FAQs - Reply Cyber Security Challenge

1. Who can take part?

The Reply Cyber Security Challenge is an online coding competition open to passionate coders and security experts from aged 14 years (at the time of registration) and above, from all over the world. There will be two challenges, one dedicated to Replyers and one to professionals and students outside Reply.

2. Can I arrange a mixed team of Replyers and externals for this challenge?

No, unfortunately you can’t. As there will be 2 challenges, we’ll also have 2 leaderboards, so we’ll keep these competitions separated.

3. If I register on the platform, am I registered for the competition?

No, you need to join a team, create your own, or join the random queue to play on October 11th. By registering on the platform, you’ll get updates on upcoming online challenges.

4. Until when can I register for the challenge?

You can register from September 10th at 11:00 CEST to October 10th at 23:59 CEST.

5. Is there a registration fee?

No, this challenge is completely free!

6. I’ve registered, but I have no teammates. What can I do?

Once you’ve registered, you can join a team, form one or ask for the ‘random queue’ to assign you one. You can also play in a team made of 1 member, but we strongly suggest to enlarge your team to have more chances to solve the problems.

7. How do I change my registration details?

To update your details at any time, log into your profile and click “Edit profile”, or follow this link.

8. How do I cancel my registration?

You can send your cancellation request to challenges@reply.com.

9. Is it an online only game?

Yes, it is an online only competition.

1. How can I form my team?

To form your team, log in to the Reply Challenges platform, click “Team up” button and select “Create new team”. Once you’ve formed a team, you’ll see it when you log in to the platform. You’ll also be able to choose a team name and invite your friends. Just fill in their email addresses and send the invitation. Remind that Replyers will play in a challenge reserved for them, that’s why mixed teams are not allowed.

2. How many people can be in a team?

Your team can have 1, 2, 3 or 4 people. We strongly suggest to enlarge your team to have more chances to solve the problems.

3. I don’t want to form a team, what can I do?

No problem. You have until 23.59 CEST on October 11th to join someone else’s team or ask for the ‘random queue’ team assignment. If you join the random queue you’ll receive a mail with the name of your team before the challenge.

4. Can I change who’s on my team before the challenge day?

No, but you are free to leave your current team. They won’t receive any notification, so remember to tell them.

1. How will we get updates about the Reply Cyber Security Challenge?

You’ll get some mails before and after the challenge, so check your mailbox regularly. You can always message the Reply Keen Minds during the challenge via chat if you have questions.

2. Which language(s) do I need to speak?

All communications will be in English. Though you and your teammates can speak whatever language(s) you like! ☺

1. What browsers are supported?

The platform supports the latest version of Chrome, Explorer, Firefox, Microsoft Edge and Safari. If you’re not sure what version you have, you can check here.

2. Something is wrong with the platform. What should I do?

Try reloading the page, then try clearing your cache and cookies. If you’re still having problems, please message the Reply Keen Minds on chat or email challenges@reply.com.

3. How much time does each team have to solve the problems?

Teams have 24 hours to solve all 25 inputs, from October 11th 19:30 CEST to October 12th 19:30 CEST.

1. Can we train for the Reply Cyber Security Challenge?

We strongly recommend you practice on the training problems before the challenge takes place. That way, you can better understand the type of problems you might get and how to submit solutions.

2. How do we access the training problem?

Just visit the Reply Challenges platform any time. You can upload as many solutions as you want, as many times as you want. The training problem submission works just like the real challenge, except you’ll play alone and not in a team.

3. How do we submit a solution?

Submit a solution by inserting the right flag in the given format in the dedicated page.

4. Will I see a score when I submit a solution?

Yes. You’ll see a list of scores only if the flag is correct.

5. Will there be a leaderboard in the training area?

No, but you’ll see your scores.

6. What if we have a question about the problems?

You can message the Reply Keen Minds via chat.

1. When will you publish the problems?

On October 11th, at 19.30 CEST, only the first 3 problems of each category will be available. The last 2 problems of each category will be enabled once the first three problems of that category are completed by your team.

2. How do we submit a solution?

The challenge is solved when the team finds a flag. The flag must be submitted in order to earn points for the team, by inserting it into the answer input box in the platform challenge (curly brackets included).

