HITB / Facebook Capture The Flag



The objective of the game is for teams (team size of 2 – 4 participants per team) to gain as many points as possible by solving challenges. This is a jeopardy -style CTF with multiple categories of challenges, including: reverse engineering, exploitation, forensics, network analysis, etc. The teams’ objective is to solve the challenges to score as many points as possible.

The game will run for 18 hours over the 2 days of the conference (25th & 26th August), 9 hours per day and is held at the FREE TO ACCESS CommSec area of the conference. You do not need to be a paid conference delegate in order to compete.


The more challenges you beat, the more points you get. Higher difficulty challenges will carry more points, so teams should strategize the path of highest return.  At the end of the competition, the team with highest total points will be the winner! In the case of two different teams having the same points, whichever team was quickest to reach the highest points will be declared the winner. As such, teams are advised to submit the flags as soon as they obtain them.


1st Place – USD2500

2nd Place – USD1500

3rd Place – USD500

Things to bring

Network cables
Extra power sockets / power gangs.


We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to a few simple rules:

•    Show up on time or you’ll miss the briefing
•    No cooperation between teams with independent accounts. Sharing of keys or providing revealing hints to other teams is cheating, don’t do it.
•    No off-the-shelf automated scanning tools such as Nessus, OpenVAS etc. It’s useless and we’ll kick you out for being lame
•    No attacking the competition infrastructure. If bugs or vulns are found, please alert the competition organizers immediately
•    Absolutely no sabotaging of other competing teams, or in any way hindering their independent progress.
•    No brute forcing of challenge flag/ keys against the scoring site
•    DoSing the CTF platform or any of the challenges is forbidden
•    All participants must obey to PIT STOP calls. PIT STOP calls are rest intervals where all the players must leave the CTF area to facilitate for the CTF Crew to perform maintenance work.Teams who don’t adhere to the rules will be penalized or disqualified from the competition.

At all times, the decision of the Facebook and HITB CTF Crew is final on any matter in question.


If you have any questions, please send an email to ctfinfo@hackinthebox.org

Registered Teams

  1. dcua (SEWorks / INTERNATIONAL)
  2. RockBottom (Singapore University of Technology & Design / SINGAPORE)
  3. ISITDTU (Duy Tan University / VIETNAM)
  4. VXRL (Valkyrie-X Security Research Group / HONG KONG)
  5. Pwnladin (Independent / THAILAND)
  6. ImIn (Deloitte / INDIA)
  7. CLGT-DeadFish (VNSecurity / VIETNAM)
  8. MeePwn (University of Information Technology / VIETNAM)
  9. RedAlert (NSHC / S. KOREA & SINGAPORE)
  10. Nachos (Asia Pacific University / MALAYSIA)
  11. LazyPanda (Independent / SINGAPORE)
  13. STAND (Independent / SINGAPORE)
  14. SuperVirus (Independent / PHILIPPINES)
  15. ImATeapot (Asia Pacific University / MALAYSIA)
  16. DJ^2 (EY / SINGAPORE)
  17. Pwnee (University of Information Technology / VIETNAM)
  18. GrassMudHorse (Independent / SINGAPORE)
  19. +217 (National Taiwan University / TAIWAN)
  20. -217 (National Taiwan University / TAIWAN)
  21. binja (Independent, JAPAN)
  22. Dsheeps (National University of Singapore, SINGAPORE)
  23. Bodrex (Cybermantra, INDONESIA)
  24. DimSum (Singapore Polytechnic, SINGAPORE)
  25. Dystopian Narwhals (DEFCONSG, SINGAPORE)

Registration (limited to 2 teams per organization)