Rules

The present rules must be necessarily respected by all the players.


I. Challenge of on-line preselection

This Web site is the support of the challenge of preselection for the final test of type Capture The Flag who will begin on November 29th, 2017 during the European Cyber Week in Rennes (see below).

Participation:

  • The participation in the challenge of preselection is strictly individual (the teamwork is not enabled). This publishing includes the participation of European institutions of higher education and will take place consequently in English with a French translation.
  • A display of the individual scores will be accessible on one hand between all the participants and on the other hand between the French superior educational establishments. The selected candidates will then be invited to train the teams of their choice, counting maximum 3 participants.
  • Subject to a reached minimum level, the nationals of the invited countries can establish in teams and one place in finale is reserved by nation.
  • All the participants in the challenge of preselection must be student and make a commitment to supply authentic information. It is up to the schools of which raise the students to make a first check on the authenticity of the application.
  • A more elaborate check for the students selected for the final challenge will be made. A copy of the studying board will be requested.
  • Every participant has the right to create only a single account. Every participant violating this rule will be disqualified.
  • Every participant has the bond to accept and to respect the present regulation.
  • Any dispute will be subjected to the steering committee of the test.
  • The selection for finale will be at the need weighted in proportion to the registrations by school.

Challenge:

  • The challenge of qualification consists of several tests distributed in four categories: Web, forensic, cryptography and binary. Every challenge brings back a specific number of points to the test which is mentioned on the site.
  • The first one of the candidates making a success of a test will see allocating 15 points bonus, the second 10 points and the 3rd 5 points bonus.
  • In case of equality, the first participant having validated the last test will be the best classified.
  • The tests are accessible from Friday, October 06th, 2017 9:00 pm UTC+2 till Sunday, October 22nd, 2017 11:00 pm UTC+2.
  • More a participant acquires of points, better is his classification
  • "Flags" to recover is the form "ECW{MD5}"
  • The tests published on the site are covered by the copyright. Any resumption is packaged in the respect for the industrial property law with regard to the authors and the assignees. To respect the work of the authors and the research work of the players:
    • The publication of solutions during the term of the challenge is not enabled and is penalized.
    • Fraud through the use of these solutions is strongly penalized by a disqualification or the cancellation of the concerned test.

Limitations:

  • It is totally forbidden to attack another IP address than that hosting the challenge (IP 151.80.102.192).
  • Any attack of DOS type or DDOS is formally forbidden.
  • Any attempt of manipulation of the site will be penalized by an elimination of the player.
  • It is strictly forbidden to attack the infrastructure and the Web site hosting the challenge. The only authorized attacks are the ones in direct link with the various tests.
  • Any attempt to falsify the individual results by cooperation between participants will be the object of a penalty which can go to the definitive exclusion from the challenge.

Legislation:

  • The test takes place in France, consequently, in agreement with the law computing and liberties, every participant has a right of access, rectification and delisting of the information concerning them. To exercise him, it is enough to send an e-mail to the administrators of the challenge.
  • The database of the players was the object of a statement to the CNIL under the number 2094830 v 0
  • The competitors are subjected to the French law in particular:
    • Item 323-1, paragraph 1 of the Penal code: "fact of accessing or of remaining, deceitfully, in all or part of a system of automated processing of data is punished for two years of trapping and for 30000 euros of fine.". The simple attempt is repressed in the same way (item 323-7 of the Penal code).
    • Item 321-1, paragraph 2 of the Penal code: "when is resulted from it either the abolition or the modification of data contained in the system, or a distortion of the functioning of this system, the punishment is of three years of trapping and 45000 euros of fine."
    • Item 323-3 of the Penal code: "fact to introduce deceitfully data into a system of automated processing or to delete or to modify deceitfully the data which he contains is punished for five years of trapping and for 75000 euros of fine."
    • Item 323-2 of the Penal code: "fact to hinder or to falsify the functioning of a system of automated processing of data is punished for five years of trapping and for 75000 euros of fine. When this breach was committed against a system of automated processing of personal data implemented by the state, the punishment is carried in seven years of trapping and in 100 000 € of fine."

II. On-the-spot final challenge (Rennes)

This regulation concerns finale of the challenge which will take place on November 29th, 2017 within the framework of the European Cyber Week in Rennes. This final test will consist of 16 teams of 3 people selected following the challenge of on-line preselection.

Participation:

  • All the participants in finale of the challenge must be student and make a commitment to supply authentic information.
  • Every participant has the bond to accept and to respect the present regulation.
  • Any dispute will be subjected to the steering committee of the test.
  • The participation is subordinated to the registration in one of the schools or the partner universities.

Material:

  • It is strongly recommended to every participant to come with its own laptop computer provided with a retail business of test of intrusion typical Kali Linux. Laptops can however be given to certain participants in the case or the latter would have made a preliminary demand by e-mail to the steering committee of the test before November 25th, 2017.

Challenge:

  • The challenge will take place on Wednesday, November 29th, 2017 from 2:00 pm till 7:00 pm.
  • Every team is put in situation in specialists role in cyberdefense asked to anticipate a campaign of attacks targeting communities. A few weeks after the unprecedented attack led by the ransomware Wannacrypt, signals lead to predict of a new campaign of attacks targeting first and foremost communities. Indeed, an intelligence service was stolen data relative to a project of espionage aiming mainly at the infrastructures of connected cities.

    These data (hostile codes, vulnerabilities, and modus operandi), having been published on the Internet, the risk of their use by hostile players is raised. Distribution network of energy, traffic management, safety or still health are so many potential targets of attacks for the consequences potentially dramatic.

    The mayors of 16 most connected cities gathered yesterday to establish together a management plan of crisis. The best European experts in cybersecurity were called to establish a line of defense and try to avoid a new disaster. Your mission consists in taking up this challenge by qualifying you for finale in the challenge ECW on 2017.

    This mission includes:

    • The mapping of IF of the company and the identification of the most critical components to be protected.
    • The identification, the analysis, the exploitation and the proposal of countermeasures linked to the present various vulnerabilities on him IF of the community.
  • Every resolute test will allow the team to get back a "flag". The latter will be to validate on a gate of points common to the various teams and will allow the team to take away a number of points corresponding to the difficulty of the resolute test.
  • More a team has of points, better is his classification.
  • In case of equality, the team having realized the most complete and the most precise network topology will be the best classified. This assessment is left with the initiative of the steering committee of the final test.
  • "Flags" to recover is the form "ECW{MD5}"
  • The tests organized within the framework of finale of the challenge are covered by the copyright. Any resumption is packaged in the respect for the industrial property law with regard to the authors and the assignees. To respect the work of the authors and the research work of the players:
    • The publication of solutions during the term of the challenge is not enabled and is penalized.
    • Fraud through the use of these solutions is strongly penalized by a disqualification or the cancellation of the concerned test.

Limitations:

  • It is strictly forbidden to attack the infrastructure hosting the challenge as well as the gate of points common to the various teams. The only authorized attacks are the ones in direct link with the various tests organized in the virtual infrastructures relative to every team.
  • Every team has its own virtual infrastructure. It is strictly forbidden to get of any way into the virtual infrastructure of another equipe.