├── LICENSE
├── README.md
├── minimum_bar.md
├── resources.md
└── sponsors.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 CTF-Organizers
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CTF Oragnizers Wiki 
2 | A Centralized Wiki for CTF Organization
3 | 
4 | ## Table of Contents
5 | [minimum_bar.md](https://github.com/CTF-Organizers/Wiki/blob/master/minimum_bar.md) - A set of standards for a well-run CTF event.
6 | 


--------------------------------------------------------------------------------
/minimum_bar.md:
--------------------------------------------------------------------------------
 1 | # WORKING DRAFT
 2 | 
 3 | # Basic CTF Requirements and Recommendations #
 4 | 
 5 | **Use #minimum-bar on Slack for discussion.**
 6 | 
 7 | 
 8 | ## Requirements ##
 9 | 
10 | The following are requirements that every CTF event needs to follow:
11 | 
12 | 1. Event shall be announced at least 2 weeks prior to start
13 | 2. Event announcement shall publish all rules, including start/end times, scoring system(s), flag format(s), flag submission guidelines/procedures, and how new challenges/tasks will be released
14 | 3. Event organizers shall actively monitor a designated, public channel over which players may communicate problems with tasks/infrastructure over the duration of the event
15 | 4. All challenge/task information should be made public to all players at the same time throughout the event. Any new information provided as a response to a question/comment from a team must be provided to all players as soon as possible.
16 | 
17 | 
18 | ## Recommendations ##
19 | 
20 | The following are recommendations that every CTF should consider:
21 | 
22 | 1. Event should be announced and listed on [CTFtime](https://ctftime.org), the de-facto authoritative list of CTF competitions. Exceptions might include non-competitive, advertising, or training competitions.
23 | 2. The usual flag format for a CTF consists of a short prefix followed by a secret string. The secret itself usually has a predefined maximum length (eg, 1,000 bytes), and a predefined alphabet (eg, `[a-zA-Z0-9!$%^&*()=+@~#'/?><.,|_-]`) for example`CTF{This_Is_A-top-Secret!_;)}`. It's preferable for scoreboards to trim white-space, accept flags case-insensitively, and avoid symbols that can cause confusion (eg, l vs. I vs. 1). See more advice on flag format [here](https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown#flag-format).
24 | 3. The list of teams that have solved each challenge/task should be public.
25 | 4. Challenges/tasks should be scored using static scoring (organizers define number of points ahead of time), or a known and tested dynamic scoring formula (points changes based on number of solves).
26 | 5. Challenges/tasks should be designed with an intended solution in mind. This intended solution should be tested prior to the event, ideally as a script that can also be re-run to confirm the solution works during the event at any time.
27 | 
28 | 
29 | ## Resources ##
30 | 
31 | The following are useful, additional resources that we believe are generally
32 | beneficial for CTF organizers to review:
33 | 
34 | * [The Many Maxims of Maximally Effective CTFs](http://captf.com/maxims.html) contains general design advice on how to select and design problems for CTF tasks.
35 | * [CTF Design Guidelines](https://ctf.guide) includes in-depth task design guidelines and a description the qualities of good CTF tasks.
36 | * [PPP suggestions for running a CTF](https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown#problems) contains more practical advice on the design and implementation of tasks for different categories.
37 | 


--------------------------------------------------------------------------------
/resources.md:
--------------------------------------------------------------------------------
1 | # Useful Resources
2 | 
3 | ## Awesome Lists
4 | 
5 | **Computer Security Education Resource Collection** - [link](https://securityeducationresourcecollection.net/) - Collection of materials targetted at security instructors
6 | 


--------------------------------------------------------------------------------
/sponsors.md:
--------------------------------------------------------------------------------
 1 | # DRAFT
 2 | Go to #sponsors for discussion
 3 | 
 4 | # Cloud Resources
 5 | This page lists companies willing to sponsor CTF competitions, the requirements for receiving it, and how to contact them.
 6 | 
 7 | ## Amazon Web Services
 8 | 
 9 | *AWS has been a sponsor of a number of CTFs. To request credits for a CTF use the form at https://aws.amazon.com/research-credits/ and select "Computer Science Security" for the Area of Study. Make sure you're aware of the timeline/deadlines published at https://aws.amazon.com/research-credits/faq/#element-7d1ad18f-a7d5-4cc2-b7fa-88100efdff03 as there is significant lead-time for credits.
10 | If your CTF schedule does not work with such a lead time, you can try emailing aws-security@amazon.com to get an expedited response.*
11 | 
12 | ## Google Cloud Platform
13 | 
14 | *Google will be sponsoring CTFs in 2021. All interested applicants should fill out the form here: https://services.google.com/fb/forms/ctfsponsorship/ - you can expect a response within a week.*
15 | 
16 | ## Digital Ocean
17 | *Please submit your information through our request form **[here](https://goo.gl/forms/o3lArqe60vfnly3A2)**. Your request will be assessed by someone from the DigitalOcean Community Team in the order that it is received. Please allow up to three weeks for proper review and consideration before you hear back from someone from our team. **We kindly ask that you refrain from submitting multiple inquiries for the same sponsorship.***
18 | 
19 | 


--------------------------------------------------------------------------------