Cyber Security CHALLENGE

CAPTURE THE FLAG EDITION - STAY TUNED FOR THE NEXT CTF!

Next edition will be announced soon!

 

Challenge Journey

REGISTRATION & TRAINING

Form a team of 2 to 4 members in order to compete. Then you can start training on past problems in the Training section to see how well you score. 

CHALLENGE DAY

The problem statements are published on your team page.

WINNERS ANNOUNCEMENT

We'll announce the winners within a week of the challenge ending. We'll email winning teams to arrange delivery of prizes.

PREVIOUS ON

Looking for practice?

Want more? Have a look at the Training section.

Quotes from participants

"It was really fun. I focused on coding and misc and the misc category was beautifully designed."

Andrea g.

CYBER SECURITY PLAYER

11th OCTOBER 2019

"I think it is a very good experience. With friends we ate something before. We talk about the challenge all the days after."

ROBERT F.

CYBER SECURITY PLAYER

11th OCTOBER 2019

"Fantastic and very funny"

mathias l.

CYBER SECURITY PLAYER

11th october 2019

JOIN US

About

The Reply Cyber security challenge was created in 2018. A crack team of security experts from several Reply companies (the Reply Keen Minds), entered a few external Capture the Flag competitions. Based on their experiences, they decided to design a challenge powered by Reply aimed at students and professionals.

 

Over 24 intense hours, participants from all over the world come together each year to solve a matrix of 25 problems made of 5 categories: Coding, Web, Miscellaneous, Crypto and Binary. The winning team is the one who finds the hightest numebr of flags. 

 

Are you up for the next challenge?

Meet the Keen Minds

Number of people in keenmind:

19

ARCHIVE

Practice makes perfect. Try your hand at past cyber security problems to prepare for the next round.

FAQ

Participants & registrations

 

1. Who can take part?

The Reply Cyber Security Challenge is an online coding competition open to coders and security experts aged 14 years + (at time of registration), from all over the world. There are two challenges: one for Replyers and one for non-Replyer professionals and students.

 

2. Can I create a mixed team of Replyers and non-Replyers for this challenge?

No. There are two challenges, with two separate leader boards, so this is not possible.

 

3. If I register on the platform, am I registered for the competition?

No, you need to join a team, create your own, or join the random queue to play. By registering on the platform, you’ll get updates on upcoming online challenges.

 

4. When do I have to register for the challenge?

You can usually register one month before the challenge day. 

 

5. Is there a registration fee?

No, this challenge is free.

 

6. I’ve registered, but I have no teammates. What can I do?

Once you’ve registered, you can join a team, form one yourself, or ask for the ‘random queue’ to assign you one. You can play in a team with just you, but we strongly recommend enlisting other teammates to give you more chance of solving the problems.

 

7. Once registered, can I change my details?

To update your details at any time, log into your profile and click “Edit profile”, or follow this link.

 

8. How do I cancel my registration?

Please send your cancellation request to challenges@reply.com.

 

9. Is it an online-only competition?

Yes.

 

Forming a team

 

1. How can I form my team?

To form your team, log in to the Reply Challenges platform, click “Team up” and select “Create new team”. Once you’ve formed a team, you’ll see it when you log in to the platform. You can also choose a team name and invite your friends. Just fill in their email addresses and send the invitation. Remember, if you’re a Replyer, you can only ask other Replyers to join your team.

 

2. How many people can be in a team?

Your team can have 1 - 4 people. The more people you have, the more chances you have to solve the problems.

 

3. I don’t want to form a team, what can I do?

No problem. You have until 23.59 CEST of the day before the challenge to join someone else’s team or ask for the ‘random queue’ team assignment. If you join the random queue you’ll receive a mail with the name of your team before the challenge.

 

4. Can I change who’s on my team before the challenge day?

No, but you are free to leave your current team. They won’t receive any notification, so remember to tell them.

 

Communication

 

1. How will we get updates about the Reply Cyber Security Challenge?

You’ll get some mails before and after the challenge, so check your mailbox regularly. You can always message the Reply Keen Minds during the challenge, via chat, if you have questions.

 

2. Which language(s) do I need to speak?

All communications are in English. Though you and your teammates can speak whatever language(s) you like! ☺

 

Reply Challenges platform

 

1. What browsers can I use?

The platform supports the latest versions of Chrome, Explorer, Firefox, Microsoft Edge and Safari. If you’re not sure what version you have, you can check here.

 

2. Something is wrong with the platform. What should I do?

Try reloading the page, then try clearing your cache and cookies. If you’re still having problems, message the Reply Keen Minds on chat or email challenges@reply.com.

 

3. How much time does each team have to solve the problems?

Teams have 24 hours to solve all 25 inputs.

 

Training

 

1. Can we train for the Reply Cyber Security Challenge?

We recommend practising on the training problems before the challenge. That way, you can better understand the type of problems you might get and how to submit solutions.

