Rules

1. Our goals

The main goal of the competition is to popularize cybersecurity expertise and awareness through interactive and engaging means. By incorporating a playful approach, the event aims to make the complex world of cybersecurity accessible and intriguing. Participants are encouraged to delve into the challenges with enthusiasm, fostering a deep understanding of cybersecurity practices in an enjoyable environment. This approach not only enhances technical skills but also cultivates a strong sense of security consciousness, making participants more vigilant and informed in the digital realm.

2. About Us

The organiser is one of the teams of Óbuda University, John von Neumann Faculty of Informatics, called HoneyLab. Our team is supported and cooperates with the research lab of NIK-SOC.

• https://honeylab.hu/
• https://soc.uni-obuda.hu/

2.1. Main Sponsors

• Robert BOSCH Ltd. - Providing the venue and catering for the finals.
• HUN-REN - Ensuring the competition infrastructure.

2.2. Prize Allocations

• REG Zrt.
• Andrews IT Engineering
• Alverad Technology Focus Ltd.
• Kiber Klaszter
• Nemzeti Kibervédelmi Intézet
• Hacktivity Team

3. Definitions

Participant: a natural person who has duly registered for the tournament and is a Hungarian citizen.
Organiser: the organisation responsible for running the competition.
Challenge: a task that the participant has to solve during the competition; there will be several tasks of different difficulty in one round.
CTFd platform: the space accessible from the open internet where the details of the challenges can be found, and flags can be submitted.
Game net: the networks provided for solving tasks. Flag: a unique series of characters, needed to solve a challenge.
Communication platform (Discord): the primary communication platform between players and organisers, where it is possible to submit and manage bug reports.

4. Conditions of participation

4.1. Duration

1st online round: 18:00 on 13.10.2023 – 18:00 on 22.10.2023
CyberQuest final (onsite): 8:30 – 18:00 on 03.11.2023

Participants have to register on the website of the HoneyLab - https://cyberquest.honeylab.hu/ - using a dedicated form. A valid e-mail address is required, but it is not mandatory to register with your own name. By registering, participants declare that they have read and accepted the Competition Rules.

It is possible to register for the competition until the end of the online round 18:00 on 22.10.2023. The competition organiser will verify the e-mail addresses provided during registration. Upon successful registration, participants will receive a confirmation e-mail from the organiser to the e-mail addresses provided at the time of registration.

4.2. Registration

After registration and the end of the registration period, the application for the competition is made through the online system of the platform (cyberquest.honeylab.hu), where it is possible to complete the competition tasks as well after the registration. The e-mail address used during registration is required to apply to the platform. Participants must indicate their intention to take part in the competition by registering in the manner indicated in the call for entries. The competition is not open to the organiser’s staff and their family members, or to persons and their family members who have any other form of contact with the organisers.

4.3. Data required for registration

The data required for registration and entry to the competition: Participants' provided identifier and Participants' e-mail address. Participants who will be invited to the final of the competition (top 10) will be required to provide additional personal data due to the entry permit to BOSCH Budapest Innovation Campus. These data are:

• Participant's name
• Participant's place and date of birth
• Address
• Personal ID
• Phone number
• Declaration of consent
• Parental consent form if the player is under 18 years of age
• Food allergy details (for the provided catering)

The organiser will verify the identity of the participants who qualify for the final during the personal meeting and preparation. Participation in the competition is voluntary and free of charge. All personal data obtained during the competition will be treated confidentially and in accordance with the data protection legislation in force, will not be disclosed to third parties, except as described in subsection 2.2 of the regulations, will not be disclosed to third parties, will not be made available to third parties, and will comply with the data management rules.

4.4. Mandatory declarations

With the participation in the competition, the participants accept the Competition Rules and claim the following: "I declare that I have read and accepted the Competition Rules. I declare that the information I have provided is true and correct and that I have registered and will use only this one user account during the competition. I declare that I will act in accordance with the Hungarian legislation in force during and in connection with the competition."

