Hackfest | National Cybersecurity Competition

Hackfest is a Capture The Flag (CTF) competition

Hackfest is an annual cybersecurity event initally hosted by the Higher School of Communication (SUP'COM). Since 2015, it has brought together cybersecurity experts, businesses, and students under one roof. After huge success in previous editions, Hackfest is back for its 8th edition this year at Technopark El Gazala. This year is noteworthy since Hackfest will be contested in two stages: qualifiers on March 23rd and finals on April 20th.

The CTF consists of two phases: a qualification round and a final round. During the qualification round, contestants will compete individually to win a slot for the final round. Only 80 contestants will qualify for the finals. The final round is a multi-team hacking challenge in which teams compete independently to win prizes
The National Cybersecurity CTF Competition is meant for both beginners and experienced contestants, and it consists of tasks ranging from simple to extremely difficult in various categories:

Cryptography

In this category, you'll attack poorly implemented crypto, outdated crypto, or use well-known vulnerabilities to attack encrypted messages. You might be given for example a few RSA keys whose modulus share a factor, and you decrypt a message encrypted by one of these keys

Binary Exploitation

The program you received is running as a service on a remote machine. Reverse-engineer it, figure out its vulnerability, and use that to take exploit the remote service into serving you a flag. Often, there's a flag.txt you can get the program to read, or perhaps it has a flag in memory you need to get it to accidentally send you.

Web Exploitation

These challenges involve attacking common vulnerabilities in web technology. For example, you might need to use SQL injection to read the "secret_flag" table of a database, use directory traversal to get a web server to serve you "flag.txt", use Cross-Site Scripting to trick a simulated user to send you their password, or bypass some client-side checks implemented by obfuscated javascript

Reverse Engineering

In this category You'll receive a program, but not the source, so you need to disassemble it, look at the assembly, and figure out what it does. Programs can be x86 Windows, x86 Linux, ARM Linux, obfuscated Java, and a whole bevy of more obscure formats

Forensics

This is a fairly broad category. You might receive an image of a disk in FAT format, and you'll need to un-delete "flag.txt". Maybe you receive a zip file, that contains a 7z file, that contains a tar archive, that contains some obscure file format you've never heard of, and unpacking the entire chain eventually gives you a flag.

IoT

These challenges involve attacking Embedded/IoT devices. You might receive an Arduino board, and you'll need to dump and analyse a firmware. Maybe you receive a binary program, that contains memory management vulnerability, exploiting the entire flow gives you a priviliged access to read files.

If you have any questions, please feel free to contact Maro at maroueneboubakri@gmail.com !

Join the challenge

Hosts

The 2k24 Hosts

We are pleased to announce that SUP'COM will be hosting Hackfest'8. As part of our commitment to ensuring the success of this event, we have entrusted the financial management to ADSUP. They will be responsible for overseeing the budget, managing expenses, and ensuring that the event stays within its financial parameters.

SUP'COM

Higher School of Communication of Tunis or Engineering School of Communication of Tunis, founded in 1998, is the main school of educating engineers in telecommunications in Tunisia. It is affiliated to the University of Carthage and occupies the advanced ranks in the competitive examination for the access to the engineering studies. As a school of national elites, Sup’Com evenly benefits from the tutelage of both, the Ministry of Higher Education and Scientific Research and the Ministry of Information and Communication Technology. Member of the Réseau Méditerranéen des Ecoles d'Ingénieurs (Mediterranean engineering schools’ network), Sup’Com was admitted since December 2008 as an associated member in the Conférence des Grandes Écoles (CGE), it is furthermore the first foreign school to be associated internationally with the Institut Mines-Télécom.

ADSUP

created on 11/01/2011 following an initiative by a group of Sup'Com alumni. AdSup aims to bring together and maintain contact between graduates of Sup'Com. The association has set the following objectives:

Encourage professional and friendly relationships among Sup'Com graduates.
Facilitate the integration, improvement, and career advancement of its members in professional life.
Promote the image of Sup'Com and its degrees.
Promote information and communication technologies (ICT).
Strengthen cooperation with organizations with similar objectives and working in the field of ICTs.

What to bring, how to compete...

How to participate

Team

Team size is limited to 4

Laptop

Bring your own laptop! We also recommend you come with a smartphone and multi-sockets

Software

Bring your favorite software (disassemblers, development tools, hexadecimal viewers, virtual machines, kali etc)

Wifi

Challenges will be accessible via wifi. Make sure you can access wifi on your laptop.

See Details

Schedule

The 2k24 program

23 MAR 2024 ALL DAY
CTF Qualification Round

The CTF Qualification Round is an online event lasting 18 hours, where registered players compete to solve challenges across various categories. Top 60 contestants proceed to the Final Round.
- Online
- FREE
20 APR 2024 NIGHT
CTF Final Round

The CTF Final Round is a 12-hour on-site competition where selected contestants compete in teams. Held overnight, the competition fosters a distraction-free environment for hackers to focus and collaborate.
- ElGazala Technopark
- TBD
20 APR 2024 Day
Conferences and Workshops

This year's edition will feature multiple conferences and in the theme of Cloud security, you can visit our Facebook page to learn more about our speakers.
- ElGazala Technopark
- FREE
20 APR 2024 Day
IOT hacking Challenges

Conquer cybersecurity challenges, from analyzing Arduino firmware to exploiting binary program vulnerabilities. Join teams, outsmart opponents, and showcase your hacking skills in this thrilling competition!
- ElGazala Technopark
- FREE
20 APR 2024 Day
Crypto Kids Workshop

Explore secret codes and ciphers in a fun, interactive setting! Ignite curiosity with our engaging cryptography session for kids.
- ElGazala Technopark
- FREE

Sponsorship

This edition's Sponsors

Hackfest is supported by a range of sponsors, including both local and international companies. It typically takes place over a weekend and attracts a diverse range of participants, from students and recent graduates to experienced professionals in the Cybersecurity field.

Be a part of the excitement at Hackfest 2024 by becoming a sponsor! Take a look at our sponsorship file to learn more about the amazing opportunities available to you. Then, reach out to us at ctfhackfest (at) gmail (dot) com to get started. Let's make this year's hacking festival the best one yet!