What is this whole thing about?

CTF (Capture the Flag) competitions are contests in the area of IT security. In an attack-defense CTF like FAUST CTF, teams attack each other in a special network cut off from the outside world. For more information, see CTF? WTF?.

Who may participate in FAUST CTF?

Basically everyone! We are not limited to academic teams or such. Participation is free, and all teams will be eligible for prize pay-outs.

What constitutes a team and do I have to join one?

While you may register a team on your own, we highly recommend playing with a larger group of people. The workload during the competition probably won't be manageable alone and it will be more fun with a group anyway.

Typical teams consist of five to twenty people.

Is the competition suitable for beginners?

We want the CTF to be fun for everyone, not just for those who compete for the first ranks. That being said, getting started on your own will be quite hard.

We encourage you to look for a team at a local university or hackerspace. If there is an existing team, they will hopefully introduce you to the basics of CTF playing. If there is none, you may find like-minded people to establish one!

Another good way to pick up the skills for an attack-defense CTF are the many jeopardy CTFs round the year. There, you will have more time to focus on a specific problem.

What skills should we have?

The competition will cover different topics from the area of security, e.g. web security and reverse engineering. If you don't have much previous knowledge, web security may be a good field to start.

Besides that, specific domain knowledge is obviously helpful: If you happen to know the framework or programming language a service is using, this is of course an advantage – but hard to prepare for.

It will certainly be helpful to have a decent understanding of (the administration of) Linux/UNIX systems and networking.

We've only played jeopardy CTFs before. How do we get started with attack/defense?

Have a look at Attack/Defense for Beginners and Basic Vulnbox Hosting.

What are the hardware requirements for Vulnbox hosting?

We recommend at least 3 CPUs and 6 GB of RAM assigned to the Vulnbox VM.

How will I log into the Vulnbox/test image?

As soon as the system is booted up, you will be able to log in as user root without any password on a TTY (serial or console, but not via SSH). There's no need to "root" your system (start into a shell from the bootloader).

How can I check whether my VPN is set up correctly?

Everything should be fine if you can ping submission.faustctf.net.

The VPN worked fine on the testing Vulnbox, but when starting the real one nothing works anymore!

Only one connection to the Vulnbox VPN can be active at a time. This means than when using the "VPN on Vulnbox" mode, you have to stop the testing Vulnbox before starting the real one.

I can't start OpenVPN with the config file on Arch Linux because of this error: "failed to find GID for group nogroup"

Change the group to nobody.

What is that strange SSH key on my Vulnbox? I didn't add it!

We have a backup key on all Vulnboxes, for example for delivering hotfixes. Feel free to remove it, but that will make life harder for you and us.

This is the legit key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMIhG3OljzqMpQWfoXFLPABfimQTlfoxPPwDWKHSDeK

Fingerprint: SHA256:TsGMABTOSt7oZNJyULiQfekpGqaz7OTAuAeVNUrfzk8