eCitadel Rules

 

Overview

The eCitadel Open is a timed competition event. Each team will be provided with a set of virtual machines and attempt to find and address as many vulnerabilities, misconfigurations, and insecure settings as they can in the allotted time. Points are awarded for actions like mitigating scored vulnerabilities or completing a forensic challenge.

 

Rules

  1.  Competitor Eligibility
    • a. All competitors must be at least 13 years old.
    • b. Competitors may only compete on a single team during any given event.

     

  2.  Team Composition
    • a. Teams must consist of between two and four competitors including the team captain.
    • b. Once a competition has begun, team members may not be substituted or replaced.
    • c. Each team will designate a Team Captain to act as the team liaison between the competition staff and the team before, during, and after the competition. Individuals may only serve as the Team Captain of one team at a time.
    • d. International competitors are welcome to play, but will not be eligible to place or receive any awards.
    • e. Individuals may only register and compete as part of one eCitadel team.

     

  3. Competition Conduct
    • a. Teams have a limited time window which begins when the team logs into the competition portal. Once the time window has started it cannot be paused or stopped - teams must complete their work on all provided VMs and challenges within that time window. Points earned after the time window has expired will not be accepted.
    • b. Teams may only have one instance or occurrence of any specific VM running at a time.
    • c. Rolling back, resetting, or reverting VMs may result in point losses as the VM is returning to an earlier, less secure state.
    • d. Teams are prohibited from conducting offensive operations against any system including but not limited to scoring systems, display systems, other teams, and so on.
    • e. Teams must compete without "outside assistance" from non-team members. All private communications (calls, emails, chat, forum posts, conversations, requests for assistance, etc) with non-team members that would help the team gain an unfair advantage are not allowed and are grounds for disqualification.
    • f. Teams must not interfere with scoring agents or servers used by competition officials.
    • g. Protests by any team must be presented in writing by the Team Captain to competition officials as soon as possible. The competition officials will be the final arbitrators for any protests or questions arising before, during, or after the competition.

     

  4.  Scoring
    • a. Scoring will be based on finding and fixing vulnerabilities, keeping required services up, completing business-related tasks called "injects", and solving web-based challenges.
    • b. Any action taken by a team or competitor that disrupts scoring agents or interferes with the functionality of the scoring engine or manual scoring checks are exclusively the responsibility of the teams.
    • c. After the competition is over, a team's virtual machines will be powered on, and their services will be checked for functionality and content. Points will be awarded per functioning service.
    • d. Any team member that modifies a competition system or system component, with or without intent, in order to mislead the scoring engine into assessing a system or service as operational, when in fact it is not, may be disqualified and/or the team assessed penalties.
    • e. Official scores will be maintained by competition officials and will be shared after the competition. During the competiton, unofficial scores may be found on the scoreboard.

 

© eCitadel 2024. All Rights Reserved.