HITB GSEC Capture the Flag – .edu Edition

What: Jeopardy Style Capture the Flag Competition for .edu hackers and ninjas

When: August 30th & 31st 2018

Where: Onsite at HITB GSEC 2018 @ InterContinental Singapore

Who: Max of 10 teams with up to 3 players per team


HITB is introducing its very first .edu Capture The Flag (CTF) challenge, proudly created by students for students.

This is a jeopardy-style CTF with multiple categories of challenges, including: reverse engineering, web penetration, crypto, forensics, network analysis, and more. Students complete tasks as quickly as possible, gaining points for each successful task based on its difficulty level. Task completion is tracked in real time. The team which with the highest points gain victory over the rest!

This CTF is hosted on-site with open source CTF framework and platform. Challenges are designed by students from various Universities/Poly in Singapore and are coordinated by the HITB Malaysia CTF Crew.

There will be a capacity of 10 teams, with each team consists of 3 players. The CTF will run over two days of the conference on 30th & 31st August 2018, starting from 10:00  SGT to 18:00 SGT on Day 1 and resume on Day 2 at 09:00 SGT to 15:30 SGT. The onsite contest will be hosted in the FREE TO ACCESS education exhibition area of the conference (located at the Vault). You do not need to be a paid conference delegate in order to compete.

Jeopardy-Style CTF with a Twist

This year, the .edu CTF game will be featured with attack-oriented styles and defense-oriented style challenges, followed with a short presentation from each team at the end of game.

Game Day 1 will comprise of Attack-Oriented Challenges

  • Exploitation, web exploitation, binary, etc

Game Day 2 will test your analysis and defensive knowledge

  • Forensic, network traffic analysis, cryptography, etc

To reap a more exciting CTF experience and to foster knowledge sharing, the top 3 teams of each day will have an option to present about how they solved the challenges to win bonus points*. A total of 30 minutes preparation time will be allocated to the teams for them to prepare their presentation slides. The presentation will commerce immediately at the same venue as the competition. Each team will only be allocated 10 minutes of presentation time and is free to choose any of the challenges they wish to present. The judges will score each teams based on the understanding of the problem, creativity in solving challenges and presentation skills.


We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to a few simple rules:

  • Open to all FULL TIME students
  • A maximum of two teams per university
  • Show up on time or you’ll miss the briefingTeams are prohibited from physically touching or accessing any of the CTF infrastructure
  • Attacking the competition infrastructure, network or any infrastructure(s) that is/are outside of the specified IPs is strictly prohibited.
  • No off-the-shelf automated scanning tools such as Nessus, OpenVAS etc. You learn nothing for being lame and we may kick you out for jamming the network.
  • BE FAIR and FRIENDLY. Absolutely no sabotaging of other competing teams, or in any way hindering their independent progress.
  • Strictly no Denial-Of-Service attack, ARP poisoning, MiTM attacks, brute-forcing the flag, attacking on other team’s devices to steal the flag etc.
  • If there is/are any bugs or vulns are found, please alert the competition organizers immediately and we will reward you accordingly 🙂
  • All participants must obey to PIT STOP calls. PIT STOP calls are rest intervals where all the players must leave the CTF area to facilitate for the CTF Crew to perform maintenance work. Teams who don’t adhere to the rules will be penalized or disqualified from the competition.
  • The crew possess the rights to remove any team that is deemed to be breaking any of the rules
  • The crew possess the rights to deduct points from the teams if he/she believes that the flag / point is obtained via methods which breaks one/more of the rules i.e. flag sharing, exploiting the scoreboards, brute forcing the flag etc.
  • If there are any questions on the do’s and don’ts, please consult the .edu CTF crew / GameMaster before proceeding. Otherwise, let’s have fun!

At all times, the decision of the HITB Crew is final on any matter in question.


The more challenges you solve, the more points you get.  Higher difficulty challenges carry more points. At the end of the competition, the team with highest points will be named as the winner. In the case whereby two different teams end in a tie, the fastest team will be declared as the champion. As such, teams are advised to submit flags as soon as they obtain them.

What to bring

  • Student ID’s (for registration)
  • Laptops
  • Network cables
  • Extra power sockets / power gangs.
  • (optional) 4G Router for your own dedicated Internet access

Registered Teams

  1. WhatsInTheBox – Nanyang Polytechnic, Singapore
  2. VG – Nanyang Polytechnic, Singapore
  3. NTU0FF53C – Nanyang Technological University, Singapore
  4. 99years – Vietnam
  5. NUS Grayhats – National University of Singapore, Singapore
  6. AleJnd – Universiti Teknologi Mara, Malaysia
  7. OSI Layer 8 – NUS High School of Math and Science, Singapore
  8. Segfaulters NUS High School of Mathematics and Science, Singapore
  9. Team XMan – XMan CTF Summer-Cam, China
  10. Ice Bear Alliance – Singapore Institute of Technology, Singapore


1st Place – Flight to compete in HITB2018PEK CTF in Beijing on 1-2 November

2nd Place – USD500

3rd Place – USD250