As stated in the rules, you must provide detailed solutions for each of the tasks you have successfully solved in order to validate your score and qualify for the next round. The top 10 players from the Junior category and the top 10 players from the Senior category can send their writeups at csc2017ro@bitdefender.com until 09-07-2017 23:59. Note that while the services may still be online after the contest ends, it would be better to save any screenshots you might want to include before that.
P.S.: You can send them in Romanian or English, PDF or text, etc.

Don't forget to include:
  • Your real name
  • City
  • Affiliation (school, work, etc)
  • Phone number
  • Protoss hint added (last)
  • Voodoo in my system! hint added

12 hours remaining!
  • Crimes Against X86 points adjusted to 350
  • Base64 encryption points adjusted to 300
  • Pentest Noise points adjusted to 300
  • Protoss hint added
  • Web of Leaks part 2 hint added
  • Shellcode-as-a-Service hint added

There will be no further point adjustments.
The next news update is unscheduled.
24 hours remaining!
  • Strategic Patience task added
  • Crimes Against X86 points adjusted to 300
  • TLE hint added
  • Tiny Horror hint added
  • It is always simple when you are admin! hint added
Next news update will be at 00:00 (02-07-2017).
  • Bricks were SHA* task added
  • Pentest Noise task added
  • Crimes against X86 points adjusted to 250.
  • Voodoo in my system task text clarified
  • Protoss hint added
  • Shellcode-as-a-service hint added
Next news update will be at 18:00 (01-07-2017).
Hints added for:
  • Read the rules :)
  • Censorship part 2: RSA ownage
  • Bricks were MD*
  • TLE
Next news update will be at 12:00 (01-07-2017).
Some task texts have been modified to be more clear regarding your objective.
New tasks added: Web of Leaks (exploit), Base64 encryption (crypto), Protoss (binary)
New (very revealing) hint added for Censorship part 1.
One cybersecurity topic that arguably everyone is talking about in 2017 is "ransomware". That is why we have decided this year to sprinkle the challenges with some issues that appear in any ransomware-related investigation from a cybersecurity analyst's point of view:
  • Reverse engineering executables
  • Cryptanalyzing custom encryption algorithms
  • Reverse engineering custom binary communication protocols
  • Assessing the security of a web application
  • Analyzing forensic evidence after such a cyber attack has taken place
While it might sound daunting at first, the challenges are wrapped in a form that makes solving them relatively straightforward. We will also be releasing hints as the competition progresses. Here are some details on each category.

Cryptography: tasks in this category require (identifying the target cryptosystem and then) doing an analysis on the way the cryptosystem was implemented or used. Many "textbook" implementations are often vulnerable if not used correctly. The intended way to solve the challenges is to reduce the problem to a general form, identify the vulnerability and either create an attack from scratch or find out if someone else has already done something similar.

Reverse engineering: tasks in this category can be solved through:
  • static analysis: looking at the assembly code using a specialized program: (IDA, Binary Ninja, Radare2, etc) and trying to analyze the program (without running it) in order to pass some checks, decode a file or correctly use a communication protocol
  • dynamic analysis: viewing a binary as a gray box and trying to recreate/guess the functionality inside the binary with a minimal inspection of the assembly code.
    Note: there might be tasks that involve some (local) brute-force or heavy computation. However, all tasks are designed such that this process takes less than 1 minute (with the intended solution)

Web application attack & defense: attack tasks will focus on classic vulnerabilities (among OWASP Top 10). Note that there are no tasks here that can be solved with "automated hacking tools" (e.g. acunetix, nikto, etc) and there is no educational value in letting such a tool scan a task site. Defense tasks will require finding the right tools to deal with large binary files and applying filters and heuristics to reduce noise and pinpoint an attack and the information obtained by the attacker

Extra details:
  • most tasks will have the following flag format CSC2017RO{[0-9a-f]*} In fact here's a valid flag: CSC2017RO{b4c1563ce67eabe958d8926e78a28f303f6f1eb7} Some tasks will clearly specify if the format is different and what to look for (aka there will be no guessing necessary)
  • not all tasks will be released from the start
  • you can ask for hints on the contact email address mentioned at the bottom of this page
  • however, note that all hints will be published for everyone: so you run the risk that other players will also get the same new insight
  • we will release hints (if there are sufficient requests and not enough people already solved a specific challenge) at 12:00, 18:00, 24:00
The national competition will start on the 30th of June (12:00 Romanian local time) and will end on the 2nd of July (23:59 Romanian local time).


Competition concept:
  • the tasks provided will test your knowledge on basic and intermediate topics of computer security
  • there are tasks that you can figure out without prior knowledge
  • there are also tasks that will require extensive "Googling" and learning new concepts
  • there can be multiple ways to solve one challenge; however, when you have solved it, you will obtain a piece of information called a flag
  • flags are unique per task
  • submitting a flag in the scoreboard will award you points
  • players will be ranked according to the number of points at the end of the competition
  • points will be validated by sending complete writeups of your solution for each task
  • if you do not submit writeups, we will assume you had external help and we will not include you in the list of finalists
  • for more information on the task format, you can check out the tasks, files and solutions submitted by the finalists last year.

Registration rules:
  • competing criteria and categories according to year of birth:
  • 1900 - 1991: Cannot qualify for the Finals
  • 1992 - 1996: Can qualify for the Finals. Senior category
  • 1997 - 2003: Can qualify for the Finals. Junior category
  • 2004 - present: Cannot qualify for the Finals
  • registering accounts from anonymous mailboxes is not allowed
  • registering accounts from IPs related to VPN or Tor services is not allowed
  • registering accounts with offensive/politically incorrect names is not allowed


Competition rules:
  • in the Final phase (in Spain) the Romanian team will consist of 10 people (out of which, a number of maximum 5 Seniors)
  • however, in this National phase, each contestant will compete on his own using a separate account
  • external help is strictly forbidden. Examples of behaviour that will lead to disqualification (and have done so in the past years): reposting the challenges or any part of the challenges, asking for help or spoiling the challenges by posting solutions/flags on IRC, Stack Overflow, Forums (RST, Tuts4You) etc
  • collaborating with other players is forbidden
  • registration is only available until the contest has started (to avoid abuse during the competition)
  • you can only attack the targets specified in the task descriptions
  • attacking the scoreboard (this site) will lead to disqualification
  • generating excessive traffic is not allowed (not even on the task targets)
  • DOS/DDOS is forbidden and will lead to disqualification
  • bruteforcing flags on the site scoreboard is not allowed
  • until the logs and writeups have been analyzed and validated, the scoreboard does not completely reflect the score situation


Training ideas:
  • picoCTF is a past competition for complete beginners that is still online and available for you to try your skills
  • Google CTF is an advanced CTF taking place in the weekend of 16th-18th of June
  • Some sites with educational material alongside the challenges are Root Me and w3challs


Contact: