.
9. Is it an online-only competition?
Yes.
Forming a team
1. How can I form my team?
To form your team, log in to the Reply Challenges platform, click “Register & Team up” and select “Create new team”. Once you’ve formed a team, you’ll see it when you log in to the platform. You can also choose a team name and invite your friends by email, or via WhatsApp or Telegram. Just choose the way that suits you best and send the invitation.
Remember, if you’re a Replyer, you can only ask other Replyers to join your team.
2. How many people can be in a team?
Your team can have 2 - 4 people. The more people you have, the more chances you have to solve the problems.
3. I don’t want to form a team, what can I do?
No problem. You have until 23.59 CEST of the day before the challenge to join someone else’s team or ask for the ‘random queue’ team assignment. If you join the random queue you’ll receive a mail with the name of your team before the challenge.
4. Can I change who’s on my team before the challenge day?
No, but you are free to leave your current team. They won’t receive any notification, so remember to tell them.
Communication
1. How will we get updates about the Reply Cyber Security Challenge?
You’ll get some mails before and after the challenge, so check your mailbox regularly. You can always ask for support from the Reply Keen Minds during the challenge, via the official Discord server, if you have questions.
2. Which language(s) do I need to speak?
All communications are in English. Though you and your teammates can speak whatever language(s) you like! ☺
Reply Challenges platform
1. What browsers can I use?
The platform supports the latest versions of Chrome, Explorer, Firefox, Microsoft Edge and Safari. If you’re not sure what version you have, you can check here.
2. Something is wrong with the platform. What should I do?
Try reloading the page, then try clearing your cache and cookies. If you’re still having problems, ask for support from the Reply Keen Minds on the official Discord server or email challenges@reply.com.
3. How much time does each team have to solve the problems?
Teams have 24 hours to solve all 25 inputs.
Training
1. Can we train for the Reply Cyber Security Challenge?
We recommend practising on the training problems before the challenge. That way, you can better understand the type of problems you might get and how to submit solutions.
2. How do we access the training problem?
Just visit the Reply Challenges platform at any time. You can upload as many solutions as you want, as many times as you want. The training problem submission works just like the real challenge, except you’ll play alone and not in a team.
3. How do we submit a solution?
Submit a solution by inserting the right flag in the given format on the dedicated page.
4. Will I see a score when I submit a solution?
Yes. You’ll see a list of scores only if the flag is correct.
5. Is there a leaderboard in the training area?
No, but you can see your scores.
6. What if we have a question about the problems?
You can message the Reply Keen Minds, via chat.
During the Reply Cyber Security Challenge
1. When will you publish the problems?
On the Challenge day, at 19:30 CEST, we’ll publish the first three problems of each category. The last two problems of each category will only become available once your team has completed the first three. Or, depending on how the challenge progresses, they could be unlocked, maybe just partially, by the Reply Keen Minds Team. Six hours from the end of the Challenge, level four could be unlocked, while the last level, the 5th, could be unlocked four hours from the end.
2. What is a flag?
The flag is a token or a string that match the following regular expression: /\{FLG:.+\}/ where the content is any non-empty ASCII string (uppercase and lowercase letters, digits or symbols).
3. How do we submit a solution?
A challenge is solved when the team finds the corresponding flag. To earn points, your team must insert the flag into the answer input box in the platform challenge (curly brackets included).
Technical requirements, submissions and scoring
1. How do we insert a flag?
Your team can insert a flag in the dedicated space on the web page.
2. What are the categories?
The problems are divided into five categories (Coding, Web, Miscellaneous, Crypto, Binary), described below:
- Coding – this category relates to problems you’ll need to solve using your programming languages and coding skills.
- Web – this category focuses on finding and exploiting vulnerabilities in web applications.
- Crypto – this category involves attacking poorly implemented cryptographic algorithms, finding their vulnerabilities, then decrypting encrypted messages.
- Binary – this category involves reverse engineering and exploiting security vulnerabilities in binary applications.
- Miscellaneous – this category combines challenges from all the other categories, and requires additional skills such as stegano, forensic, recon, as well as general knowledge.
You can find more info about the categories at this link.
3. How do the levels work?
Each category consists of five levels. When the Challenge starts, we’ll publish only the first three problems for each category. The last two problems of each category will only become available once your team has completed the first three. Or, depending on how the challenge progresses, they could be unlocked, maybe just partially, by the Reply Keen Minds Team. Six hours from the end of the Challenge, level four could be unlocked, while the last level, the 5th, could be unlocked four hours from the end.
5. How do we calculate the score?
Each challenge is scored according to its level of difficulty. For each category:
- Challenge one – 100 points
- Challenge two – 200 points
- Challenge three – 300 points
- Challenge four – 400 points
- Challenge five – 500 points
6. What are first-blood points?
We assign first-blood points to the first five teams that solve a challenge. The bonus points for each category are:
- First solver – 32 points
- Second solver – 16 points
- Third solver – 8 points
- Fourth solver – 4 points
- Fifth solver – 2 points
7. What programming language and tools can we use?
Just like most capture the flags, you can use your favourites.
8. What are the other computer/technical requirements?
You’ll need your own computer with an internet connection.
Winners & prizes
1. Who wins?
At the end of the challenge, the Reply Keen Minds Team will review and validate the top-ranked teams on the leader board. Each member of the first-ranked team will win a Gaming Laptop. Each member of the second-ranked will win a Beats Studio3 headphones, and each member of the third-ranked team will win a Gaming keyboard Razer. To win, the first three teams must upload the write-up file, with a full explanation of how they got the flag for each problem. If teams can’t provide their write-up files within 24 hours of the challenge ending, they will forfeit their position in the rankings.
2. What is a write-up?
It’s a file with a full explanation of how teams got the flag for each problem.
3. When will you announce the results of the Reply Cyber Security Challenge?
We’ll publish a full list of results and notify all finalists no later than one week after the end of the CTF.
4. When will you award prizes?
We’ll send the winners details of how to claim their prizes.
University Students League
1. Whats the University Students League?
Starting from this year, you can win a prize for your university, too. The final score that your team will get during the Cyber Security Challenge will be added to the University Leaderboard.
2. Whats the prize?
A cool Reply Arcade Game cabinet for the communal areas in your university or a financial donation to support an educational or research project.
3. How can I participate?
You just need to tell us the name of your university right after creating a team or joining an existing one.
4. What about teams from different universities?
The final score of your team will count for every person on the team: if in your team there will be students from different universities the points will be added to each of those.
5. Im not a student anymore, can I still take part in the Univerisity Students League?
Yes, you can, the University Students League is open to Alumni too. Right after creating your team, insert the name of the university where you studied and make it win.
6. Im a Replyer, can I take part in the Univerisity Students League?
No, you cant, but you can take part in the Reply Code Challenge Company Award. By playing the challenge youll get the chance to win the Reply Code Challenge Company Award! We’ll assign your score to your company, even if youre playing in a mixed team.
Keen Minds & fair play
1. Who are the Keen Minds?
The Reply Keen Minds team wrote the problems and they are responsible for enforcing all challenge rules. They’ll review the write-ups from teams and award prizes. They may exclude any participants or teams at any time for breaching competition rules.
2. What do we do if someone’s cheating or behaving badly?
We want to make training sessions and the challenge fair for everyone. So never stop others from taking part – for instance, by overloading the challenge platform, or sending files containing malware, viruses or other code intended to interrupt, destroy or limit operation of platform, software, hardware or telecoms equipment. This will result in instant disqualification. If you’ve spotted any cheating or unfair behaviour, email challenges@reply.com.
During the game and in the sandbox areas you are not allowed to:
- attack the registration and flag submission portal (challenges.reply.com), or any system other than the challenge box
- perform denial of service or other attacks (e.g. brute force) aimed at degrading a network
- attack other participants and steal flags
- use automatic tools (e.g. Nessus) to solve a challenge.
Traffic is monitored by Reply. Do not disturb or distract members from other teams. You’re not allowed to receive any external help or support.