The qualifiers challenges for the
9th Edition of Security Summer School are deployed, for the
Binary/Exploiting or the
Web track. There are no challenges to be solved for the
Security Essentials track, but you'll still have to register and motivate your application. For the
Hardware Assisted Security track, all participants to the
Web or
Binary/Exploiting are eligible.
You first need to
register an account. Choose
SSSv9 Qualifiers as team type. If you want to use an existing account, let us know at
sss-contact@security.cs.pub.ro to update your team type to
SSSv9 Qualifiers.
Then go to the
challenges page and solve them. Challenges are to be solved individually.
You can choose either
Exploiting Qualifiers challenges or
Web Qualifiers. You can go for both and apply for both tracks, but we don't recommend that, we recommend you to focus on one.
Solve as many of them as you can by Sunday, May 22, 2022, 11pm EEST (i.e Romania time). Submit the flag here and then submit a
.zip archive with README files and solutions scripts for the challenges together with your contact details in
this registration form. We will then contact you with our response. Please register with the same e-mail address you used here, for challenge solving.
For SSSv8 qualifiers, challenges are to be solved individually. Most of the exploiting challenges may be solved using only simple tools such as strings, nm, ltrace, strace, readelf, xxd, netcat, without going into disassemblers (i.e. objdump) or debuggers (i.e. gdb). Most of the web challenges require a browser, developer tools, wget/curl and editors. Obviously, any correct solution is OK, irrespective of the tools employed.
For any issues and for support we will use the
Discord channel
#technical-issues.
Unless otherwise state, the remote flags are found in
/home/ctf/flag.
Unless otherwise stated, flags use the format
SSS_CTF{some_interesting_string} or
SSS{some_interesting_string}.
When solving challenges, please follow the rules:
0. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
1. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
2. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
3. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
4. Don’t ask for hints in private. We will only give hints that are available to all the teams.
5. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
6. In case two teams have equal scores, the team that got to that score first will have the advantage.