 

2. How do we access the training problem?

Just visit the Reply Challenges platform any time. You can upload as many solutions as you want, as many times as you want. The training problem submission works just like the real challenge, except you’ll play alone and not in a team.

 

3. How do we submit a solution?

Submit a solution by inserting the right flag in the given format in the dedicated page.

 

4. Will I see a score when I submit a solution?

Yes. You’ll see a list of scores only if the flag is correct.

 

5. Is there a leader board in the training area?

No, but you can see your scores.

 

6. What if we have a question about the problems?

You can message the Reply Keen Minds, via chat.

 

During the Reply Cyber Security Challenge

1. When will you publish the problems?

On the challenge day, we’ll publish the first three problems of each category. The last two problems of each category only become available once your team’s completed the first three problems for each category.

 

2. How do we submit a solution?

A challenge is solved when the team finds a flag. To earn points, your team must insert the flag into the answer input box in the platform challenge (curly brackets included).

 

3. What is a flag?

The flag is a token or a string in the following format: FLG XXXXXX...XXXXXXXXXX}, where XXXXXX...XXXXXXXXXX are alphanumeric characters ((letters, digits or ASCII characters)).

 

Technical requirements, submissions and scoring

 

1. How do we insert a flag?

Your team can insert a flag in the dedicated space in the web page.

 

2. What are the categories?

The problems are divided into five categories (Coding, Web, Miscellaneous, Crypto, Binary), described below:

 

  • Coding – this category relates to problems you’ll need to solve using your programming languages and coding skills.
  • Web – this category focuses on finding and exploiting vulnerabilities in web applications.
  • Crypto – this category involves attacking poorly implemented cryptographic algorithms, finding their vulnerabilities, then decrypting encrypted messages.
  • Binary – this category involves reverse engineering and exploiting security vulnerabilities in binary applications.
  • Miscellaneous – this category combines challenges from all the other categories, and requires additional skills such as stegano, forensic, recon, as well as general knowledge.

You can find more info about the categories at this link.

 

3. How do the levels work?

Each category consists of five levels. When the challenge starts, we’ll publish  only the first three problems for each category. The last two problems of each category only become available once your team’s completed the first three problems of that category. Alternatively, they are unlocked by the Reply Keen Minds Team depending on how the challenge progresses. There are no cross-category dependencies. 

 

5. How do we calculate the score?

Each challenge is scored according to its level of difficulty. For each category:

 

  • Challenge one – 100 points
  • Challenge two ­­– 200 points
  • Challenge three – 300 points
  • Challenge four – 400 points
  • Challenge five – 500 points

6. What are first-blood points?

We assign first-blood points to the first five teams that solve a challenge. The bonus points for each category are:

 

  • First solver – 32 points
  • Second solver – 16 points
  • Third solver – 8 points
  • Fourth solver – 4 points
  • Fifth solver – 2 points

7. What programming language and tools can we use?

Just like most capture the flags, you can use your favourites.

 

8. What are the other computer/technical requirements?

You’ll need your own computer with an internet connection.

 

Winners & prizes

1. Who wins?

At the end of the challenge, the Reply Keen Minds Team will review and validate the top-ranked teams on the leader board. Each member of the first-ranked team will win a MSI GS65 8RF Gaming Laptop. Each member of the second-ranked will win a Oculus Go, and each member of the third-ranked team will win a Gaming keyboard Razer. To win, the first three teams must upload the write-up file, with a full explanation of how they got the flag for each problem. If teams can’t provide their write-up files within 24 hours of the challenge ending, they will forfeit their position in the rankings.

 

2. What is a write-up?

It’s a file with a full explanation of how teams got the flag for each problem.

 

3. When will you announce the results of the Reply Cyber Security Challenge?

We’ll publish a full list of results and notify all finalists no later than one week after the end of the CTF.

 

4. When will you award prizes?

We’ll send the winners details of how to claim their prizes.

 

Keen Minds & fair play

 

1. Who are the Keen Minds?

The Reply Keen Minds team wrote the problems and are responsible for enforcing all challenge rules. They’ll review the write-ups from teams and award prizes. They may exclude any participants or teams at any time for breaching competition rules.

 

2. What do we do if someone’s cheating or behaving badly?

We want to make training sessions and the challenge fair for everyone. So never stop others from taking part – for instance, by overloading the challenge platform, or sending files containing malware, viruses or other code intended to interrupt, destroy or limit operation of platform, software, hardware or telecoms equipment. This will result in instant disqualification. If you’ve spotted any cheating or unfair behaviour, email challenges@reply.com.
 

During the game and in the sandbox areas you are not allowed to:

  • attack the registration and flag submission portal (challenges.reply.com), or any system other than the challenge box
  • perform denial of service or other attacks (e.g. brute force) aimed at degrading a network
  • attack other participants and steal flags
  • use automatic tools (e.g. Nessus) to solve a challenge.

Traffic is monitored by Reply. Do not disturb or distract members from other teams. You’re not allowed to receive any external help or support.

RULES

Competitions

Registration is open one month before the challenge, until 23.59 of the previous day unless there’s an extension which we’ll announce via the platform. Your team can be made up of 1 - 4 members. During the registration phase you can:

  • create a new team
  • ask to join an existing one
  • register and wait for the random team assignment once registration closes.

Participants

The Reply Cyber Security Challenge is an online coding competition open to coders and security experts aged 14 years + (at time of registration) from all over the world. There are two challenges: one for Replyers and one for non-Replyer professionals and students.

Challenge Platform

Your team submits solutions through Reply’s challenge platform. The platform features a regularly updated leader board, showing how teams are performing. The leader board will freeze 30 minutes before the challenge deadline (but we’ll continue to update scores).

Challenge categories and levels

We’ll publish the 25 problems to be solved on the challenge platform. The problems are divided into five categories (Coding, Web, Miscellaneous, Crypto, Binary), described below:

 

  • Coding – this category relates to problems you’ll need to solve using your programming languages and coding skills.
  • Web – this category focuses on finding and exploiting vulnerabilities in web applications.
  • Crypto – this category involves attacking poorly implemented cryptographic algorithms, finding their vulnerabilities, then decrypting encrypted messages.
  • Binary – this category involves reverse engineering and exploiting security vulnerabilities in binary applications.
  • Miscellaneous – this category combines challenges from all the other categories, and requires additional skills such as stegano, forensic, recon, as well as general knowledge.
  •  

Each category consists of five levels. When the challenge starts, we’ll publish  only the first three problems for each category. The last two problems of each category only become available once your team’s completed the first three problems of that category. Alternatively, they are unlocked by the Reply Keen Minds Team depending on how the challenge progresses. There are no cross-category dependencies.

Finding flags and submissions

A challenge is solved when a team finds a flag – a string in the following format: FLG ABCXXX...XXXXXXXXXX} (letters, digits or ASCII characters).

To earn points, your team must insert the flag into the answer input box in the platform challenge (curly brackets included).

Scoring

Each challenge is scored according to its level of difficulty. For each category:

 

  • Challenge one – 100 points
  • Challenge two ­­– 200 points
  • Challenge three – 300 points
  • Challenge four – 400 points
  • Challenge five – 500 points

 

We  also assign first-blood points to the first five teams that solve a challenge. The bonus points for each category are:

 

  • First solver – 32 points
  • Second solver – 16 points
  • Third solver – 8 points
  • Fourth solver – 4 points
  • Fifth solver – 2 points

Clarifications and team communication

The official communication channel for the challenge is the challenges.reply.com website. It also provides an online chat facility for tech issues and the ability to receive messages from the Reply Keen Minds team.

You can ask the Reply Keen Minds team for clarification during the challenge, via chat. Each member can also talk with their teammates using chat. Any challenge ‘hints’ will be sent as broadcast messages and included in the challenge description.
Teams must be able to send a write-up of how they solved a challenge, if requested by the Keen Minds Team.

Winners, prizes and write-ups

At the end of the challenge, the Reply Keen Minds Team will review and validate the top-ranked teams on the leader board. Each member of the first-ranked team will win a MSI GS65 8RF Gaming Laptop. Each member of the second-ranked will win an Oculus Go, and each member of the third-ranked team will win a Gaming keyboard Razer. To win, the first three team must upload the write-up file, with a full explanation of how they got the flag for each problem. If teams can’t provide their write-up files within 24 hours of the challenge ending, they will forfeit their position in the rankings.The Keen Minds Team will announce the official winners no later than one week after the end of the CTF.

If the write-up is submitted in time, we’ll email each registered user (if more than one) of the first, second and third-ranked teams on the leader board. We’ll request a copy of each user’s ID to verify the information provided at the time of registration on the platform. We’ll need to receive this by email within 10 days. If the registered user is under 16 years old, a parent or legal guardian will need to complete and sign an attached document.

Fair play

We expect every team to have a positive attitude during the contest. No team should prevent other teams from taking part – for instance, by trying to overload the challenge platform or interfering with devices of other participants. This will lead to disqualification. It is strictly prohibited to:

  • attack the registration and flag-submission portal (challenges.reply.com), or any system other than the challenge box
  • perform denial of service or other attacks (e.g. brute force) aimed at degrading the network
  • attack other participants and steal flags
  • use automatic tools (e.g. Nessus) to solve a challenge.

Traffic is monitored by Reply. Do not disturb or distract members from other teams. You’re not allowed to receive any external help or support.

It’s strictly against the rules – and the spirit of the Reply Code Challenge – for Replyers involved in the competition to help any team members taking part in the non-Replyer challenge.

Reply Keen Minds

The Reply Keen Minds team is responsible for enforcing all rules. The team will review submissions from teams and award prizes. They may exclude any participants or teams at any time, if the team members don’t follow the rules of the contest.

If no team has been able to solve the first three problems in a category, the Reply Keen Minds team can publish the last two problems.

more