securisecCTF Core values (draft)

securisecCTF Core values (draft)

securisecCTF is a place to not only play CTF’s hosted both locally or online as a team, but is a learning opportunity for all, regardless of their skill sets. The core idea behind securisecCTF is to one day qualify for the Defcon CTF ;) but during that journey, we learn, create, develop and contribute together as a team. Other goals include promoting the learning and growth of all of its members.

Who we are

We are problem solvers - We use, build and modify unique devices, services, software and infrastructure to interact with our environment. We write code to do new and interesting things. We learn what systems are made of and we help to improve them. We love modern information technology and can deal with it productively and with caution. We teach those who are willing to learn; we learn from those who are willing to teach. We consider the human urge for knowledge to be inherently good. And we have fun with it. In our community there is respect for individual sovereignty. We respect the intellect and property of each individual. We encourage individuals to pursue the constructive aspects of their actions, as long as they do not restrict the freedom of other individuals. We criticize constructively and introduce ourselves. If something does not fit you, make it better. As a collective, we maintain our reputation. We consider constructive communication and action as our way of illustrating our ideals. We see this basic behavior as right and important.

Slack admins

  • Hapsida
  • LevitatingLion
  • r00t3r

CTFtime Team

Only Hapsida is authorized to add a member to the ctftime.org teamlist. (there are always issues removing a member later). Members must be competing with the team for 90 days before they may request to be added to the ctftime.org roster.

CTF participation formats / requirements

  • CTF’s are held in private Slack channels only.
  • Members can request to participate in a CTF as a team by responding to the notification, or PMing one of the Admins.
  • Certain long running CTF’s are played in public channels.
  • We use threads during competitions in order to group our discussions together. Members are required to
    • Create a thread if one does not exist as in the following example REVERSING: CHALLENGE NAME. If you are unsure how to create a thread, ask an admin or a team member.
    • Once a thread is created, pin it to the channel
    • Keep other members informed on what challenge you are working on.
    • Share your notes/thoughts (whether they are accurate or not) in the thread, so that another member can help if needed or start right where you left when you switch to a different challenge.

Intellectual property

  • Members are strongly encouraged to do writeups of CTF challenges they solve or help solve which will be shared via the appropriate securisecCTF GitHub Pages; but members maintain full rights over these, and they are free to distribute them as they please.
  • Same goes for any tools/scripts/challenges that a member creates.

Online and social behaviour

Every member of securisecCTF will be held in the highest regards to their online social behaviour when it concerns securisecCTF. This includes but is not limited to derogatory remarks, racist remarks, or bashing a team member publicly. {: .notice}

Local vs Online

Local

  • A local CTF is defined as a CTF that a member is attending in person on site. This local CTF has to be online accessible, or an hourly scoreboard update needs to be provided in the appropriate channel.
  • In order for securisecCTF to participate in a local CTF, the member attending must name their team either securisec or securisecctf
  • All members are encouraged to publicly display their achievement if they have participated in the team activity.

Online

  • An online CTF constitutes a competition that have no attending team members, and are generally participated via ctftime.org
  • In the event the team wins an online competition (first kudos here); the winnings (monetary) will be split at a 80% 20% rule. 20% goes towards securisecCTF fund, and 80% will be distributed evenly within all participating members.
  • Participation does not mean contribution.
  • Members need to be active throughout the competition in order to get a share of the winnings
  • Any member not found to be participating during a winning competition may be removed from the private channel

Prizes

As a junior CTF team, our primary thought is not that we will win a prize, but that will happen.

  • In the event that the member wins with help from team members from securisecCTF, the member is only required to make a 20% contribution to the overall securisecCTF fund per member not to exceed a 30% contribution. This means if two members attend a local ctf and win (with help); they are obligated to contribute 30% of the winning monetary awards. If 5 members attend, the contribution is still the same.
  • Any leftover winnings is for the attendees to keep for themselves and as a reward for their hard work.
  • If more than one member is attending, then it is up to the attending members to decide how to split the earnings. Arbitration will be provided via the team if required (don’t ask for arbitration!).
  • Any hardware (non monetary) prizes are for the attendees to keep for themselves.

securisecCTF fund

securisecCTF fund will be a fund maintained by Hapsida, most likely via paypal, and serves the following purpose:

  • Is a scholarship fund for members showing hard work and ethics if they are unable to afford going to local conferences in order to expand their knowledge
  • Tools/Books as required by a member if no other means are available to obtain them and are a necessity.
  • Infrastructure expense as needed for hosting, creating blogs/ctfs/paid subscriptions etc.
  • Investment in alternate sources like cryptocurrency if members agree.
  • A monthly statement will be provided in the main channel for members.

Leaving the team

  • A team member may leave the team at any moment without due cause by speaking with one of the admins.
  • In the event a member decides to leave the team, the securisecCTF fund will be divided by the total number of members at the time of and the portion will be paid to the leaving member. Total members does not include members of the channel that has never participated in a securisecCTF team ctf before.
  • Any invested funds (Bitcon etc if applies) will not be shared.

Recruitment

  • Members are strongly encouraged to actively recruit new members for securisecCTF from either local (university, cons, meetups), or from social media (irc, twitter etc)
  • If a new member wants to join, contact an admin with their email address for an invite to the Slack channel.