READ ALL OF THIS PAGE (that means every word on this page) BEFORE PROCEEDING – THE RULES ARE IMPORTANT!
For the first time ever, the SEVillage is going to host an OSINT CTF! OSINT is the lifeblood of a social engineer and a person’s proficiency in using this skill is often time the reason for success in social engineering engagements. This unique event will challenge you and test your abilities to use OSINT skills. With a 4-hour time limit each contestant will be given the chance to collect information on provided targets. Those who end with the highest score will take home some very nice SE prizes!
So, if you are:
- Willing to spend time in an awesome, fun contest
- Wanting to win awesome prizes
- Wanting to be crowned the DerbyCon OSINT Champion!
Then read on….
The CTF Rules
Before you sign up, read the ALL THE RULES CAREFULLY. Breaking these rules can lead to disqualification – SO KNOW THEM!
The underlying idea of this contest is: No one gets victimized during this contest. This contest focuses on the information-gathering skills of the contestant. Our goal is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. We will never lose our core value of ‘leave them feeling better for having met you’ and we expect each OSINT CTF contestant to live up to that standard. If you violate anything on the following list, you will receive a warning; if the behavior continues then you will be disqualified from the competition.
The Do Not List:
- Attempting to elicit confidential, legal, or personal target data (e.g. SS#, credit card numbers, passwords, etc.).
- No paid search services can be used. All contestants must be able to provide a URL for each flag submission upon requestion. We will spot check the winning contestant and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.
- Contestants are not allowed to call, email, or elicit information from the targets in ANY way.
- You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.
- Use of pornography in any form. We attempt to keep the SEVillage family-friendly at all times.
- Any techniques that would make a target feel as if they are “at risk” in any manner.
- The use of threats or foul language.
- Use common sense, if something seems unethical – don’t do it. If you have questions, ask a judge.
- Contestants will compete on an individual basis; submissions consisting of multiple people on a team will not be accepted
YOU WILL NEED:
- A computer
- Be in attendance at DerbyCon on Saturday, September 7
Does this sound exciting? Then sign up TODAY! Signups will be taken until August 30th and ONLY 14 contestants will be selected to compete. So, tell us why we should choose you.