2021 A-ISAC CTF
[Virtual] AUGUST 6 & 7, 2021 9:00 AM – 6:00 PM PDT
Registration is now Open! Register online at http://aisac.cyberskyline.com/events/aisac-defcon
Get Your A-Game for Defending the Airframe and Your Air-Port Scanning Skills in this Competition!
Terminus airport is in chaos again due to cyberattacks! Airline kiosks, backend servers, terminal flight information displays, transportation security, runway lights, aircraft, and other critical systems at this tier-1 airport have been compromised by some hackers. There are indicators some airport insiders may have colluded with the hackers! It’s up to you, the cyber defender, to participate and help resolve the situation!
You have 24 hours to research and investigate this crisis and regain control of the Terminus and its airspace. From collecting evidence (and flags) to restoring compromised assets and assisting impacted stakeholders, the clock is ticking! It’s time to apply everything you know about cybersecurity (e.g., password cracking, log and network traffic analysis, computer forensics, malware analysis, and ethical hacking); intelligence (e.g., OSINT, machine learning); and, aviation (e.g., crew, avionics, drones, air traffic control, airline operations, security screening, airport information systems, and aviation cyber-physical systems) to help the Terminus return to normal operations.
You have been given full authority to do whatever it takes to catch the hackers, seize back control of the airport, and restore aviation operations. Good luck, defenders!
Embry-Riddle Aeronautical University (ERAU), with support from IntelliGenesis(CybatiWorks), presents 2021 A-ISAC CTF, sponsored by the Aviation Information Sharing and Analysis Center (A-ISAC). This challenge asks security researchers and enthusiasts from around the world to focus their skills and creativity on solving cybersecurity challenges of aviation systems.
1. Do not attack the infrastructure
This includes aisac.cyberskyline.com or any of the CTF infrastructure, including external communication channels and other platforms associated with the CTF. You should only attack specifically designated targets in your assigned challenges. If you believe you have found an unexpected vulnerability please submit a ticket.
2. Do not brute force
Each user has a limited number of submission attempts for each question during the event. There are no point penalties for an incorrect submission, but attempting to brute force flag submissions is explicitly prohibited and may be interpreted as malicious activity. It is not necessary.
3. Do not share flags or solutions
This is an individual competition. Scripts or flags should not be shared in any ways – any violation of this rule will disqualify the participant. Using online resources is OK. Every participant is free to use any outside resources they have at their disposal in order to solve problems but should not search or ask (e.g. on StackOverflow) for the solutions to specific problems. Do not post solutions online during the competition. People of varying backgrounds and skill level are anticipated to join this CTF, we are all here to learn; be respectful of each other.
Each challenge is worth a fixed number of points. You get points by solving challenges. Any malicious acts that violate the spirit of the competition will disqualify the user from the competition. The person with the most points at the end of the competition wins. Explore, learn, have fun!
Submit a ticket through the Cyber Skyline platform (“Support” tab) if you have any questions or comments for us, we are always looking to improve the challenge!
This CTF is a craft of fiction. Names, characters, businesses, organizations, places, events, locales, and incidents are the products of the creator’s imagination. Any resemblance to actual persons, living or dead, or actual events is purely coincidental. Opinions expressed as those of the characters should not be confused as those of the creators. No aircraft, aviation/cybersecurity professionals, and animals were harmed in the making of this CTF. We seek to conserve, protect, and restore habitats and prevent extinction, fragmentation or reduction in range of native habitat for all aircraft in the world. And yes, for those who’ve read up to this point of the disclaimer, the airport is not the actual size!