Trellix Launches Annual CTF Competition – Catmen Sanfrancisco!

By Trellix · February 1, 2022
This story was written by Steve Povolny.

The Advanced Threat Research team, now with Trellix, is pleased to announce the return of our second annual Capture the Flag contest featuring 12 new challenges of varying skill levels, and a Discord server to facilitate competitive collaboration. This year we decided to add a bit of story – so put on your 90’s nostalgia hats, as you assist our heroine, Catmen Sanfrancisco (clearly no relation to Carmen Sandiego).

Much like our inaugural CTF, we’ve done our best to minimize guesswork and gimmicks. While we’ve added a few flashy graphics, we’ve stayed true to our core principles – distilling the kind of problems we’ve encountered many times over the years during our actual research projects. Additionally, as this contest is primarily educational in nature, we won’t be focused as much on the winners of the competition. The goal is for anyone and everyone to learn something new. However, we will provide a custom ATR challenge coin to the top 5 teams (one coin per team member, up to 4 per team) on the scoreboard. When registering for the contest, make sure to use a valid email address so we can provide winners with our congratulations and challenge coin.

The ATR CTF will open on Friday, February 11th at 11:59 pm PST and conclude on Friday, February 25th, at 11:59 pm PST.

Click here to register!

If you’ve never participated in a CTF before, the concept is simple. You will:

• Choose the type of challenge you want to work on,
• Select a difficulty level by point value,
• Solve the challenge to find a ‘flag,’ and
• Enter the flag for the corresponding points.

NOTE: Each flag will be in the format ATR[1a2b3c4d5e], where 1a2b3c4d5e is replaced with a specific string clearly stated when solving a given challenge. For example: ATR[Ul33th4xorU]. You must submit the flag in full, including the ATR and square brackets.

Successfully completing a challenge will reward anywhere between 100 and 500 points - the harder the challenge, the higher the points!  We designed all CTF challenges so that you practice real-world security concepts, and while there are definitely overlaps for each challenge, this year’s categories include:

• Reverse engineering
• Exploitation
• Web
• Cryptography
• Linux
• Network
• Forensics

Teams consist of at least one competitor, but we welcome groups as well. If you get stuck, a basic hint is available for each challenge. Be warned though, you should only use the hint as a last resort; doing so will cost you valuable points.

Discord Server

This year we will be using Discord for teams and individuals to communicate both with us, and as a CTF community. Guidelines for participation via Discord can be found on initial login. Please register and login early and stay tuned for important announcements and opportunities to collaborate with industry peers.

Read before hacking: CTF rules and guidelines

McAfee and Trellix employees are not eligible for prizes or scoreboard placement in the public competition but are welcome to compete.

When registering, please use a valid email address, in case of password resets and contact information for prizes. We will not store or save any email addresses or contact you for any non-contest-related reasons.

Please wait until the contest ends to release any solutions publicly.

Cooperation

While cooperation is okay in limited form, sharing of flags or providing the challenge hints to other teams is cheating. Please help us keep this contest a challenge for all! When collaborating with other teams, general hints or strategies are okay, but please don’t ruin the competition for others.

Attacking the Platform

Please refrain from attacking the competition infrastructure, as this will lead to expulsion from the CTF. If you experience any difficulties with the infrastructure itself, questions can be directed to the ATR team via Discord. ATR will not provide any additional hints, feedback, or clues.

Sabotage

Sabotaging or otherwise impeding other teams is strictly prohibited and will result in expulsion from the CTF.

Brute-Forcing

No brute forcing of challenge flags/keys against the scoring site is accepted or required to solve the challenges. You may perform brute force attacks, if necessary, on your own endpoint to determine a solution if needed. If you’re not sure what constitutes a brute force attack, please feel free to contact us.

Denial–of–Service

DoSing the Capture–the–Flag (CTF) platform or any of the challenges is forbidden.

Happy hacking!

Looking for a little extra help?

Find here a list of useful tools and techniques for CTF competitions. While it’s not exhaustive or tailored explicitly to this contest, it should be a useful starting point to learn and understand the tools required for various challenges.

Many of these challenges are designed with Linux end-users in mind. However, if you are a Windows user, Windows 10+ has a Linux subsystem called ‘WSL’ that can be useful. Alternatively, a Virtual Machine can be configured with any flavor of Linux desired and should work for most purposes.

See https://github.com/dkmcgrath/Tools-and-Tips/blob/main/windows_and_mac.md for details on how to install useful Linux tools on both macOS and Windows machines.

Contact Us

While it may be difficult for us to respond to emails, we will do our best – please use the email address below to reach us with infrastructure problems, errors with challenges/flag submissions, etc. We are likely unable to respond to general questions on solving challenges. You can also reach us directly via Discord.

Discord: https://discord.gg/JuSxfRm3uc

Email: atrhax@trellix.com

How much do you know about Trellix’s industry-leading research team?

ATR is a team of security researchers that deliver cutting-edge vulnerability and malware research, red teaming, operational intelligence and more! Take a look at the ATR website to learn more about the team and some of its research highlights.

General Release Statement

By participating in the contest, you agree to be bound to the Official Rules and to release Trellix and its employees, and the hosting organization from any and all liability, claims or actions of any kind whatsoever for injuries, damages or losses to persons and property which may be sustained in connection with the contest. You acknowledge and agree that Trellix et al is not responsible for technical, hardware or software failures, or other errors or problems which may occur in connection with the contest. By participating you allow us to publish your name. The collection and use of personal information from participants will be governed by the Privacy Notice.