Pixels Camp

Security CTF

The Pixels Camp Security CTF is a competition for anyone who's passionate about security and has a special interest in the areas of web security, cryptography and forensics. It happens on the first evening of Pixels Camp and this is your chance to qualify for it, while learning alot along the way.

The Qualifiers

The first 10 participants to complete the qualifying challenges will be asked to form a team of (at most) four elements. The other three elements of the team don't need to have participated but everyone must apply for Pixels Camp.

Anyone who successfully completes the qualifiers is automatically approved for Pixels Camp. The first participant to complete them gets an additional prize at the event's award ceremony.

We believe the qualifiers provide good preparation for the CTF. If you, or your team, are able to complete the qualifying challenges, then you'll most likely perform well at the CTF since they share the same topics. However, you can (and should) give these challenges your best shot. They should be fun regardless.

The Security CTF

The competition starts off with one open question (the lead question) and the first team to answer it gets to open another question (which then becomes the lead question). The lead question is always the last question opened, but all open questions are eligible to be answered by any of the teams at all times.

The first team to answer a question gets 100% of the points for that question, the second team gets 95% and the remaining teams get 90% of the points. If two teams answer the same question at the exact same time, both of them get the same amount of points (they both deserve it).

Teams will not be penalized for submitting an incorrect answer so, basically, every team has an unlimited number of tries for every question. But, attempting to brute force an answer is not allowed and will result in disqualification. Also, the game board throttles requests and you will get blocked before that happens.

Only team members can participate in the competition. You cannot get help from anyone but your teammates.

The Game Board

During the competition, each team has access to a dashboard where questions can be opened and answers can be submitted. Information for all teams is also displayed in a global gameboard so that the audience can follow along the competition's progress.

The colors for each question on the team dashboard have the following meaning:

  • Green — question already answered successfully
  • Blue — an open question: you can answer this question
  • Yellow — the lead question: the person that’s kicking your ass is on this question
  • Gray — closed question: nobody got to this yet

General Rules

You are not allowed to perform any type of brute force on the servers or run any sort of scanners against them. We will let you know if brute forcing is allowed on any specific challenge.

Abuse will be announced on the game board, so other teams will know you're trying to cheat.

When a team answers a lead question correctly, it has 2 minutes to open the next lead question. If the team fails to open another question within this time period, a random question will be opened from the set of questions that have the lowest score.

If no progress happens over a 20-minute interval, a new random question will be opened. The competition staff may also open a new random question if the game looks stalled.

The timer on the game board runs in your browser (client-side). The official game time is the server time. Answers that exceed 3:00:00 are rejected. Even though the timer on the game board is sync'ed with the server every 10 seconds, if the load on your computer is high, then the timer may lag by a few seconds.

The Probe.ly Team, 2017