Welcome to the FIRST 2024 CTF!


About the CTF

The FIRST Challenge is a series of technical problems designed to provide a fun opportunity to utilize creative technical problem solving abilities to solve incident response inspired challenges.

The CTF consists of a series of technical exercises where the participants must find an answer, a flag, and submit to the CTF platform. Every correct flag submitted increases a team’s score. New challenges are released daily during the event.

Categories of challenges may include:
To participate, it is strongly recommended to build a team of up to 4 members. Teams might create their own strategies to attribute the tasks and explore the best knowledge of their players on the different areas.
The primary purposes of the CTF is to work together, challenge your knowledge, be creative, make new friends, define strategies, and have fun.

Prizes will be offered to the first 3 teams who have a least one representative on-site at the conference.

Who is creating the CTF?

This year's challenge is made possible with the generous support from the FIRST SecLounge SIG volunteers and:

CERT.br
CERT-EU
CIRCL
CSC.FI

Dataplane.org
DFN-CERT
DHS CISA
EC Cybersecurity
Operations Centre

MISP
New Anderton
SecDim
SWITCH

FIRST.org

Agenda

Day Time (UTC/GMT+9 Fukuoka time) Session
Monday,
June 10		 08:30 Opening session
Mon–Thurs,
June 10 - 13		 Challenge Starts: Monday @ 10:30
Challenge Ends: Thursday @ 15:30 local time		 Participants can access the challenges and submit their answers until Thursday at 15:30
Friday,
June 14		 12:30 Closing session

Prizes

Rank Prize
1st (winner) Apple iPad
2nd Rasberry Pi 5 Starter Kits
3rd Anker Soundcore life P3s

Collaboration and support

The hybrid nature of this year's event offers wider opportunity for participation than the usual annual conference venue. However hybrid nature of the event also means that support will be offered at the usual onsite Security Lounge and via Mattermost.

To facilitate collaboration a virtual Security Lounge is being established. The lounge is hosted on a dedicated MatterMost platform that provides features similar to Slack. It offers both an area for public information sharing among all participants and private discussion among individual teams.

After completion of registration, a seperate Virtual SecLounge account will be generated. Look for an e-mail from seclounge@firstseclounge.org which will contain login details and credentials for the Virtual SecLounge server. Should you encounter any issues accessing the platform, the SecLounge SIG team may be contacted at: seclounge@firstseclounge.org

Collaboration on MatterMost happens in entities called Teams. Individual accounts are able to create private Teams as well as private Channels on the MatterMost server. Private Teams may be utilized for team collaboration activities including chat, file sharing, etc. The public SecLounge Team will continue to be available throughout the challenge for general discussion with all participants and SecLounge SIG volunteers.

Access to the Virtual SecLounge is possible any time after registration (and, before the Challenge kick-off). This will allow for teams to be formed prior to Challenge kick-off.


Registration

Both individual and team registration are done directly through this website. When registering, individuals will have the option to create a new team or join an existing team. Once a team selection is made, changes to an individual's team membership are not possible. To register, you will need the access code provided by FIRST.org as part of your registration to the conference.

Eligible players are encouraged to register as a team of up to four players. Individuals or those teams with fewer than four players should contact a SecLounge SIG volunteer on MatterMost for assistance in forming a four-person team and we will try to match you up with other players. One of the purposes of the FIRST Challenge is to meet new people within our field. So we encourage you to sign up and make some new friends.

Physical prizes are awarded to winning teams to the first 3 teams. However, a physical presence of a least one team member is required to collect the prices at the end of the conference. Winning teams will be given an opportunity to present on their experience and how they tackled some of the more difficult challenges.

The FIRST Challenge Framework website will be the authoritative platform for current challenge standings and challenge information. The SecLounge SIG may exceptionally make modifications to scores or other elements within the framework website due to technical errors or other unforseen circumstances with the intent of ensuring a fair and fun challenge for all participants.


FIRST Challenge Details

Important annnoucements made during the challenge will be automatically pushed out in real time to all clients connected to the framework website on all pages of the website (with an audible alert). There is no need to continually refresh the page to receive notifications. All previous notifications are published on the framework website under the "Notifications" page. Participants are encouraged to monitor this page for important announcements during the challenge.

Additionally, announcements may be made via the MatterMost collaboration platform. All participants are encouraged to monitor and participate in both the public channel as well as their Team's channel(s) for relevant information related to the Challenge.

A new set of challenges will be made available daily at 08:00 local time (UTC+9). This will ensure that all teams have the same amount of "daylight" (with the exception of Thursday's challenges) to solve a challenge irrespective of their timezone. Once a challenge has been released it will be made available until the completion of the challenge on Thursday June 13.

Each challenge has a point value (100-500 points) that is awarded upon successful completion. There is no bonus or penalty for the order in which challenges are solved. All teams will receive the same number of points for each solve.

Team rankings are determined first by score and then by the order in which the latest challenge was solved (e.g.: in the event of a tie). If more than one team has the same score, the team rankings will be determined by the timestamp on the latest correct challenge submission. In this case, the team with the oldest timestamp is ranked the highest.

Many challenges have hints available to assist in solving the challenge. Usage of a hint has an associated point cost. Hints may be "purchased" for the specified amount provided a team has already earned enough points by solving other challenges. The hint cost will be deducted from the team's score. In general, the higher the cost of the hint, the more helpful it is intended to be.

The FIRST Challenge will conclude on Thursday at 15:30 local time (UTC+9) and at that time, the team with the most total points will be deemed the winner unless there is a tie, in which case the ranking displayed on the framework website utilizing the rules outlined above will be used to determine the winner.

Be patient, persistent and don't give up! Every day we'll be releasing new and fresh challenges that will allow you to make up any points you missed on previous days. Many of these are independent challenges, meaning they don't depend on previous challenge results.


Tips:


Challenge Survey

Please, take a few minutes to fill out the challenge survey. It is very important to help us in our efforts to improve next editions.


Have fun and good luck!