Notification about the Starting round of ASEAN Student Contest on Information Security 2023

1.  Detail timeline

From 7:30 am to 12:00 pm (UTC+7) on October 7, 2023





7:30 – 7:50

 Preparation time:

–                      Join Zoom Meeting: Meeting ID: 970 4568 5552

Passcode: 927722

–                      Connect to the exam website and log in with the account which the Organizing committee provides your team via email


7:50 – 8:00

 Opening speech


8:00 – 12:00

 All teams begin to perform the contest (if the exam process has any related-system problems, the Organizers and Judges will be extending time to do the test



 Close the exam system

2.  Regulations for competition

During the contest period, candidates must adhere to the following rules:

  • Only exchange content related to the contest with members of your team
  • Do not use mobile devices during the exam
  • Do not reveal exam accounts, exam questions, flag
  • Do not attack the exam system, do not use scanning tool, interfere with other teams
  • If you have any questions, please contact the Organizing Committee via chat on the web telegram ( in English.
  • All contestants must have the live image connected via video conferencing system, do not turn on the mic (always turn on the webcam), only chat with the Organizing Committee. All teams have to name on the Zoom Meeting according to the following syntax:
  • For ASEAN teams: [Country name]_[Team name] (Team name registered with Organizing committee). For member: [Country Name]_[Team Name]_[Member Name].
  • For Vietnamese teams: [School code]_[Team name] (School code according to regulations of the Ministry of Education and Training in enrollment in 2021). For member: [School Code]_[Team Name]_[Member Name].

3.  Instructions for competition

The Starting round is held virtually in the form of CTF – Jeopardy exam, specifically:

  • The competition round includes challenges in the following areas:
    • Web application: Exploiting web application vulnerabilities (SQL injection, XSS, Session Hijacking …)
    • Reverse engineering: Decompile software source code, unpack source code protection packers
    • Pwnable: Find bugs, exploit vulnerabilities in server applications, software, or code (e.g. buffer overflow, write shellcode, format string …)
    • Crypto/ACM: String decoding, algorithm, algorithm analysis, algorithm programming…
  • When the competition starts, the teams need to log in to the contest website with their team account, the teams can do any tasks in the challenges.
  • Each task will have a fixed score corresponding to the difficulty of the challenge.
  • Teams have to tackle the requirements of the game successfully to win the flag. The format of the flag is: ASCIS{.*}. Example: ASCIS{th1s_1s_4_fl4g}
  • After finding the flag, the teams need to submit immediately their own flag to get the earliest points, the teams that get the points first have a ranking advantage when they are equal to the points of other teams.

Note: The teams should log in for testing their team account before October 7, 2023.