Capture the Flag
Cyber Security Quiz
Digital Forensics Challenge
Essay Contest
Awareness Poster Design
Research Poster Presentation
Pitney Bowes E-Commerce Security Challenge
Hardware Design
Directions to Poly
Hotel Recommendations
Contact Us


Featured Project:

Biometric Authenticaion

Research Opportunities
Security Links
ISIS Blogs
Contact Us
Cyber Security Awareness Week 2007

Capture the Flag Contest

Capture the Flag (CTF) is a team versus team cyber attack and defense competition in an exiting digital format where only the most skilled security experts will succeed. This year there will be a variety of categories to choose the challenges from. It is advisable that the participants create a diverse team with various skill sets. Of course, the "lone gunman" is still allowed to participate and be competitive.

Nov 23 - start: challenges, instructions, and rules are up
Nov 25 - end: last time to submit answers

Contest Type
Team or individual. Include the team name and the names of all your team members in the comment box during registration. Every team member needs to register. This contest can be done remotely. However, all finalists are required to attend the award ceremony on December 4th at Polytechnic University where the prize winners will be announced. Students who need to travel more than 100 miles will be given a lump-sum scholarship to offset their travel costs.

(1) You will be given a list of challenges upfront. You can take on any of them during the entire 2 days the contest is open.
(2) The challenges will be categorized into "Web Hacking", "Binary", and two "fun" categories - "Forensics", and "Trivia".
(3) Each category will have approximately 5 challenges organized by difficulty. Therefore people with different skill-levels can participate and successfully solve challenges. Only the last few challenges in each category are meant to be very hard. All other challenges should be solvable by anyone with some knowledge of Computer Science.
(4) You won't need special or commercial tools to solve any of the challenges, just your own ingenuity. Some advice might be provided (what tools to use, etc) in each individual section.

Address your questions and submit solutions to solved challenges to csaw_ctf@isis.poly.edu.

Examples of Challenges
The "Web Hacking" category will include a variety of vulnerable services that can be exploited through SQL injections, Cross-site scripting, and others. The "Binary" category will have services that are running on a range of diverse operating systems. You might have to exploit those services or some operating system flaws. You might also have to solve certain challenges using reverse engineering techniques. The "Forensics" category will include a mixture of challenges that focus, among other topics, on covert channels and steganography.

(1) Everything can be done remotely, wherever you are located.
(2) The competition will be held over 2 days.
(3) The answer to each challenge can be submitted only once, so don't submit until you are absolutely sure.

Competition Links

Judging Criteria
The organizers of this event will pick a winning team based on the amount of challenges solved and points earned. Bonus points are possible for discovering things that are not directly a part of the question.

  • 1st Place: $500
  • 2nd Place: $250
  • 3rd Place: $100
2007 Winners
1st MyLittlePwnies Naval Postgraduate
2nd Pwntatoes University of Idaho
3rd CLASY SUNY Stony Brook
4th/Best Undergrad RPISec Rensselaer Polytech.
5th/Best Individual Caleb SUNY Binghamton