Info
How the challenge will work
Select topic
Who can take part?
The Reply Cyber Security Challenge is an online coding competition open to coders and security experts aged 16 years + (at time of registration), from all over the world. There are two challenges: one for Replyers and one for non-Replyerprofessionals and students.
Can I arrange a mixed team of Replyers and externals for this coding game?
No. There are two challenges, with two separate leader boards, so this is not possible.
If I register on the platform, am I registered for the competition?
No, you need to join a team, create your own, or join the random queue to play. By registering on the platform, you’ll get updates on upcoming online challenges.
Is there a registration fee?
No, this challenge is completely free!
When do I have to register for the challenge?
You can usually register one month before the challenge day.
I've registered, but I have no teammates. What can I do?
Once you’ve registered, you can join a team, form one yourself, or ask for the ‘random queue’ to assign you one. You can’t play alone!
Plus, we’ve created a Discord server, in which you can find a looking-for-team channel, to help you find teammates or to join an existing team.
Once registered, can I change my registration details?
To update your details at any time, log in to your profile and click “Edit profile”, or follow this link.
How do I cancel my registration?
Please send your cancellation request to challenges@reply.com.
How can I form my team?
To form your team, log in to the Reply Challenges platform, click “Register & Team up” and select “Create new team”. Once you’ve formed a team, you’ll see it when you log in to the platform. You can also choose a team name and invite your friends by email, or via WhatsApp or Telegram. Just choose the way that suits you best and send the invitation.
⚠️ Remember, if you’re a Replyer, you can only ask other Replyers to join your team.
How many people can be in a team?
Your team can have 2 - 4 people. The more people you have, the more chances you have to solve the problems.
I don't want to form a team, what can I do?
No problem. You have until 23.59 CEST of the day before the challenge to join someone else’s team or ask for the ‘random queue’ team assignment. If you join the random queue you’ll receive a mail with the name of your team before the challenge.
Can I change who's on my team before the challenge day?
No, but you are free to leave your current team. They won’t receive any notification, so remember to tell them.
Can we train for the Reply Cyber Security Challenge?
We recommend practising on the training problems before the challenge. That way, you can better understand the type of problems you might get and how to submit solutions.
How do we access the training problems?
Just visit the Cyber Security Challenge archive at any time to access the past editions' problems in a sandbox mode. Here you can upload as many solutions as you want, as many times as you want. The training problem submission works just like the real challenge, except you’ll play alone and not in a team.
How do we submit a solution?
Submit a solution by inserting the right flag in the given format on the dedicated page.
Will I see a score when I submit a solution in sandbox mode?
Yes. You’ll see a list of scores only if the flag is correct.
Will there be a leader board in the training area?
No, but you’ll see your scores.
What browsers can I use?
The platform supports the latest versions of Chrome, Explorer, Firefox, Microsoft Edge and Safari. If you’re not sure what version you have, you can check here.
Something's wrong with the platform. What should we do?
Try reloading the page, then try clearing your cache and cookies. If you’re still having problems, ask for support from the Reply Keen Minds on the official Discord server or email challenges@reply.com.
What are the other computer/technical requirements?
You’ll need your own computer with an internet connection.
What programming language and tools can we use?
Just like most Capture the Flags, you can use your favourites.
When will you publish the problem?
On the Challenge day, we’ll publish the first three problems of each category. The last two problems of each category will only become available once your team has completed the first three. Or, depending on how the challenge progresses, they could be unlocked, maybe just partially, by the Reply Keen Minds Team. Six hours from the end of the Challenge, level four could be unlocked, while the last level, the 5th, could be unlocked four hours from the end.
What if we have a question about the problem statement?
You can message the Reply Keen Minds via chat.
What are the categories?
The problems are divided into five categories as described below:
CODING – this category relates to problems you’ll need to solve using your programming languages and coding skills.
WEB – this category focuses on finding and exploiting vulnerabilities in web applications.
CRYPTO – this category involves attacking poorly implemented cryptographic algorithms, finding their vulnerabilities, then decrypting encrypted messages.
BINARY – this category involves reverse engineering and exploiting security vulnerabilities in binary applications.
MISCELLANEOUS – this category combines challenges from all the other categories, and requires additional skills such as stegano, forensic, recon, as well as general knowledge.
