CTF SCORING

SCORING
-------

Each team has two types of score: defensive and offensive. During this 
year's game, it was obvious that the focus was on offensive, so having 
a high positive defensive score did not ensure victory since offensive 
score were 6 to 20 times higher than defensive score. The explanation 
is below:


Defensive Score
---------------

* How do you win defensive score?

A defensive score is given when the scorebot has successfully checking
flags from the customized daemons. This means that 

1) your daemon is up
2) the flag is valid
3) pass binary, process code space integrity and stack/heap/data 
executable checking  

Checking flag is done randomly.

* How do you lose defensive score?

There are two operations involved: checking valid flag and setting new
flags.

If the scorebot is unable to retrieve a valid flag from your daemon, the
score for the daemon will be deducted. The maximum deduction is -10.

If the scorebot is unable to set a new flag on your daemon, the score
will be deducted. The deducted point for a daemon is the same as the
offensive score for the daemon. So if the offensive score for a daemon
is 200, a failed set flag for that deamon will be -200. 


Offensive Score
---------------

* How to win offensive score?

By collecting as many flags from other teams, and submitting them to the
score server via web interface. This is pretty straigh-forward - teams 
need to write exploit for the daemons, and use them to get flags. The 
flags are stored on team servers in binary format (20bytes). Teams have 
to submit hexadecimal notation (40 hexadecimal digits). There were quite
a number of teams who did not know how to use hexdump properly!

* How to win more offensive score?

By collecting as many flags as possible from a particular daemon on a
particular team server. This basically means that, if team09 have an
exploit for daemon01, they can use it to collect flags from teams 01 -
08  (8 teams, 8 flags). However, from time to time, the scorebot will
change the flags on the daemons for all teams. This means that, say 90
or 120 minutes later, team01 can run the exploit on the same daemon
again, and collect 8 more flags, hence more points!

Teams cannot resubmit previously captured flags or their own flag.

* Bonus offensive score

Teams can get bonus point based on write up about their understanding 
of challenges (how challenges works, identify where the vulnearbilities 
are, provide exploits, POC or describe how to exploit the 
vulnerabilies, ...) at the end of the second day. 





$rev 1.0$
$author: mel$