moth/mdwn/src/intro.mdwn

Title: Introduction

Welcome to Capture The Flag.


What This Is
============

* A hacking contest
* A chance to experience the nature of cyber incident response
* An environment to safely experiment with offensive techniques


What This Is Not
================

* An arena for purely malicious attacks
* A rave


Rules
=====

Important Rules
---------------

* The contest network is 10.<i>x</i>.<i>x</i>.<i>x</i>.  **Do
  not attack machines outside the contest network**.  All
  federal, state, and school laws still apply to the outside
  network.
* If the "outside network" requires you to plug into a different
  switch, do not connect any machine that has been on the contest
  network.
* Consider this network hostile: your machine may be
  compromised.
* We expect you to be disruptive within the framework of the
  game (malicious code, network scanning, social engineering,
  etc.).  Disruptive behavior outside the game will result in a
  public and humiliating ejection from the contest area.
* No ARP attacks.  While cute, they are not particularly clever
  given our network topology, and would require expensive and
  bulky equipment to prevent.  Find something else to do.

Less-Important Rules
--------------------

* If IRC is up, you should use it to communicate with the
  contest staff.  Staff will have operator status in #ctf.
* If you think something is wrong with the game, you are
  expected to demonstrate the problem and explain what you think
  is the correct behavior.


Scoring
=======

The contest is made up of multiple categories.  Each category is worth
one point toward the total score; the percentage of the total points
held by your team is the percentage of one point your team has for that
category.  The team that has 30% of the points in each of five
categories has 1.5 points, whereas the team that has 80% of the points
in only one category has 0.8 points.  It is typically better to have a
few points in many categories, than many points in a few categories.

There are two kinds of categories: *flags* and *puzzles*.


Flags
-----

Flag categories are challenges with a notion of a *winner* or *service
availability*.  In these categories, the flag-holder (the winner, or
each team with a running service) makes 1 point per minute for as long
as they hold the flag.  If there is a single flag-holder, and the flag
changes hands, a point is awarded to the new winner at the moment the
flag moves.


Puzzles
-------

Most of the categories come in the form of multiple *puzzles*: for each
puzzle presented, a key (answer) must be found to recieve the amount of
points that puzzle is worth.  Any team may answer any puzzle question at
any time.  A new puzzle is revealed when a team correctly answers the
highest-valued puzzle in that category.


Hints
=====

If you are really stuck, you can ask for a hint.  It will cost you
points, though.  For puzzles, you will lose ¼ of the points for that
puzzle <em>even if you never solve the puzzle</em>.  For other events,
the staff member will decide how many points it will cost.  You can try
to bribe or otherwise fanagle information out of us or other
contestants.  *It's a hacking contest.*

About Us
========

We are the <a href="http://dirtbags.net/">dirtbags</a>.  People pay us
money to do the sorts of things you'll be doing in this contest.
Seems to work. 2010-03-02 22:18:13 -07:00			`Title: Introduction`

			`Welcome to Capture The Flag.`


			`What This Is`
			`============`

			`* A hacking contest`
			`* A chance to experience the nature of cyber incident response`
			`* An environment to safely experiment with offensive techniques`


			`What This Is Not`
			`================`

			`* An arena for purely malicious attacks`
			`* A rave`


			`Rules`
			`=====`

			`Important Rules`
			`---------------`

			`* The contest network is 10.<i>x</i>.<i>x</i>.<i>x</i>. **Do`
			`not attack machines outside the contest network**. All`
			`federal, state, and school laws still apply to the outside`
			`network.`
			`* If the "outside network" requires you to plug into a different`
			`switch, do not connect any machine that has been on the contest`
			`network.`
			`* Consider this network hostile: your machine may be`
			`compromised.`
			`* We expect you to be disruptive within the framework of the`
			`game (malicious code, network scanning, social engineering,`
			`etc.). Disruptive behavior outside the game will result in a`
			`public and humiliating ejection from the contest area.`
			`* No ARP attacks. While cute, they are not particularly clever`
			`given our network topology, and would require expensive and`
			`bulky equipment to prevent. Find something else to do.`

			`Less-Important Rules`
			`--------------------`

			`* If IRC is up, you should use it to communicate with the`
			`contest staff. Staff will have operator status in #ctf.`
			`* If you think something is wrong with the game, you are`
			`expected to demonstrate the problem and explain what you think`
			`is the correct behavior.`


			`Scoring`
			`=======`

			`The contest is made up of multiple categories. Each category is worth`
			`one point toward the total score; the percentage of the total points`
			`held by your team is the percentage of one point your team has for that`
			`category. The team that has 30% of the points in each of five`
			`categories has 1.5 points, whereas the team that has 80% of the points`
			`in only one category has 0.8 points. It is typically better to have a`
			`few points in many categories, than many points in a few categories.`

			`There are two kinds of categories: flags and puzzles.`


			`Flags`
			`-----`

			`Flag categories are challenges with a notion of a winner or *service`
			`availability*. In these categories, the flag-holder (the winner, or`
			`each team with a running service) makes 1 point per minute for as long`
			`as they hold the flag. If there is a single flag-holder, and the flag`
			`changes hands, a point is awarded to the new winner at the moment the`
			`flag moves.`


			`Puzzles`
			`-------`

			`Most of the categories come in the form of multiple puzzles: for each`
			`puzzle presented, a key (answer) must be found to recieve the amount of`
			`points that puzzle is worth. Any team may answer any puzzle question at`
			`any time. A new puzzle is revealed when a team correctly answers the`
			`highest-valued puzzle in that category.`


			`Hints`
			`=====`

			`If you are really stuck, you can ask for a hint. It will cost you`
			`points, though. For puzzles, you will lose ¼ of the points for that`
			`puzzle <em>even if you never solve the puzzle</em>. For other events,`
			`the staff member will decide how many points it will cost. You can try`
			`to bribe or otherwise fanagle information out of us or other`
			`contestants. It's a hacking contest.`

			`About Us`
			`========`

			`We are the <a href="http://dirtbags.net/">dirtbags</a>. People pay us`
			`money to do the sorts of things you'll be doing in this contest.`