You can find more info about the categories at this link.
How do the levels work?
Each category consists of five levels that will be progressively unlocked during the challenge when the previous ones are solved. There are no cross-category dependencies.
How to solve a problem?
A challenge is solved when a team finds a flag. To earn points, your team must insert the flag into the answer input box in the platform challenge (curly brackets included).
What is a flag?
The flag is a token or a string that match the following regular expression: /\{FLG:.+\}/ where the content is any non-empty ASCII string (uppercase and lowercase letters, digits or symbols).
Is it an online-only competition?
Yes, it’s an online-only CTF competition.
What are we not allowed to do during the challenge?
During the game and in the sandbox areas you are not allowed to:
attack the registration and flag submission portal (challenges.reply.com), or any system other than the challenge box
perform denial of service or other attacks (e.g. brute force) aimed at degrading a network
attack other participants and steal flags
use automatic tools (e.g. Nessus) to solve a challenge.
Traffic is monitored by Reply. Do not disturb or distract members from other teams. You’re not allowed to receive any external help or support.
How do we submit a solution?
Your team must insert the flag into the answer input box in the platform challenge (curly brackets included).
How do you calculate the score?
Each challenge is scored according to its level of difficulty. For each category:
Challenge one – 100 points
Challenge two – 200 points
Challenge three – 300 points
Challenge four – 400 points
Challenge five – 500 points
What are first-blood points?
We assign first-blood points to the first five teams that solve a challenge. The bonus points for each category are:
First solver – 32 points
Second solver – 16 points
Third solver – 8 points
Fourth solver – 4 points
Fifth solver – 2 points
Who wins?
At the end of the challenge, the Reply Keen Minds Team will review and validate the top-ranked teams on the leader board. To win, the first three teams must upload the write-up file, with a full explanation of how they got the flag for each problem. If teams can’t provide their write-up files within 24 hours of the challenge ending, they will forfeit their position in the rankings.
What is a write-up?
It’s a file with a full explanation of how teams got the flag for each problem.
When will you announce the results of the Reply Cyber Security Challenge?
We’ll publish a full list of results and notify all finalists no later than one week after the end of the CTF.
What are the prizes?
Each member of the first-ranked team will win a Gaming Laptop. Each member of the second-ranked will win a Beats Studio3 headphones, and each member of the third-ranked team will win a Gaming keyboard Razer.
When will you award prizes?
We’ll send the winners details of how to claim their prizes.
What's the University Students League?
Starting from this year, you can win a prize for your university, too. The final score that your team will get during the Cyber Security Challenge will be added to the University Leaderboard.
What's the prize?
A cool Reply Arcade Game cabinet for the communal areas in your university or a financial donation to support an educational or research project.
How can I participate?
You just need to tell us the name of your university right after creating a team or joining an existing one.
What about teams from different universities?
The final score of your team will count for every person on the team: if in your team there will be students from different universities the points will be added to each of those.
I'm not a student anymore, can I still take part in the Univerisity Students League?
Yes, you can, the University Students League is open to Alumni too. Right after creating your team, insert the name of the university where you studied and make it win.
I'm a Replyer, can I take part in the Univerisity Students League?
No, you cant, but you can take part in the Reply Cyber Security Challenge Company Award and get more chances to win! We’ll assign your score to your company, even if youre playing in a mixed team.
How will we get updates about the Reply Cyber Security Challenge?
You’ll get some mails before and after the challenge, so check your mailbox regularly. You can always ask for support from the Reply Keen Minds during the challenge, via the official Discord server, if you have questions.
Which language(s) do I need to speak?
All communications are in English. Though you and your teammates can speak whatever language(s) you like! 🌍
Who are the Reply Keen Minds?
The Reply Keen Minds team wrote the problems and they are responsible for enforcing all challenge rules. They’ll review the write-ups from teams and award prizes. They may exclude any participants or teams at any time for breaching competition rules.
What do we do if someone’s cheating or behaving badly?
We want to make training sessions and the challenge fair for everyone. So never stop others from taking part – for instance, by overloading the challenge platform, or sending files containing malware, viruses or other code intended to interrupt, destroy or limit operation of platform, software, hardware or telecoms equipment. This will result in instant disqualification. If you’ve spotted any cheating or unfair behaviour, email challenges@reply.com.