Notification about the Qualifying round of ASEAN Student Contest on Information Security 2021
- Detailed timeline
From 7:30 to 18:00 (UTC+7) on October 16, 2021
- 7:30 – 8:00: Preparation time
- Join Zoom Meeting with ID: 447 762 4915 and Passcode: ascis2021
- Connect to the exam website quals.ascis.vn and log in with the account which the Organizing committee provides the team leader via email
- 8:00 – 8:45: Opening Ceremony
- 8:45 – 16:45: All teams begin to perform the contest (if the exam process has any related-system problems, the Organizers and Judges will be extending time to do the test
- 16:45 – 17:00: Close the exam system and The Organizing committe will work on the result to make final decision on winning teams
- 17:00 – 18:00: Official result announcement and Awarding ceremony
2. Regulations for competition
During the contest period, candidates must adhere to the following rules:
• Only exchange content related to the contest with members of your team
• Do not use mobile devices to exchange the information related to the exam
• Do not reveal exam accounts, exam questions, flag
• Do not attack the exam system, do not use scanning tool, interfere with other teams
• If you have any questions, please contact the Organizing Committee via m.me/ascisVNISA chat channel or chat on the exam system.
• All contestants must have the live image connected via video conferencing system, do not turn on the mic (always turn on the webcam), only chat with the Organizing Committee. In case contestants do not connect their live image during the competition the Organizing committe might minus the score of that team
All teams have to name on the Zoom Meeting according to the following syntax:
– For ASEAN teams: [Country name]_[Team name] (Team name registered with Organizing committee). For member: [Country Name]_[Team Name]_[Member Name].
– For Vietnamese teams: [School short name]_[Team name]. For member: [School short name]_[Team Name]_[Member Name].
* School short name: a short name in English
For example: Hanoi University of Science and Technology has school short name like HUST
3. Instructions for competition
The Qualifying round is held virtually in the form of CTF – Jeopardy exam, specifically:
- The Qualifying round includes challenges in the following areas:
- Web application: exploit web application vulnerabilities (SQL injection, XSS, Session Hijacking…)
- Reverse engineering: Decompile software source code, unpack source code protection packers
- Pwnable: find bugs, exploit vulnerabilities in server applications, software, or code (e.g. buffer overflow, write shellcode, format string…)
- Network/ Forensic: Investigate and analyze digital traces (packet analysis, memory dump analysis, ram…)
- Crypto/ ACM: String decoding, algorithm, algorithm analysis, algorithm programming…
- As the competition kicks off, all teams need to log into the exam website with provided account. All teams can do any test and do many tasks at the same time in the challenges of the exam.
- All teams need to tackle the requirement of the challenges to win the flag. The format of the flag is: ASCIS {.*}, for example: ASCIS{th1s_1s_4_fl4g}
- When finding the flag, the teams need to submit immediately their own flag to gain the earliest points which offers team a ranking advantage in case there are more than one team having the same points.
- The score for each challenge depends on the number of team that successfully tackled the challenge, according to the following rules:
- The more teams successfully tackle the challenge, the lower the score for that challenge teams will gain
- The challenge (i) will have score D(i) in which Dmax(i) is supposed to be the maximun score that a team can gain. If there is the only one team to tackle the challenge successfully that team will totally gain Dmax(i) and when the number of teams being able to tackle the challengs increases, the score for each team will be recalculated, until it returns to Dmin(i), it will not change anymore.
D(i) = Dmax(i) – (Dmax(i) – Dmin(i))*s2(i)/d2(i)
In which: s(i) is the number of teams that have successfully tackled challenge i; d(i) is the number of teams that tackle the challeng when the score reaches Dmin(i)
Default Dmax(i) = 500, Dmin(i) = 100, d(i) = 20.
4. The team division and prizes
4.1. Team division: all teams are divided into 03 groups as follows:
– VN1 group: Teams from the North of Vietnam
– VN2 group: Teams from the South of Vietnam
– ASEAN group: Teams from other ASEAN countries
The team division only holds the purpose of making team selection for the Final round more easily. The top 5 teams of each group VN1, VN2 and 7 best teams of ASEAN group (only the best team of each other ASEAN country) will be selected to compete in the Final round.
4.2 Prize structure
The prize structure will be the same for each group and includes:
– 01 First prize
– 02 Second prizes
– Some Third and Consolation prizes (based on the number of teams in each group)
4.3. Judging criteria
As the competition ends, the Organizing committee will make last decisions on which teams will be winners as following criteria:
– To be awarded the first place, the score of that team must not be lower than the one which is awared the second place (the lowest one) in the other two groups
– The second place in one group must not be lower than the third place team (the lowest one) in the other two groups
– The third place team in one group must not be lower than the Consolation prize winners with the lowest score in the other two groups
– The team winning the Consolation prize must tackle successfully at least 2 or more tasks
The Prizes include cash or gifts which are equivalent in value. Winning teams are also acknowledged with certificate of merit from the Organzing Committee. Prizes will be delivered to the teams after Award announcement and award ceremony
Best regards.