The first Mozilla CTF was held on January 25, 2012, and ran for 24 hours. Despite some technical glitches, the event was very successful with over 150 teams registered.
The Top 3 teams were Leetmore, Eindbazen, and PPP. More details are upcoming at https://blog.mozilla.com/webappsec/
You can find a list of write-ups here.
Details regarding our next CTF event will be published here, and by @MozillaCTF on twitter.
A special thanks to Frederik Braun and the FluxFingers team for their assistance in organizing and designing this event.
Our CTF will be challenge based. We will present you tasks that are mostly independent from each other and can be solved separately. Topics will vary from Exploitation, Cracking, Crypto, Web Security (among others). The game will be limited to one day (i.e. 24 hours) and the team with the most points is announced the winner. Good examples for a CTF like this can be found here (Cheers to FluxFingers! :))
- Is there an IRC Channel?
- Yes, please join #ctf-qa on irc.mozilla.org
- What if I do not have a team? Will you provide a matchmaking service?
- It is totally fine to play as a single participant. Please understand that we do not provide a matchmaking service.
- Why is there a Mozilla CTF?
- Our aims are currently twofold: First, we want to show less experienced people that CTFs are fun and security is not a secret conspiracy thing you will never understand. Second, we would like to engage experienced security folks into Mozilla and raise awareness for our bug bounty program.
- Solving a challenge worth X points will give you X points. If you're the first to solve it, you'll get a reward of 3 points. Second gets 2, third gets 1 bonus point.
- No DoS
- No automated Scans (there will be a penalty for that)
- Do not generate large amounts of traffic
- No destructive attacks (don't delete stuff)
- Please confine your hacking on the tasks that are explicitly free to hack
- If you find a cheat or trick to solve things more easily, please report it for Bonus Points
- The organizers might change the rules throughout the challenge. This will be announced on IRC
- Teams breaking these rules might be penalized or excluded from the competition