Cyber Corporate Fight Club (CCFC) FAQ

1. Registration Process

I have a valid CTF365 account. Can I register with it??

  • NO. You cannot. That’s because we designed CCFC to be held in an anonymity and privacy way. For this reason we introduced the license keys. No email addresses, no names or nicknames. For more details, read 4. Privacy and Anonymity chapter.

I bought a slot (Enroll Now - Team of 3 or Team of 5). What’s Next?

  • Once you bought a slot, the system will automatically create a team (e.g. Team1). This will be your team.
  • In the same time, you will receive via email 3 or 5 license keys per team (e.g. Team of 3 - 3 license keys, Team of 5 - 5 license keys). The license keys are unique and belongs to the team that has been allocated by the system. License keys has to be handed to the team members.
  • You give one license key to each employee you want to participate to Cyber Corporate Fight Club.

Note: License key belongs to a specific team so make sure you handed to the right person.

I have a license key. What’s next?

  1. Head over https://cybercorporatefightclub.com/registration
  2. Insert the license key in the text box
  3. Hit “Register” button
  4. A download pop-up window will appear asking you to download the credentials
  5. Download the credentials.
  6. Set-up your VPN using downloaded credentials
  7. Test the VPN connection by pinging xxx.xxx.xxx.xxx from your terminal.

NOTE: The Registration session will be available starting on May 1st 2019 12:00am GMT

I have set up the VPN using the credentials, No ping response from xxx.xxx.xxx.xxx

  • On the subject line PLEASE use Subject line: “CCFC - No Ping Response on VPN”
  • Our support team will get back at you ASAP to fix the problem.

I set up my VPN, is working properly. What’s next?

I bought 2 (or more) slots (Enroll Now - Team of 3 or Team of 5). How do I proceed?

  • The system will generate the same number of teams as many slots you bought. For example, if you bought 3 slots, the system will generate 3 teams (e.g. Team1, Team2, Team3) and each team will have its own license keys allocated.

2. The Cyber Drill

When CCFC will start?

  • Starting date is set for October 11th 2019 at 12:00 am GMT

How long it will last?

  • It will last 7 days.

How it will be played?

  • It will be played as attack and defense Capture The Flag competition except that there will be no public or private scoreboard.
  • Each team will be provided with the same enterprise alike setup.
  • You will have to complete some challenges, find vulnerabilities within the setup, patch them, get full control over your network while hacking into others.

Why no scoreboard?

  • The main reason of the cyber drill is to assess, train and test your skills in a private and anonymous way. Your privacy and anonymity is very important to us. However you will receive a Report about your performance against and compared with the other Teams. For reports please read next chapter bellow (3. Reports and Statistics).

What type of challenges we’ll confront?

  • Web Application Security (Top 10 OWASP)
  • Network Security
  • Operating System Security

What is the difficulty levels?

  • We set up 4 difficulty levels for each type of challenges (Web App Security, Network Security, Operating System Security):
    • Level 1 - Easy
    • Level 2 - Medium
    • Level 3 - Hard
    • Level 4 - Very Hard

In my team I have only web app developers and system administrators. Can I play? It will affect my performance?

  • Sure you can play
  • No, it will NOT affect your performance. The final report will be made only on those skills set that your team covers. In this case would be defensive only.

I have offensive team. Can I play?

  • Sure. The final Report will cover offensive set skills which is important to you.

What skills set should I look for when I choose a team to be tested?

  • System administrators
  • DevOps
  • DevOpsSec
  • Programmers
  • Security Professionals
  • Ethical Hackers
  • Red Teams
  • Blue Teams
  • CERT
  • CSIRT
  • NOC
  • SOC

3. Reports and Statistics

How you will measure performance?

  • We have developed an algorithm based on speed (how fast you find and report a vulnerability,), difficulty level, type of challenge, uptime vs downtime of different services and opened ports.
  • Your performance will be measured against:
    • Our basic numbers. We’ve calculated how long time should take to be solved each challenge (e.g. how long time to fix all web apps, fix all network bugs, fix all operating system flaws etc).
    • Other teams performance.

4. Privacy and Anonymity

Will anyone know who the players are??

  • NO. This is our main focus: Your Privacy and Anonymity. This is the reason we don’t use scoreboards, this is the reason why we’re license based registration, by default team name (e.g. Team1, Team2 and so on). No user names, no team names, no email addresses nothing to point at your identity. Moreover, we use third party gateway payment provider which means that all details about your payments is not on our site.