Capture The Flag

Questions about our CTF? Contact us at: ctf@bsidescalgary.org

Who can participate in the CTF?

BSides Calgary 2020 CTF is open to all players of any skill level, with no qualification required. Come on by, try out the game, learn something new, and meet interesting people!

Due to possible limitations, BSides Calgary MAY need to limit the number of teams able to participate. We will attempt to accommodate all participants but registration will be on a first come, first serve basis.

About BSides Calgary CTF 2020

According to most definitions a Cyber CTF is contest in which computer security professionals test their skills and knowledge against live computer systems and networks or digital artifacts like malware samples, packet captures and memory dumps. Points are scored when contestants solve the challenges, though unlike answering Jeopardy questions, contestants will need to use security testing tools and techniques to solve the challenges.

In addition to digital artifacts, BSides Calgary CTF has always included a cyber range that mimics a typical organization. During play you’ll find routers, firewalls, databases, email servers and so forth. You may also find misconfigured systems, users with weak passwords, questionable architecture … like a typical organization. Some challenges will require probing and attacking systems to discover the answers.

All BSides Calgary 2020 attendees, speakers, vendors and volunteers are welcome to play at no charge. Connection to the contest will be via OpenVPN and players can use tools of their choice. Like all good contests there are some very nice prizes for the best scores at the end of the two days.

New this year, a little blue with that red!

BSides Calgary 2020 has no official position on whether it is easier to be an attacker or a defender. Both jobs require a “special set of skills” that deserve to be recognized. This year some CTF flags will require you to put down the black/grey/white panama and don the blue fedora.

The BSides Calgary 2020 CTF is a safe place to practice using security testing tools on live systems with permission. To keep things a little more fun and realistic the cyber range is theme based, simulating a small Alberta engineering company that provides system development and integration services for companies with industrial control systems. The conceptual network diagram below would often be provided to potential customers when responding to questions related to vendor cyber security practices. Like actual network diagrams it bears only a modest similarity to what is actually on the wire.

And a few more things...

The small engineering company recently acquired a former customer and is in the process of merging networks and migrating users.

Can you turn out the lights on the cyber city?

This model of one of our ICS target systems was designed by Calgary's own ICS security specialist, Paul Smith.