TU Berlin

AG RechnersicherheitRules

Logo der AG Rechnersicherheit

Page Content

to Navigation


There are only a few rules, refining the main idea to have a fair and fun game. If you are in doubt during the CTF contact us.

Date and Time

The contest starts on October 7th, 2011 at 10:00 AM (CEST/UTC+2). After 8h the winner will be announced, but the system will keep running as long as you have fun.

Remote teams are asked to register in advance. The registration will close October 6th 23:59 (CEST/UTC+2)  [changed].

Remote and local teams

The contest will be organized in cooperation with the INFORMATIK 2011 conference in Berlin. Participants of the INFORMATIK 2011 student programm can form teams to join the contest here in Berlin. We will provide space and basic infrastructure (network, power etc.), but you have to bring a notebook.

All other teams can participate remotely. There is no VPN or VM host machine setup needed. Remote teams have to be associated with a university and have to name a member of faculty which will be responsible for the rule compliance during the game.


The Contest consists of 5 levels each with 3 challenges of different difficulty. In each challenge, one or more secret codes (flag, /eno[a-z0-9]{37}/) are hidden. One of the flags will solve the challenge. Handing in the others will be awarded with bonus points.

The flags can be handed in via the challengeboard. For every solved challenge you get about 50-500 points as annotated in the challenge.

After solving at least one challenge of a level, you may progress to the next level. Doing so will show you the 3 new challenges of the next level, but you can still hand in flags for the lower levels. Flags for lower level challenges will be rewarded with 25% [changed] of their original point value. So you get more points, when you solve all challenges of level 1 before leveling up to level 2.

Winner is the team with the highest amount of points. If two teams score the same number of points, the team which gained them first wins.


The contest is designed to have fun and apply your knowledge on computer security. With this in mind, think also about the consequences for other teams and us when trying out something.

Do not brute force the game services hoping for a random hit. If you automate the communication with a game service, monitor the output carefully and keep the requests at a resonable rate.

If someone tries to DoS us, we feel free to block this team for a while.

If you find any bugs in the webserver, scoreboard, challengeboard or other services not specifically mentioned in the challenges or some obvious error in a game service, please contact us.

This webserver, the scoreboard, challengeboard or other services not specifically mentioned in the challenges, are not part of the game. Do not try to hack them, work on the challenges! Especially don't spam / brute-force the challengeboard with made up flags, it only annoys the other teams.


If you have any further questions, contact us:

And now comes the most important rule: Have fun!


Quick Access

Schnellnavigation zur Seite über Nummerneingabe