student

Welcome!

MastodonCTF provides students with the opportunity to work together to solve challenging cybersecurity challenges. This educational event encourages students to experiment and research. Challenges can be made to challenge K-12 and college students.

Login Demo

About

Based primarily at Purdue University's Fort Wayne regional campus, MastodonCTF is a cybersecurity competition made by students for students. Students in teams of up to 5 compete to capture as many 'flags' as possible in the specified time frame. In this competition each 'flag' captured by the team represents actionable information that a cyber attacker or defender would attempt to obtain in a real situation. By attempting example challenges, students are able to learn more about cybersecurity in ways that would be legally difficult otherwise and gain actionable experience for a variety of challenges faced in a cybersecurity position.

Challenge Categories

Open Source Intelligence

Use publicly available information collected from search engines, social media, databases, and more to answer challenges regarding a variety of topics.

Cryptography

Identify a variety of techniques used to encrypt or hide messages and extract their hidden messages.

Password Cracking

Identify how computers store user passwords and the many pros and cons of a variety of different algorithms in use.

Network Traffic Analysis

Identify the different types of network traffic and determine what was being sent between different computers over a network.

Log Analysis

Identify between normal and abnormal operation based on logs generated by programs.

Vulnerability Scanning

Use specialized tools to gain more information about a target, such as programs running on the target and potential vulnerabilities.

Digital Forensics

Analyze and recover digital evidence from a computer-related incident.

Reverse Engineering and Exploitation

Also called enumeration and exploitation, identify exploits and vulnerabilites of code to bypass security measures in the code.

Web Application Security

Identify exploits and vulnerabilities to bypass security measures of web applications.

Time Line

  1. Now: Example challenges available on PFW ACM's CTF Example Site
  2. February 14-16: The first half of the questions will be released at 1200 EST on Feburary 14th. Teams will have until 1800 EST on February 16th.
  3. March 21-23: The second half of the questions will be released at 1200 EST on March 21st. Teams will have until 1800 EST on March 23rd. They will have the opportunity to revisit the first wave of questions during this time.
  4. March 24th: Walkthroughs for each challenge will be published.

Rules

Any team found to be in violation of any of the below rules may be subject to disqualification.

  • Team Game: This game, like most jobs, is a team event. Students can work in teams of up to five (5) group members, though all of the challenges can be completed in a team of any size.

  • Scoring: Each challenge that teams will face will have points assigned to it. These points are typically tied to difficulty - meaning that the higher the points, typically harder the challenge. If there is a tie, a tie breaker will the team with a higher accuracy. If there is another tie, a tie breaker will be the team who finished faster.

  • Duration: Teams will have up to 54 hours to complete as many challenges as possible. After the 54 hours, no submissions will be allowed.

  • Resources: Teams may use all resources at their disposal, except:

    • Artificial Intelligence (AI): Any use of AI is disallowed. This event is designed to be an educational experience.
    • Other Teams: You may only collaborate between members of your own team.
    • Homework Help Sites: Do not post, or ask for help, on any homework help sites, such as Chegg.
    • Professors/Mentors: We want you to explore concepts without the influence of your professors.