What’s a CTF?
What makes WaspNest different?
WaspNest is a from-scratch CTF created by the Boulder OWASP chapter (meetup.com/OWASP-Boulder) exclusively for AppSec USA 2014. Departing from the traditional Jeopardy-style format, WaspNest offers both an engaging plot as well an immersive Internet-like sandbox. The biggest difference is delivery format. Each competitor receives a copy of WaspNest as a virtual machine (VM). The VM, as well as all attacks, execute on each competitor’s local system.
I am a {noob | 1337 skiddy | senior pentester}. Is this competition right for me?
Yes! WaspNest is designed to be approachable from all skill levels. Challenges cover a wide spectrum of difficulty, and volunteers are there to help you if you get stuck (or just need help getting started).
What are the participation requirements?
This is a BYOD event. Contestants will be provided with a VM which will run locally on self-provided devices. Your device will need:
- A virtual machine player with at least 1GB RAM and 2 CPU cores
- Another 1GB+ RAM and 2+ cores for your host system
- Appropriate penetration testing tools.
By giving me a VM you are effectively providing physical access. What’s stopping VM attacks?
Competition rules, personal guilt, and public shaming.
What’s this about rules?
In a nutshell:
- Do not scan, attack, or otherwise abuse the host infrastructure. Period. This is a zero tolerance rule and will result in Very Bad Things.
- Do not attack the scoreboard. Misuse will result in punitive action.
- Do not attack other competitor systems.
Don’t cheat.Don’t get caught cheating.