Description
This assignment will focus on the exploration of vulnerabilities in a competitive manner. The objective if for you to compete in one Jeopardy Capture The Flag (CTF) available at CTFTime of choice, solving challenges for the pwn and web categories. No challenge can be considered as introductory (warmup). It is strongly recommended that you engage in simple challenges to acquire the required skills and tools, then moving to more complex challenges.
In order to complete the assignment, you should enroll in CTFTime, and then use the same username to enroll in the specific CTF. If you need a team, use the UAC team. Apply and send a message requesting to be authorized. There is also a Discord server with other players. An invite code will be provided during the first class.
The assignment should be implemented by a group of 4 students.
Delivery and Grading
Delivery should consist of a compressed ZIP, encrypted with the password infected, submitted through E-learning. The package should include:
- Information regarding the CTF participation (CTF, usernames, dates, links)
- Challenge information: description, points, difficulty, assets/files
- The solution to the challenge a description (writeup), describing what is exploited and how
- Screenshots of you solving it.
The flags and simple solutions must be uploaded to E-learning before the CTF ends. The assignment can be updated up to 24h later with improved writeups.
Grading will take in consideration the detail of writeup and the difficulty of the challenges. An easy challenge will award up to 33% of the grade, a medium will award up to 66%, and a hard will award up to 100%. The number of challenges solved will vary with their difficulty. The difficulty of the challenge should be indicated by the team, and will be confirmed by the professor. As a reference, a challenge with 100 points in CTFTime is usually considered as easy, 200-300 as medium, and above 300 as hard. From another perspective, a challenge that awards 30% of the maximum points in the CTF is usually considered as easy, 60% as medium, and above 90% as hard. In jeopardy CTFs, the number of points is usually fixed, and then decreases with the number of solves.
All materials submitted must be created by the report authors. Using materials from other sources (public writeups) without reference will be considered as plagiarism.
Grading will be equally split by analyzing the following aspects:
- Description of the Challenge, and how it is presented
- Explanation of the vulnerability exploited
- Mapping of the vulnerability to actual use cases where it could be found
- Explanation of the solution
- Quality of the writeup