Blogs
The latest cybersecurity trends, best practices, security vulnerabilities, and more
Trellix HAX 2023 CTF Competition Now Open for Registration!
By Mark Bereza · February 17, 2023
This story was also written by John Dunlap.
Introduction
Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag (CTF) competition! With 12 new challenges of varying skill levels to test your mettle against and a SANS course (!) as the first-place prize, we expect this CTF will have a little something for everyone. So whether you’re a CTF veteran or just dipping your toes in the ocean of cybersec for the first time, be sure to register and mark your calendar for Saturday, February 25th – when all challenges go live!
Last year we asked you all to help a (literal) cat burglar put a paws on a nefurious plot – this year we ask you to pick EAST or WEST in a post-apocalyptic U.S. ravaged by nuclear fallout. Battle for infrastructure and resources in cyberspace and decide once and for all which coast is Best Coast™ by contributing your points to whichever side you select during team registration!
The When
Trellix HAX 2023 will commence on Saturday, February 25th at 12:00 a.m. PST and will conclude on Saturday, March 11th at 12:00 a.m. PST.
The Where
Competition Website
The competition will be hosted on hax.trellix.com. Although all challenges will be hidden until the start date, registration is already open and can be found here. You can also immerse yourself in the rich lore of this year’s narrative by checking out the story page. If Microsoft Access can roleplay as a real database, we’re confident you’ll have no issue roleplaying as a post-apocalyptic hacker after giving that a read.
Discord Server
Besides registering, we also recommend all participants join the official Trellix HAX Discord server:
Here you can chat with the CTF organizers (us), the geniuses who designed this year’s challenges (also us), and fellow competitors about the challenges, CTFs, and all things cybersecurity. If you need help, want to report a bug, or just want to get the latest CTF announcements, this is the place to be.
The How
Getting Started
Once you’ve registered, you will need to either join a team or create your own before you can start earning points. Teams can have up to four players and every unique challenge solved by a member of your team will contribute to your team’s total score. Final ranking will be based on team score, so be sure to bring some friends if you’re aiming for the leaderboards!
If you’ve never participated in a CTF before, the concept is simple. You will:
- Choose a challenge from the list based on category and point value,
- Solve the challenge to find a ‘flag,’ and
- Submit the flag to be awarded the corresponding points.
For this competition, every flag will be in the format ARC{s0me_t3xt_h3re}, where the text between the curly braces is a specific string that you will uncover by solving the challenge. If the flag you find doesn’t already include the ARC{}, be sure to add it before submitting your solution, as all challenges will expect the flag in this exact format.
Successfully solving a challenge will award anywhere between 100 and 500 points, contributing to your team’s total – the harder the challenge, the higher the points! If you’re not feeling super confident, try your hand at the 100-point challenges first and see how it goes. Each challenge also comes with a hint that you can use with no penalty, so be sure to take advantage of that if you’re feeling stuck. At the conclusion of the competition, winners will be decided based on point total, with ties being decided based on who reached the final point total first.
At the end of the day, CTFs are hacking competitions first and foremost, and every good hacker knows that having the right tools and environment can make a world of difference. For the former, we recommend you take a look at Awesome CTF, “a curated list of CTF frameworks, libraries, resources, softwares, and tutorials.” For the latter, this GitHub page provides instructions on how to setup Linux tools on Windows and Mac – particularly handy for those of us who enjoy working audio drivers.
If you’re still feeling lost, don’t hesitate to ask for help! Post your question to the #support channel on the Discord server and we’ll make sure you get the help you need (short of spoiling the challenge, of course!)
Competition Rules
- Prize Eligibility
Trellix employees are not eligible for prizes or scoreboard placement in the public competition. Instead, they will be ranked separately for a chance at an internal prize pool. Full prize eligibility requirements can be found here.
- Registration
When registering, please use a valid email address, in case of password resets and contact information for prizes. We will not store or save any email addresses or contact you for any non-contest-related reasons.
- Posting Solutions
Please wait until the contest ends to release any solutions publicly.
- Cooperation
While cooperation is okay in limited form (general hints, strategies, tools used, etc.), sharing of flags or solutions is cheating. Please help us keep this contest a challenge for all!
- Attacking the Platform
Please refrain from attacking the competition infrastructure, as this will lead to expulsion from Trellix HAX.
- Sabotage
Sabotaging or otherwise impeding other teams is strictly prohibited and will result in expulsion from Trellix HAX.
- Brute-Forcing
No brute forcing of challenge flags/keys against the scoring site is accepted or required to solve the challenges. You may perform brute force attacks, if necessary, on your own endpoint to determine a solution if needed.
- Denial-of-Service
DoSing the CTF platform or any of the challenges is forbidden and will result in expulsion from Trellix HAX.
The Who
The What
Challenges
While the name has changed from last year, our commitment to providing true-to-life, gimmick and stego-free, educational challenges has remained the same. And if you don’t know what “stego” means, don’t worry about it (and also, I envy you).
This year we’ve doubled down on the reverse-engineering and exploitation challenges – both because they’re the kind we like best and because they mesh well with this year’s theme – so be sure to dust off those decompilers.
Prizes
This year we have not one, but two prizes on offer! The top five teams on the scoreboard will receive our exclusive Trellix HAX 2023 challenge coin (one coin per team member, up to four per team).
Hackers and well-lit rooms are like oil and water, so we made this one glow in the dark so you never lose it in your basemen-THREAT OPERATIONS CENTER.
In addition to the challenge coin, one person from the first-place team will receive the Grand Prize: a SANS course of their choosing!
NOTE: we are only offering a single SANS course for one member of the first-place team, so your team will have to decide amongst themselves who receives the prize. We will reach out to the captain of the winning team via the email they used to register for the platform to confirm which team member should receive the Grand Prize and arrange logistics. If a team member isn’t nominated this way, the prize will be awarded to the winning team’s captain by default.
RECENT NEWS
-
Dec 9, 2024
Trellix Achieves U.S. Department of Defense IL5 Certification to Protect Mission-Critical Data
-
Dec 9, 2024
U.S. Navy Chooses Trellix to Protect Navy Enterprise Grid from Stealth Cyber Threats
-
Dec 5, 2024
Trellix Named 2024 AWS Technology Partner of the Year Award Winner for Sub-Saharan Africa (SSA) Region
-
Dec 2, 2024
Trellix Achieves the AWS Generative AI Competency
-
Nov 21, 2024
Trellix Positioned as a Leader in the 2024 SPARK Matrix™ for Network Detection and Response by QKS Group
RECENT STORIES
The latest from our newsroom
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.