BYU-ITC-515R-ACT

Midterm 2: CTF

Overview

The exam consists of a series of Capture The Flag (CTF) challenges distributed across four main categories. These challenges will test your skills in web exploitation, cryptography, reverse engineering, and miscellaneous topics. Your objective is to solve as many challenges as possible to earn points, meeting the criteria for passing, merit, or distinction.

Categories and Challenges

• Web Exploitation (4 challenges)
• Cryptography (4 challenges)
• Reverse Engineering (4 challenges)
• Miscellaneous (3 challenges)

Scoring Criteria

Each challenge is worth 200 points. To achieve each grade level, you must meet the following requirements:

• Pass: Score at least 800 points.
• Merit: Score at least 1,600 points.
• Distinction: Score at least 2,800 points.

Exam Guidelines

Time Limit

• The exam will open on March 14th at 11:00 am and close on March 20th at 11:59 pm. You have the duration of the exam period to complete the challenges. All submissions must be finalized by the end of the allocated time.

Submission

• All challenges will be submitted through the CTFd platform. Points are awarded only for correct solutions. No partial credit for challenges will be given.

Scoring Updates

• Your current score will be visible on the CTFd instance dashboard as you progress.

Collaboration

• This is an individual exam. Collaboration with others is strictly prohibited and will result in a failing grade on the exam.
• The exam is closed neighbor, meaning you may not discuss it with anyone nearby, but it is open book and open internet, allowing you to use personal notes, textbooks, and online resources.
• Collaboration is defined as communicating with any individual in person or via any digital, written, audio, or video communication to seek hints, help, guidance, direction, or tips on any material related to the exam. This includes posting questions or problems on platforms such as Stack Overflow, Reddit, Discord, or similar forums.

Flag Format

• Each challenge will use the flag format byuctf{flag}, unless specified otherwise in the challenge. Do not brute force the flag submission form or guess flag formats.

Scope of Challenges

• Only interact with systems or services explicitly listed in the challenge scope.
• Do not target the CTF platform or infrastructure (e.g., scoreboard, challenge hosting).

Prohibited Behavior

• Do not perform denial-of-service (DoS) attacks on the platform or challenges.
• Do not attempt to disrupt the CTF environment or hinder others’ participation.

Rules for Brute Forcing

• Automated brute forcing of login forms, password fields, or any other authentication mechanisms or systems is only allowed if explicitly permitted by the challenge.

Rules for Automated Scanning

• Use of automated tools (e.g., nmap, Burp Suite, Nikto) is allowed only if explicitly permitted by the challenge.
• Limit scans to the systems explicitly stated in the challenge scope.

Miscellaneous

• Challenge Integrity: Do not share or post solutions, hints, or flags publicly during or after the exam.
• Bug Reporting: If you encounter a vulnerability in the CTF infrastructure not related to a challenge, report it to the TAs immediately.

Grading

Your final grade will be determined based on the total points earned:

• Pass: Achieve at least 800 points.
• Merit: Achieve at least 1,600 points.
• Distinction: Achieve at least 2,800 points.

Good luck, and may your skills and determination guide you to success!