3. What is a flag?

The flag is a token or a string in the following format {FLG:XXXXXX...XXXXXXXXXX}, where XXXXXX...XXXXXXXXXX are alphanumeric characters ((letters, digits or ASCII characters)).

1. How do we insert a flag?

Your team can insert a flag in the dedicated space in the web page.

2. What are the categories?

The problems will be divided into 5 categories (Coding, Web, Miscellaneous, Crypto, Binary), described below:
  • Coding: is related to problems that must be solved with programming languages and skills
  • Web: this type of challenges focus on finding and exploiting vulnerabilities in Web Applications
  • Crypto: involves attacking poorly implemented cryptographic algorithms that don't follow state of the art best practices. By leveraging on the introduced vulnerabilities, the user needs to find them and then decrypt the encrypted messages through, for example, cryptanalysis techniques.
  • Binary: involves reverse engineering and exploiting binary applications. You’ll receive a binary program (no source code), and you'll have to get the flag either by just reverse engineering the binary or by finding out and exploiting its security vulnerabilities.
  • Miscellaneous: this category is about challenges that get elements from all the other categories, plus requiring additional skills such as stegano, forensic, recon, as well as general knowledge: the player must discover how to properly chain them in order to get to the final flag of each challenge.
You can find more info about the categories at this link.

3. How do the levels work?

Each category is made of 5 levels each. When the challenge starts, only the first 3 problems of each category are available. The last 2 problems of each category are enabled once the first three problems of that category are completed by your team. Alternatively, they are unlocked by the Reply Keen Minds Team according to the challenge progress. There are no cross-category dependencies.

5. How do we calculate the score?

Each challenge gives some base points, according to its difficulty level.
For each category:
  • the first challenge gives 100 points
  • the second one 200 points
  • the third one 300 points
  • the fourth one 400 points
  • the fifth one 500 points

6. What are the First blood points?

First blood points are assigned to the first 5 teams that solve a challenge. The bonus points are listed below.
For each category:
  • first solver: + 32 points
  • second solver: + 16 points
  • third solver: + 8 points
  • fourth solver: + 4 points
  • fifth solver: + 2 points

7. What programming language and tools can we use?

Just like most capture the flags, you can use your favourites.

8. What are the other computer/technical requirements?

You’ll need your own computer with an internet connection.

1. Who wins?

At the end of the challenge, the Reply Keen Minds Team will review and validate the top ranked teams on the leader board. Each member of the team placed first in the ranking (leaderboard) will win a MSI GS65 8RF Gaming Laptop. The team placed second in the raking will win a Oculus Go for each member, the team placed third in the ranking will will a Gaming keyboard Razer for each member. In order to win, the first 3 teams must upload the write up file, with the full explanation of how they got the flag for each problem. If they won't provide the write-up file within 24 hours from the end of the challenge, the teams will not considered as winner.

2. What is a write-up?

It is a file with the full explanation of how they got the flag for each problem. If they won't provide the write-up file within 24 hours from the end of the challenge, the teams will not considered as winner.

3. When will you announce the results of the Reply Cyber Security Challenge?

We’ll publish a full list of results and notify all finalists no later than one week after the end of the CTF.

4. When you award prizes?

We’ll send the winners details of how to claim their prizes.

1. Who are the Keen Minds?

The Reply Keen Minds Team wrote the problems and are responsible for enforcing all challenge rules. They’ll review the write-ups from teams and award prizes. They may exclude any participants or teams at any time, for not following competition rules.

2. What do we do if someone’s cheating or behaving badly?

We want to make training sessions and the challenge fair for everyone. So never stop others from taking part – for instance, by overloading the challenge platform, or sending files containing malware, viruses or other code intended to interrupt, destroy or limit operation of platform, software, hardware or telecoms equipment. This will result in instant disqualification. If you’ve spotted any cheating or unfair behaviour, email challenges@reply.com.
During the game and in the sandbox areas it is strictly prohibited to:
  • attack the registration and flag submission portal (challenges.reply.com), or any system other than the challenge box
  • perform denial of service or other attacks (e.g. brute force) aimed to degrade network
  • performance, attack other participants and steal flags
  • use automatic tools (e.g., Nessus) to solve a challenge
The traffic is monitored by Reply. Intentional acts will be punished. Similarly, do not try to disturb or distract members from other teams. You’re not allowed to benefit from any external help or support.