/ Contest descriptions
5分 (0人)
April 27, 2018, 9 p.m.
April 11, 2018, 9 p.m.——April 13, 2018, 9 p.m.


/ Contest details

This year, HITB-XCTF GSEC Capture the Flag contest will again be co-organized by HITB and XCTF League from China! An Attack & Defense Style CTF competition is planned for the 30th and 31st of August alongside the conference.


To select the best teams to play onsite, HITB and XCTF will organize a qualification competition during HITBSecConf2018 – Amsterdam. The qualification game is a jeopardy-style online Capture The Flag Competition, sponsored by JD Security with platform support by CyberPeace. The challenges for this qualification round is authored by the Champion Team of the 3rd XCTF League Finals — FlappyPig from China!

The qualification competition is hosted online and opened to all participants around the world. Teams can compete from any location. No restriction on the number of participants of any team. The Top 15 teams will be qualify for a spot to compete at the HITB-XCTF GSEC CTF 2018 Finals (30th – 31st of August).

Online Competition Time:

48 hours: From Apr 11, 2018, 14:00 p.m. to Apr 13, 2018, 14:00p.m., UTC/GMT +1

Competition Platform:


Online Qualification Criteria:

Top 15 teams (player limited to four) will be qualified for the HITB-XCTF GSEC CTF 2018 Finals on the 30th & 31st of August. Qualified teams are responsible for making their own travel and lodging arrangements to compete onsite in Singapore.

Online Qualification Challenge Categories


Web security


Reverse engineering



Online Qualification Score and Ranking

In most cases, flags are of format HITBXCTF{this_is_a_sample_flag}. Please submit the entire flag, including HITBXCTF{}, for score. If flag is in other formats, it will be clarified in the challenge description.


The score of each challenge will be dynamically calculated according to the number of solved teams.


Final ranking is determined by the total score of each team. In case of multiple teams with equal scores, the team that reached the score earlier ranks higher.


Online Qualification Contest Rules


Teams breaking rules may be penalized or excluded from the competition.


It is not allowed for teams with independent accounts to cooperate, or share any flag/hints.


It is not allowed to attack the competition infrastructure. If flaws in the infrastructure are found, please report to us.


It is not allowed to sabotage or in any way hinder the progress of other competing teams. This includes attempting to destroy a challenge after you have completed it.


It is not allowed to generate large amounts of traffic. None of the challenges can be solved by running automated scanners.


It is not allowed to brute-force challenge flags/keys against the scoring site.


For placing teams to be qualified, they must submit a full and detailed writeup of each challenge, explaining how it was solved.


Organizers may rearrange/modify contest problems, proceedings, and rules.

Online Qualification Contact

Please join #hitbxctf2018 on freenodeEnglish-speaking

  QQ Room: 271910967 Chinese-speaking

  Email us at loveto620@qq.com


/ Scoreboard

345 teams total

排名 队伍 单位 ctf比分 积分
主办方 FlappyPig eHh4eHh4eA== 0.0 100.00
1 TokyoWesterns MMA+tuat_mcc+CureSecure 10662.63 100.00
2 Balsn NTU 9581.65 69.93
3 CyKor 9465.76 61.05
4 Injocker10K 9314.99 56.18
5 LeaveCat LeaveCat 7905.0 47.07
6 MeePwn 6332.0 38.03
7 天枢 北京邮电大学 6237.56 36.39
8 Eur3kA 6237.0 35.50
9 Bushwhackers Lomonosov Moscow State University, Faculty CMC 6001.51 33.70