Skip to main content

Rules, Skillset & Charter

ECSC 2023 details

Based on the challenges, technical possibilities and limitations of platforms used in ECSC 2023, we have these clarifications to the rules.

Laptops

Teams MUST bring their own laptops. We WILL NOT provide laptops to teams.

Writeups

Writeups must be delivered to the organiser no later than one - 1 - hour after the competition end each day.

Writeups must be submitted to: URL

The timestamp of submission on the server will be used to verify if a writeup was submitted in time.

The writeup can be submitted as a text file or PDF. We will not judge the quality or the graphic design of the writeups. ECSC is not an essay competition so be brief, but please do follow the template.

Writeup template

Team: <teamname>

Challenge: <name of challenge>

Summary:
<short, 1-2 lines, summary of the solution method>

Solution:
<short description of steps taken to solve challenge>
<screenshots, command logs, etc. should be added as evidence of crucial steps>

Allowed tools

All challenges are solvable by open source or freely available tools.

Commercial tools may be used, but we expect that they should not give any significant advantage.

Internet access

Teams will have Internet access.

This Internet access will be monitored for forbidden actions such as DoS/DDoS, attacking other teams, etc.

Extra laptop or use of VPS

Teams will be allowed to use one extra laptop per team and one VPS for their common tools such as file sharing, collaboration, etc.

Each team will have 15 available Schuko (CEE 7/3) power outlets providing 16A 230V at 50Hz. Teams that needs power adapters, may use up to two high quality power strip with their needed sockets.

Each team will have 24x GE RJ45 ports available. Teams must bring their own Ethernet Cat5E, or better, patch cables.

Teams will NOT be allowed to add their own Ethernet switches because this may impact the network operations.

Teams will NOT be allowed to add other power extensions because of the fire hazard.

Extra monitors

Extra monitors powered by participants laptops USB are allowed.

Extra monitors that use power adapters to 230V are only allowed if there is a medical reason it is needed.

Attack/Defense

Jury statement on ECSC 2023 Discord:

As the jury:

We consider everything outside the docker container running a service 
to be "infrastructure". Attacking the infrastructure is prohibited.

It is also specifically prohibited to get any code execution means on
your own production machines outside docker except the provided deployment
scripts. Extending the privileges or capabilities of the docker container
is also prohibited. Don't try to find loopholes in this rule, we will 
enforce it strongly.

We use the Faust standard for what constitutes DoS, e.g. causing unnecessarily
high loads for CPU, traffic, memory, I/O, etc. ("denial of service") on our
infrastructure, other teams (including Vulnboxes) or any other party is
strictly prohibited. Breaking a service of another team through sheer amount
of requests is forbidden, breaking it through a vulnerability is OK as long as
it does not lead to resource spikes.

There's no way for us to prevent or punish attacks against stuff that's 
available on the internet, including your VPS.

Extra things to keep in mind regarding the setup:

- Redeploying challenges will remove previous flags and therefore 
  cost you 5 ticks of SLA.

- You have SSH access to your staging machines.

- PCAPs rotate every minute or 30 MBs, whichever happens first. 
  Max 15 of them are stored at one time.

- Your toolbox doesn't have internet access.*

*This was a leftover in an earlier draft that should have been edited out.

Possible penalties

Based on the functionality in the platforms used, these are the possible penalties the Jury can use.

Jeopardy

  • Deducting all or some points for one or more challenges

Attack/Defense

  • Loss of access to flag submission server for a specified time

For both CTF styles

  • Player timeout
  • Player disqualification
  • Team timeout
  • Team disqualification
  • Deduction points from the daily ranking score
  • Deducting points from the final ranking score

Appeals or complaints

Any appeals or complaints must be delivered to the Jury secretary no later than one - 1 - hour after the competition end each day.

Appeals and complaints must be submitted to the jury on the ECSC 2023 Discord.

The Jury will process and decide appeals and complaints as soon as practically possible.

Appeals/complaint template

Please be factual in the information/data given in a appeal/complaint.

Reported by: <teamname and name>

Date and time of incident: <date and time>

Date and time of appeal/complaint: <date and time>

Summary:
<give a short summary of the reason for the appeal/complaint>

Appeal/complaint:
<state if it is an appeal or a complaint>
<full description of the reason for the complaint that contain:>
<who observerd the reason>
<what was observerd>
<where was it observed>
<when was it observerd>
<why this is a reason to appeal/complain with references to rules/code-of-conduct/etc.>