Tripwire Vert Capture The Flag Contest

Tripwire VERT's Cyber Security Capture The Flag Contest

Welcome to Tripwire VERT’s cybersecurity Capture the Flag contest!

This multi-tiered cybersecurity competition allows contestants to apply penetration testing and analytical skills to a real world problem. Winners receive fabulous prizes, including badges and travel expenses to attend DEF CON 23 and BSides Las Vegas.

DEF CON takes place August 6-9, 2015 at the Paris/Bally’s Hotel.

BSidesLV takes place August 4-5, 2015 at t the Tuscany Suites.

Both conventions will be in Las Vegas, Nevada.

Who is eligible to participate?

Participants must have a valid .edu,, or other email address affiliated with an educational institution to enter.


The virtual contest will take place March 27th through 30th.

Challenge Format:

VERT’s Capture the Flag competition challenges participants to apply real world skills to a multi-tiered cyber security problem. In the first part of the challenge, participants will be given access to a vulnerable web application which contains a hidden user registration page. Participants that locate this “flag” will use this secret page to register for the second half of the challenge.

The first participant to find this secret page and register a username will receive public acknowledgement and an early start on the rest of the challenge.

In the second part of the challenge participants will compete to capture two additional flags of increasing difficulty.

  • Grand prize: BSides Las Vegas & DEF CON 23 travel package
    • BSides package includes:
      • One Participant badge
      • Two Lunch tickets for the Chill-out cafe both days of the conference
      • Three nights accommodation at the Tuscany Suites (Mon/Tues/Wed)
    • DEF CON 23 package includes:
      • DEF CON 23 human badge (admission fees paid)
      • $500 gift card toward travel expenses
  • DEF CON 24 human badge (admission fees paid)
  • Pineapple Wi-Fi hacking kit
  • Ubertooth test tool
  • Additional DEF CON 23 badges may be awarded at VERT’s discretion
Competition Rules:
  • Contestants must have a valid educational institution email address to enter.
  • Contestants must submit flags to VERT via Twitter DM to be eligible to receive a prize. Time stamps on Twitter DMs will be used to determine prize eligibility in the event of tie breakers.
  • Winners must provide a written summary via email explaining how they succeeded in order to claim prizes.
  • All tools for vulnerability discovery and exploitation of SQL injection flaws are permitted.
  • Contestants are encouraged to direct message the Tripwire VERT Twitter handle (@TripwireVERT) with progress during the competition. This includes the discovery of vulnerabilities as well as recovered information that may aid in attack such as operating system patch level, DBMS version, internal file paths, etc. Updates may be shared on Tripwire social media channels after being appropriately sanitized.
  • Tripwire VERT will administer the contest and award prizes within 10 days after the contest closes.
  • Data may be cleaned from the database in fifteen minute intervals throughout the contest to minimize response times.
  • Attacks against the network infrastructure hosting the contest are strictly prohibited and will result in immediate disqualification from the contest.

Please support this contest by visiting our valued sponsors.

ISE - Independent Security Evaluators

ISE is an independent security firm in Baltimore, Maryland dedicated to aggressive defense strategies through advanced science. Our elite team of analysts and developers use scientific approaches to improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security before deployment.


BSides Las Vegas is an Information / Security conference that’s different. With some of the most passionate and influential infosec practitioners from around the country, and the world, coming to Vegas, BSidesLV is the place to be. The BSides community has continuously raised the bar and put the INFO back in INFOSEC. We thank each and every member/attendee/organizer of this community for their hard work, sweat, and relentless pursuit of High Quality information.