Here is the final list of attendees who enter into Bootcamp program in order to prepare for the European Cyber Security Challenge, the final phase, that will take place in London, United Kingdom. Congratulations for all attendees of this year's event. We hope that you had a great time solving challenges and learned new things while doing this.

We are looking forward to see you once again next year when Romania will host the international final of European Cyber Security Challenge.

  • adragos
  • Legacy
  • FeDEX
  • user_1
  • [k3rn3l_p4n1c] littlewho
  • Po5ta R0m4na | trupples
  • RoyalDMD
  • user_4
  • TrashPanda
  • Vlad Ciuleanu
  • iosifache

  • GDF
  • dnne
  • ez3kiel
  • r2197
  • Fx
  • nomius
  • Octav
  • mal
  • TheBestUser
  • Blackchain
  • B!t
Congratulations to all participants for the results at the "EUROPEAN CYBER SECURITY CHALLENGE 2018", national phase! The competition is now officially ended, but we will keep the problems live for a few more days. We would like to remind you that the top 15 participants in each category, based on scoring, must send at [email protected] write-ups for the problems solved by the end of the day - 23:59 GMT +03. If the write-ups are not sent, there is a high probability of disqualification or points removed. If you have any feedback regarding the event, please do not hesitate to send us a PM on Slack or via email.
We don't like ASLR.
"Common Collections" of knowledge can boost your spirit. :-)
Because there is a significant chance to find the flag for this challenge online, you need to submit the solution you've discovered via email at [email protected] until 08.07.2018 18:00.
07.07.2018 19:30:00
We've made some changes to the bin. Hope you may like. :-)
Update to nrs challenge at 07.07.2018 17:06:00

Check the new description.
If you want to talk in real time with organizers feel free to use our slack channel for this event. Please do not forget that flag sharing, hints and other information about challenges must not be published on the public channels or in private with other players. You can send PM to the organizers directly on Slack for any questions related to the challenges. For any other communication, you can use [email protected].
As stated in the rules, you must provide detailed solutions for each of the tasks you have successfully solved in order to validate your score and qualify for the next round. The top 15 players from the Junior category and the top 15 players from the Senior category can send their writeups at [email protected] until 8th of July 23:59. Note that while the services may still be online after the contest ends, it would be better to save any screenshots you might want to include before that.

P.S.: You can send them in Romanian or English, PDF or text, etc.
Programming tasks will test your skills as a programmer. You will either have a straight forward challenge which requires automation or you will have to identify a vulnerability that can be solved with automation.

Cryptography: tasks in this category require (identifying the target cryptosystem and then) doing an analysis on the way the cryptosystem was implemented or used. Many "textbook" implementations are often vulnerable if not used correctly. The intended way to solve the challenges is to reduce the problem to a general form, identify the vulnerability and either create an attack from scratch or find out if someone else has already done something similar.

Reverse engineering: tasks in this category can be solved through:
  • static analysis: looking at the assembly code using a specialized program: (IDA, Binary Ninja, Radare2, etc) and trying to analyze the program (without running it) in order to pass some checks, decode a file or correctly use a communication protocol
  • dynamic analysis: viewing a binary as a gray box and trying to recreate/guess the functionality inside the binary with a minimal inspection of the assembly code.
  • Note: there might be tasks that involve some (local) brute-force or heavy computation. However, all tasks are designed such that this process takes less than 1 minute (with the intended solution)

Web application attack & defense: attack tasks will focus on classic vulnerabilities (among OWASP Top 10). Note that there are no tasks here that can be solved with "automated hacking tools" (e.g. acunetix, nikto, etc) and there is no educational value in letting such a tool scan a task site. Defense tasks will require finding the right tools to deal with large binary files and applying filters and heuristics to reduce noise and pinpoint an attack and the information obtained by the attacker

Extra details:
  • most tasks will have the following flag format ECSC{[0-9A-F]*} In fact here's a valid flag: ECSC{318C99B7B381DEE5499AA51224F25AA752B9BF8A7B851AAAAAEFCDF75CEC50B9} Some tasks will clearly specify if the format is different and what to look for (aka there will be no guessing necessary)
  • not all tasks will be released from the start
  • you can ask for hints on the contact email address mentioned at the bottom of this page
  • however, note that all hints will be published for everyone: so you run the risk that other players will also get the same new insight we will release hints (if there are sufficient requests and not enough people already solved a specific challenge) at 12:00, 18:00, 24:00
The national competition will start on the 7th of July (12:00 Romanian local time) and will end on the 8th of July (18:00 Romanian local time).

Competition concept:
  • the tasks provided will test your knowledge on basic and intermediate topics of computer security
  • there are tasks that you can figure out without prior knowledge
  • there are also tasks that will require extensive "Googling" and learning new concepts
  • there can be multiple ways to solve one challenge; however, when you have solved it, you will obtain a piece of information called a flag
  • flags are unique per task
  • submitting a flag in the scoreboard will award you points
  • players will be ranked according to the number of points at the end of the competition
  • points will be validated by sending complete writeups of your solution for each task
  • if you do not submit writeups, we will assume you had external help and we will not include you in the list of finalists
  • for more information on the task format, you can check out the tasks, files and solutions submitted by the finalists last years: for 2016, for 2017

Registration rules:
  • competing criteria and categories according to year of birth:
  • 1900 - 1992: Cannot qualify for the Finals
  • 1993 - 1997: Can qualify for the Finals. Senior category
  • 1998 - 2018: Can qualify for the Finals. Junior category
  • registering accounts from anonymous mailboxes is not allowed
  • registering accounts from IPs related to VPN or Tor services is not allowed
  • registering accounts with offensive/politically incorrect names is not allowed

Competition rules:
  • in the Final phase (in United Kingdom) the Romanian team will consist of 10 people (out of which, a number of maximum 5 Seniors)
  • however, in this National phase, each contestant will compete on his own using a separate account external help is strictly forbidden. Examples of behavior that will lead to disqualification (and have done so in the past years): reposting the challenges or any part of the challenges, asking for help or spoiling the challenges by posting solutions/flags on IRC, Stack Overflow, Forums (RST, Tuts4You) etc
  • collaborating with other players is forbidden
  • registration is only available until the contest has started (to avoid abuse during the competition)
  • you can only attack the targets specified in the task descriptions
  • attacking the scoreboard (this site) will lead to disqualification
  • generating excessive traffic is not allowed (not even on the task targets)
  • DOS/DDOS is forbidden and will lead to disqualification
  • bruteforcing flags on the site scoreboard is not allowed
  • until the logs and writeups have been analyzed and validated, the scoreboard does not completely reflect the score situation

For any inquiries, the support address during the national phase is [email protected]