HITB GSEC CTF 2017 (in collaboration with XCTF)


Teams who are playing online, you can sign up here: https://hitb.xctf.org.cn/login/


This year’s CTF is jointly organized by the HITB NL CTF Crew and XCTF League from China. This is a jeopardy-style CTF with multiple categories of challenges, including: reverse engineering, pwnable, web penetration, crypto, MISC (forensic, network analysis), etc.

 The game is hosted on-site and online utilizing the XCTF-OJ Platform developed by CyberPeace Technology, China. Game challenges are jointly authored by Blue-lotus CTF Team (core of Tea Deliverers, b1o0p CTF Team) and HITB NL Team from The Netherlands.

For the on-site game, we have a capacity for a maximum of 25 x 3-man teams. You must be competing on-site if you want to be eligible for the prizes. The game will run for 30 hours over the 2 days of the conference (24th & 25th August starting at 10:00SGT and ending at 18:00SGT on Day 1 and restarting on Day 2 at 10:00SGT and ends at 16:00SGT). The onsite contest will be hosted in the FREE TO ACCESS CommSec area of the conferenceYou do not need to be a paid conference delegate in order to compete.


The more challenges you beat, the more points you get.  Points for each challenge will be dynamically calculated according to the number of teams who manage to solve it. Higher difficulty challenges with less teams that have solved it will carry more points, so teams should choose a strategy that optimizes for high returns.  At the end of the competition, the team with highest total points will be named the winner. In the case of two different teams having the same points, whichever team was quickest to reach this high score will be declared the champion. As such, teams are advised to submit flags as soon as they obtain them.


1st Place – USD 2000

2nd Place – USD 1500

3rd Place – USD 1000

  • Both the 1st Place Team among on-site teams, and the 1st Place Team of online teams will  be invited to XCTF League Finals to be held in China in September 11-13, 2017, with champion prize of 20K US Dollars (20% tax included). For detailed rule of XCTF League Finals, please refer to https://www.xctf.org.cn/xctf/rule/#english.

CTF Main Sponsor & Prize Sponsor

Things to Bring (for on-site teams)

  • Laptops
  • Network cables
  • Extra power sockets / power gangs.
  • (optional) 4G Router for your own dedicated Internet access


We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to a few simple rules:

  • Show up on time or you’ll miss the briefing
  • No cooperation between teams with independent accounts. Sharing of flags or providing revealing hints to other teams is cheating, don’t do it.
  • No off-the-shelf automated scanning tools such as Nessus, OpenVAS etc. It’s useless and we’ll kick you out for being lame
  • No attacking the competition infrastructure. If bugs or vulns are found, please alert the competition organizers immediately
  • Absolutely no sabotaging of other competing teams, or in any way hindering their independent progress.
  • No brute forcing of challenge flag/ keys against the scoring site
  • DoSing the CTF platform or any of the challenges is forbidden
  • All participants must obey to PIT STOP calls. PIT STOP calls are rest intervals where all the players must leave the CTF area to facilitate for the CTF Crew to perform maintenance work.Teams who don’t adhere to the rules will be penalized or disqualified from the competition.

At all times, the decision of the HITB and XCTF Crew is final on any matter in question.



We’re looking into expanding the onsite capacity and if you would like to be included into the WAIT LIST, please send a registration email with your team name to hitbgsec@hackinthebox.org Please send us the following details:

  • Team Name + Country of origin
  • Team Leaders Name/Handle + Email Address
  • Team Members Names/Handle + Email Address
  • Past CTFs that your team has participated in and your final ranking/score

Registered Teams

  1. KITCTF (DE) – Winners of the HITBSecConf2017 – Amsterdam Capture the Flag contest.
  2. UIT.r3s0L (VN)
  3. pwnjutsu (VN)
  4. Injocker10K (VN)
  5. XMan (CN)
  6. VXRL (HK)
  7. 6&YX (ID)
  8. Firebird (HK)
  9. Redbud (CN)
  10. hashcow (MY)
  11. Underworld (VN)
  12. T0X1C V4P0R (SG)
  13. BroadwareMacau (MO)
  14. NUS Greyhats (SG)
  15. Kung Pao Chicken (HK)
  16. Kap0k (CN)
  17. NEURON (CN)
  18. dcua (UA)
  19. NEX (CN)
  20. iCTF (SG)
  21. PwnThyBytes (RO)
  22. Tmp (TH)
  23. 2L0ng (VN)
  24. Bamboofox (TW)
  25. 0x0ffff5ec (SG)
  26. WhiteHat Union (CN)
  27. DJ^2 (SG)
  28. Rodimus Prime (CN)


If you have any questions, please send an email to ctfinfo@hackinthebox.org




Additional Support