- Admissions
- Academics
- Majors + Programs
- Departments
- Honors Program
- Study Abroad
- NYU-ePoly Online Learning
- Is NYU-ePoly Right for Me?
- Master's Programs
- Certificate Programs
- Fall 2009 Courses and Syllabus
- Spring 2010 Courses and Syllabus
- Elective Courses
- Applying, Registering, Costs
- Computer Requirements
- Tech Support + Academic Resources
- Guides and Forms
- Society Co-Sponsors
- Society Member Rebates
- Pre-Enrollment Form
- Proctoring Request
- Frequently Asked Questions
- Contact Us
- Support + Services
- 2009 - 2011 Catalog + Calendar
- Graduate School
- Class Schedule
- Research
- Business
- Connections
- Life
- Clubs + Organizations
- Athletics
- BlueJays Live
- Men's Sports
- Women's Sports
- Academic Support
- Alumni Events
- Athletic Training
- Directions
- Facilities + Venues
- Classes
- Fitness Center
- Hall of Fame
- History + Tradition
- Intramurals
- Recruiting Questionnaire
- Skyline Conference
- Staff Directory
- Student-Athlete Advisory Committees
- Brooklyn, NYC + Beyond
- Experience New York Series
- On-Campus Living
- Health, Wellness, Safety
- Student Development
- Student Resources
- Division of Student Affairs
- Graduation, Class of 2010
- About
Capture the Flag Application Security Challenge
Open to: undergraduates located in the continental U.S. can compete for prizes (see special note for graduate and international participants); this is an online competition that can be done remotely; limit 4 team members per team
Registration deadline: October 9
Event dates: October 10 (00:00 hrs) to October 10 (23:59 hrs) EST
Finalists: see below for a list of this year's finalists; the top 5-10 UG finalist teams from the continental US will be flown to NYC for a final round of CTF on the day of the awards ceremony
Team captain/contact for questions: Ravi Ivaturi
The CSAW Application Security Challenge is a cyber attack competition loosely based on the DefCon Capture the Flag Prequals. Participants will be given a series of challenges divided into different categories, each worth a specified number of points. This year, the competition will focus equally on Web Application security, Reversing and Exploitation. Make sure you are a jack-of-all-trades or put together a team with a diverse skill set.
And the Winners Are
Team |
School |
Team Members |
|
1st Place |
ppop | Carnegie Mellon University | Brian Pak, Andrew Wesie, David Kohlbrenner, Tyler Nighswander |
2nd Place |
RPISEC | Rensselaer Polytechnic Institute | Alexandru Radocea, Ryan Govostes, Adam Comella, Andrew Zonenberg |
3rd Place |
SecDaemons | DePaul University | Jonathan Tomek, Chris Long, Chris Lytle, Matthew Thomas |
2009 Finalists
Rank |
Team |
School |
Team Members |
Undergrad / Grad / Mixed |
Score |
| 1 | ppop | Carnegie Mellon University | Brian Pak, Andrew Wesie, David Kohlbrenner, Tyler Nighswander | Undergraduate | 16450 |
| 2 | CMU | Carnegie Mellon University | Joseph Ceirante, Jonathan Cooke, Jim Irving | Graduate | 10150 |
| 3 | RPISEC | Rensselaer Polytechnic Institute | Alexandru Radocea, Ryan Govostes, Adam Comella, Andrew Zonenberg | Undergraduate | 9600 |
| 4 | SecDaemons | DePaul University | Jonathan Tomek, Chris Long, Chris Lytle, Matthew Thomas | Undergraduate | 7100 |
| 5 | sla.ckers | Multiple Schools from Aus. & US | Alex Kouzemtchenko, Bob Graham, Luke Jahnke | Undergraduate | 6900 |
| 6 | nibbles | Multiple Schools from France | Megueddem Samir, Sofian Brabez, Ledoux Florian, Cissé Abdoul Malick | Mixed | 6750 |
| 7 | HockeyInJune | Polytechnic Institute of NYU | Julian Cohen | Undergraduate | 6350 |
| 8 | Team AFK | University of Hawaii at Hilo | Francis Usher, Chris Usher, Asael Temple, Jahrain Jackson | Undergraduate | 5700 |
| 9 | !first | CalPoly and NYU-Poly | Nick Trevino, Timothy Goya, Stanislav Palatnik | Undergraduate | 5500 |
| 10 | revenger | University of Texas at Dallas | Duan Ngo Toan | Undergraduate | 5050 |
Note: only finalists from the continental US will be flown to NYC for the CTF finals.
