Cyber Corporate Fight Club (CCFC) FAQ
Table of Content
- Registration Process
- The Cyber Drill
- Reports and Statistics
- Privacy and Anonymity
1. Registration Process
I have a valid CTF365 account. Can I register with it?
NO. You cannot. That’s because we designed CCFC to be held in an anonymity and privacy way. For this reason we introduced the license keys. No email addresses, no names or nicknames. For more details, read 4. Privacy and Anonymity chapter.
I bought a slot (Enroll Now - Team of 3 or Team of 5). What’s Next?
- Once you bought a slot, the system will automatically create a team (e.g. Team1). This will be your team.
- In the same time, you will receive via email 3 or 5 license keys per team (e.g. Team of 3 - 3 license keys, Team of 5 - 5 license keys). The license keys are unique and belongs to the team that has been allocated by the system. License keys has to be handed to the team members.
- You give one license key to each employee you want to participate to Cyber Corporate Fight Club.
Note: License key belongs to a specific team so make sure you handed to the right person.
I have a license key. What’s next?
- Head over https://ccfc.ctf365.com/registration.html
- Insert the license key in the text box
- Hit “Register” button
- A download pop-up window will appear asking you to download the credentials
- Download the credentials.
- Set-up your VPN using downloaded credentials
- Test the VPN connection by pinging xxx.xxx.xxx.xxx from your terminal.
NOTE: The Registration session will be available starting on June 31st 2019 12:00am UTC
I have set up the VPN using the credentials, No ping response from xxx.xxx.xxx.xxx
- Contact firstname.lastname@example.org and give as many infos as you can. Please include vpn log file, your license no, your team no, operating system and what actions have you done.
- On the subject line PLEASE use Subject line: “CCFC - No Ping Response on VPN”
- Our support team will get back at you ASAP to fix the problem.
I set up my VPN, is working properly. What’s next?
Great! Now check for news on our registration page. Once your in the system, and visit the registration page, if you registered your account, the page will display the latest news and details.
I bought 2 (or more) slots (Enroll Now - Team of 3 or Team of 5). How do I proceed?
The system will generate the same number of teams as many slots you bought. For example, if you bought 3 slots, the system will generate 3 teams (e.g. Team1, Team2, Team3) and each team will have its own license keys allocated.
2. The Cyber Drill
When CCFC will start?
Starting date is set for October 11st 2019 at 12:00 am GMT.
How long it will last?
It will last 7 days.
How it will be played?
- It will be played as attack and defense Capture The Flag competition except that there will be no public or private scoreboard.
- Each team will be provided with the same enterprise alike setup.
- You will have to complete some challenges, find vulnerabilities within the setup, patch them, get full control over your network while hacking into others.
Why no scoreboard?
- The main reason of the cyber drill is to asses, train and test your skills in a private and anonymous way. Your privacy and anonymity is very important to us. However you will receive a Report about your performance against and compared with the other Teams. For reports please read next chapter bellow (3. Reports and Statistics).
What type of challenges we’ll confront?
- Web Application Security (Top 10 OWASP)
- Network Security
- Operating System Security
What are the difficulty levels?
We set up 4 difficulty levels for each type of challenges (Web App Security, Network Security, Operating System Security):
Level 1 - Easy
Level 2 - Medium
Level 3 - Hard
Level 4 - Very Hard
In my team I have only web app developers and system administrators. Can I play? It will affect my performance?
- Sure you can play.
- No, it will NOT affect your performance. The final report will be made only on those skills set that your team covers. In this case would be defensive only.
I have offensive team. Can I play?
- Sure. The final Report will cover offensive set skills which is important to you.
What skills set should I look for when I choose team members?
Some of the skills and teams that we address to are listed bellow:
- System administrators
- Security Professionals
- Ethical Hackers
- Red Teams
- Blue Teams
3. Reports and Statistics
How you will measure performance?
* We have developed an algorithm based on speed (how fast you find and report a vulnerability,), difficulty level, type of challenge, uptime vs downtime of different services and opened ports.
* Your performance will be measured against:
* Our basic numbers. We’ve calculated how long time should take to be solved each challenge (e.g. how long time to fix all web apps, fix all network bugs, fix all operating system flaws etc).
* Other teams performance.
4. Privacy and Anonymity
Will anyone know who the players are?
- NO. This is our main focus: Your Privacy and Anonymity. This is the reason we don’t use scoreboards, this is the reason why we’re license based registration, by default team name (e.g. Team1, Team2 and so on). No user names, no team names, no email addresses nothing to point at your identity. Moreover, we use third party gateway payment provider which means that all details about your payments is not on our site.