4.5 Other rules

The organizer has the right to disqualify from the competition any participants who have committed fraud or violated the conditions of participation, in which case the participant’s results will be deleted from the competition database. The organiser reserves the right to announce another winner if it has reason to believe that the participant selected in the first round has breached the conditions of participation. The organiser may, at its discretion, make available to the public at specific times in the competition help for solving specific problems (Hints).

5. The task of the competition, the conduct of the competition

5.1 Platform access

Access to the platform will be provided by the organiser after registration. Participation is subject to acceptance of the Competition Rules. The solution to the challenges – “flag” – must be submitted to the CTFd platform (https://cyberquest.honeylab.hu), which will be accessible from the open internet during the competition via the access path provided by the organiser, after authentication.

5.2. Challenges

To solve the jeopardy challenges, from basic to advanced technical knowledge is required, which have a variety of topics. In all cases, the aim of the jeopardy tasks is to achieve a "flag" (CTF tasks), which is a clear proof of completion. The flag can be achieved by completing a technical challenge. The "flag" is a unique identifier (CQ{flag_text}) that can be different for each task and user. A task is considered completed when the flag is sent in the correct field in the CTFd platform and has the correct value. The description and accessibility of the tasks can be found on the CTFd platform, and the solution must be submitted here. A task description is associated with a "flag", but tasks can be related.

5.3. Scoring

The competition is run using dynamic scoring, so each solution starts from 500 points, regardless of its level of difficulty, and the minimum score will be 100 points. The methodology of point calculation can be found on the following link: https://docs.ctfd.io/docs/custom-challenges/dynamic-value/.

5.4. Game net

The organiser will provide information about the availability of the challenge and how to access them. The targets available on the network are freely attackable. Uploading your own attack files to the servers and deleting them is allowed, but any action to deliberately destroy the challenge, prevent its availability or sabotage the play of other competitors (e.g. deleting original files, overwriting flags) will result in disqualification from the competition. Any offensive activity outside the gamenet as defined in the challenges will result in immediate disqualification and further consequences. Each task runs in multiple instances in the network. The challenges will be regularly reset by the organiser, the schedule will be published at the start of the competition.

5.5. Communication

The organizers communicate with the players via a specific Discord channel and e-mail. The Discord channel gives players the opportunity to indicate any problems during the competition and ask for help. The organizer reserves the right to make additions to specific challenges and to make changes during the competition, with clear information to the competitors. During the competition, the organizer may decide to provide help (hints) to solve certain tasks. This can be done in a uniformly accessible way for all competitors through the competition's official communication channels (e-mail, discord) and/or through the platform itself (CTFd) under the conditions defined in the same channels.

6. The final of the competition

The participants with the top 10 highest score will be invited to the final of the competition The final will be organized at the BOSCH Budapest Innovation Campus on 3 November 2023. The final is an on-site part of the competition where only the network and internet access will be provided, the participants must bring their own equipment.

Parental consent form if the player is under 18 years of age. The organiser will verify the identity of the participants who qualify for the final during the personal meeting and preparation.

7. Competition Awards

Top participants in the finals will receive the following awards:

• First Place: iPhone 15 Pro
• Second Place: 34" Ultrawide Monitor
• Third Place: Raspberry Pi

A special prize for the best participant under the age of 24: An opportunity to participate in the ECSC 2024 as a member of the Hungarian National team, offered by the National Cyber Security Center.

8. Changes to the Rules, Challenges and Awards

The organizers reserve the right to modify, amend, or change the competition rules, awards, or any of the challenges at any time without prior notice. While the organizers will make every effort to maintain the fairness and integrity of the competition, participants must accept any changes and decisions made by the organizers, even if they are based on unforeseen or erroneous information. Participants acknowledge that there is no legal recourse against any decisions or changes made by the organizers during the event.