Judges
Erik Cabetas, Director of Information Security @ an NYC e-commerce startup | erik.cabetas.com
Dino Dai Zovi, Co-Author, The Mac Hacker's Handbook and The Art of Software Security Testing | trailofbits.wordpress.com
Dean De Beer, Principal, zero(day)solutions | zerodaysolutions.com
Stephen Ridley, Matasano Security | twitter.com/s7ephen
Keith O'Brien, Distinguished Systems Engineer, Cisco Systems | Bio
Prizes
Master of Science scholarships for students who attend NYU-Poly:
- 1st place: $5,000
- 2nd place: $3,000
- 3rd place: $3,000
Cash prizes for winners:
- 1st place: $500
- 2nd place: $250
- 3rd place: $100
Non-Under Graduate Teams will be given a NYU-Poly certificate with relevant details.
Travel Grants
Each finalist from the continental US will receive a travel grant to offset the cost of attending the awards ceremony, where the first-, second-, and third-place place winners will be announced, along with a bonus prize winner. Finalists must be present at the awards ceremony to obtain their prizes.
Rules
- Registering for the CTF competition does not force you to participate
- Teams are limited to 4 team members; there can be an unlimited number of teams per university
- Only use your team e-mail (the e-mail you signed up with) for communicating with the team captain
- You may submit answers in any order
- You may only submit an answer to a given question once
- Unless you are the author of the tool, the use of all commercial tools are forbidden (we suggest using OWASP tools)
- The entire competition is hosted on the same server for each team. If you write an exploit that can modify the contents of the filesystem or disrupt the challenges in any way, e-mail the team captain with the details and he will give you bonus points.
- DoS attacks are not allowed and will result in disqualification
- The only legal play times are between October 10 (00:00 hrs) to October 10 (23:59 hrs) EST
Registration/Participation Logistics
- Include the team name and the names of all your team members during registration
Last Year's Winners
Place |
University/School |
Team Name |
Team Points |
| 1st | Multiple | Team Tefaye | 16375 |
| 2nd | Rensselaer Polytechnic Institute | RPISEC | 13575 |
| 3rd | University of Idaho | Pwntatoes | 11475 |
| 4th | Ruhr University Bochum | FluxFingers | 10075 |
| 5th | Naval Postgraduate School | MyLittlePwnies | 9175 |
| 6th | RWTH-Aachen | teamSparta | 7925 |
| 7th | Bagsværd Kostskole & Gymnasium | The Down Ownerz | 7825 |
| 8th | DePaul University | SecurityDaemons | 5025 |
| 9th | University of South Florida | 0x28Thieves | 4200 |
| 10th | UCLA | WiseguyS | 4125 |
Note for Graduate/International Students
We are glad to announce that graduate and international students can participate. Complete details will be posted soon. Interested students may register using the regular registration form.
We wish to thank all our previous participants and graduate students for their support and interest and hope you'll find this year's CTF equally engaging and fun.
Frequently Asked Questions
How do I know when I've solved a challenge?
The "answer" to most of the challenges is a string of random numbers, an MD5 sum, or a SHA1 sum, which you will recognize when you get one. A few challenges require you to deface webpages or other tasks. Those challenges will specify how to know you're done.
How do I redeem my answers for points?
A scoreboard will be hosted during the competition where solutions can be submitted for points and live score of all teams can be tracked
CSAW Sponsors
